Privacy & Compliance

Built-in presets for 15 data protection regulations. Each configures consent, data retention, IP anonymization, and metadata storage in one click.

🇪🇺 GDPR — European Union 🇬🇧 UK GDPR — United Kingdom 🇨🇭 nDSG — Switzerland 🇺🇸 CCPA — United States 🇨🇦 PIPEDA — Canada 🇧🇷 LGPD — Brazil 🇨🇳 PIPL — China 🇰🇷 PIPA — South Korea 🇯🇵 APPI — Japan 🇹🇭 PDPA — Thailand 🇮🇳 DPDPA — India 🇿🇦 POPIA — South Africa 🇹🇷 KVKK — Türkiye 🇦🇺 Privacy Act — Australia 🇳🇿 Privacy Act — New Zealand

Tip: If your form serves users in multiple regions, apply the strictest preset (GDPR) as your default. You can always relax settings on individual forms that only target a specific region.

How presets work

Each preset configures five settings at once: consent checkbox, IP anonymization, data retention period, IP storage, and user-agent (browser info) storage. You can apply a preset and then adjust individual settings — the preset is a starting point, not a lock.

Presets are available at two levels:

Account-level — applies to all new forms you create after saving. Go to Account Settings → Compliance.
Form-level — overrides the account default for a single form. Open the form, go to the Compliance tab, and select a different region or adjust individual settings.

Existing forms are not changed when you update your account-level preset. Only new forms inherit the account default.

Consent checkbox

When consent is enabled, FormBlade requires a field named _fb_consent in every submission. If the field is missing or its value is falsy (false, 0, off), the submission is rejected with a 422 response.

How consent works on hosted forms

If you use a hosted form (/f/contact), the consent checkbox is added automatically when the setting is active. The label uses the region-appropriate default message, and if you have set a privacy policy URL, it is linked from the checkbox label.

How consent works on custom HTML forms

Add a checkbox to your form with the name _fb_consent:

<label>
  <input type="checkbox" name="_fb_consent" value="true" required>
  I agree to the processing of my personal data.
  <a href="https://yoursite.com/privacy">Privacy Policy</a>
</label>

The required attribute provides client-side validation. FormBlade also validates server-side, so submissions without consent are always rejected regardless of how the form is submitted.

How consent works in AJAX/JavaScript forms

Include _fb_consent in the form data:

const data = new FormData(form);
// If using a custom checkbox, ensure the value is included:
// data.append('_fb_consent', 'true');

const res = await fetch('https://formblade.com/f/contact', {
  method: 'POST',
  body: data,
});

Replace /f/contact with your own form link from the dashboard.

What happens to consent data

The _fb_consent field is validated at submission time and then stripped from the stored data. It does not appear in your submissions table or exports. FormBlade validates the gate but does not store a consent receipt — if your regulation requires proof of consent, implement a separate consent log on your side.

Privacy policy URL

All 15 supported regulations require a privacy policy URL. The Compliance tab marks the field as REQUIRED when any regulation is active.

What happens if the URL is not provided

If a regulation that requires a privacy policy is active (GDPR, UK GDPR, LGPD, POPIA, PDPA, APPI, DPDPA, nDSG) and consent is enabled, FormBlade blocks you from saving form settings until you provide a privacy policy URL. You will see an error:

Privacy policy URL is required when consent is enabled under GDPR.
Add a URL or disable the consent checkbox.

This validation happens at save time, not submission time. Once a form is saved with a valid configuration, submissions always flow — FormBlade never blocks live submissions due to a missing URL. This protects production forms from accidental configuration changes.

For regulations that do not require a privacy policy (CCPA, PIPEDA), consent can be enabled without a URL.

Why save-time validation? Under GDPR Art. 13, LGPD Art. 9, and similar provisions, failing to inform users about data processing at the time of collection can make the consent invalid — even if the checkbox was checked. Blocking at save time ensures your form is legally compliant before it goes live, while never breaking forms that are already collecting submissions.

IP anonymization

When enabled, the last segment of the submitter's IP address is replaced with 0 before storage:

192.168.1.47 → 192.168.1.0
2001:db8::8a2e:370:7334 → 2001:db8::8a2e:370:0

Anonymization happens at the point of ingestion. The full IP is never written to the database and is not recoverable.

Data retention

Controls how long submissions are stored before automatic deletion. A background job runs hourly and permanently deletes submissions older than the configured number of days.

Deletion is permanent and irreversible. There is no recycle bin.
Attached files are deleted along with the submission data.
The retention clock starts from the submission timestamp.
Changing the retention period applies retroactively — if you shorten it from 730 to 365 days, submissions between 365 and 730 days old are deleted on the next purge cycle.

User-agent storage

By default, FormBlade stores the browser's User-Agent string with each submission. When disabled, the User-Agent header is discarded at ingestion and not stored. All regulation presets keep this enabled, as the User-Agent string is technical metadata and is not considered personal data on its own under any of the supported regulations. You can disable it manually if your privacy policy commits to not collecting it.

How compliance affects emails

When compliance is active on a form, outgoing emails include additional notices:

Notification emails (to the form owner) — a compliance notice is appended stating the data retention period and whether IP anonymization is active.
Auto-responder emails (to the submitter) — a privacy notice is appended with the retention period, a statement about the right to request early deletion, and the contact email for deletion requests.