Privacy & Compliance

Built-in presets for GDPR, CCPA, LGPD, and PIPEDA. Each configures consent, data retention, IP anonymization, and metadata storage in one click.

🇪🇺 GDPR (EU) 🇺🇸 CCPA (California) 🇧🇷 LGPD (Brazil) 🇨🇦 PIPEDA (Canada)

Quick comparison

Setting	GDPR	CCPA	LGPD	PIPEDA
Consent checkbox	Required	Not required	Required	Required
IP anonymization	Enabled	Disabled	Enabled	Enabled
Data retention	365 days	730 days	365 days	730 days
Browser info stored	No	Yes	No	Yes

Tip: If your form serves users in multiple regions, apply the strictest preset (GDPR) as your default. You can always relax settings on individual forms that only target a specific region.

How presets work

Each preset configures five settings at once: consent checkbox, IP anonymization, data retention period, IP storage, and user-agent (browser info) storage. You can apply a preset and then adjust individual settings — the preset is a starting point, not a lock.

Presets are available at two levels:

Account-level — applies to all new forms you create after saving. Go to Account Settings → Compliance.
Form-level — overrides the account default for a single form. Open the form, go to Settings → Compliance, and toggle Override account defaults.

Existing forms are not changed when you update your account-level preset. Only new forms inherit the account default.

Consent checkbox

When consent is enabled, FormBlade requires a field named _fb_consent in every submission. If the field is missing or its value is falsy (false, 0, off), the submission is rejected with a 422 response.

How consent works on hosted forms

If you use a hosted form (/f/contact), the consent checkbox is added automatically when the setting is active. The label uses the region-appropriate default message, and if you have set a privacy policy URL, it is linked from the checkbox label.

How consent works on custom HTML forms

Add a checkbox to your form with the name _fb_consent:

<label>
  <input type="checkbox" name="_fb_consent" value="true" required>
  I agree to the processing of my personal data.
  <a href="https://yoursite.com/privacy">Privacy Policy</a>
</label>

The required attribute provides client-side validation. FormBlade also validates server-side, so submissions without consent are always rejected regardless of how the form is submitted.

How consent works in AJAX/JavaScript forms

Include _fb_consent in the form data:

const data = new FormData(form);
// If using a custom checkbox, ensure the value is included:
// data.append('_fb_consent', 'true');

const res = await fetch('https://formblade.com/f/contact', {
  method: 'POST',
  body: data,
});

Replace /f/contact with your own form link from the dashboard.

What happens to consent data

The _fb_consent field is validated at submission time and then stripped from the stored data. It does not appear in your submissions table or exports. FormBlade validates the gate but does not store a consent receipt — if your regulation requires proof of consent, implement a separate consent log on your side.

IP anonymization

When enabled, the last segment of the submitter's IP address is replaced with 0 before storage:

192.168.1.47 → 192.168.1.0
2001:db8::8a2e:370:7334 → 2001:db8::8a2e:370:0

Anonymization happens at the point of ingestion. The full IP is never written to the database and is not recoverable.

Data retention

Controls how long submissions are stored before automatic deletion. A background job runs hourly and permanently deletes submissions older than the configured number of days.

Deletion is permanent and irreversible. There is no recycle bin.
Attached files are deleted along with the submission data.
The retention clock starts from the submission timestamp.
Changing the retention period applies retroactively — if you shorten it from 730 to 365 days, submissions between 365 and 730 days old are deleted on the next purge cycle.

User-agent storage

By default, FormBlade stores the browser's User-Agent string with each submission. When disabled, the User-Agent header is discarded at ingestion and not stored. GDPR and LGPD presets disable this because the User-Agent string can be considered personal data under those regulations.

How compliance affects emails

When compliance is active on a form, outgoing emails include additional notices:

Notification emails (to the form owner) — a compliance notice is appended stating the data retention period and whether IP anonymization is active.
Auto-responder emails (to the submitter) — a privacy notice is appended with the retention period, a statement about the right to request early deletion, and the contact email for deletion requests.