Security and privacy by design
Many traditional spam tools introduce hidden risks
Client-side scripts expose your forms
Third-party CAPTCHA sends user data to external vendors
Fingerprinting raises compliance concerns
Hidden tracking scripts reduce user trust
Vendor lock-in creates dependency risk
Complex integrations introduce attack surface
A safer approach
Spam protection shouldn’t require exposing your users to tracking scripts or third-party surveillance.
How FormSentry protects your data
100% server-side verification
No client-side JavaScript required
No cookies or browser fingerprinting
Encrypted API communication (HTTPS/TLS)
Configurable data retention policies
Requests require API key + form ID
Your visitors never see FormSentry — and their data never goes to tracking vendors.
Built for Production Security
Designed for real-world traffic, real attackers, and real compliance requirements.
All requests encrypted over HTTPS. No plaintext transmission.
One workspace API key, used with unique form IDs per form.
Automatically delete submissions after 7, 30, or 365 days.
Designed to withstand high-volume automated attacks and malicious traffic.
All outcomes logged in your dashboard.
No frontend SDK. No injected scripts.
Designed with modern compliance standards in mind
GDPR-friendly architecture
No behavioral tracking
No cross-site fingerprinting
Configurable retention
Security & Privacy FAQs
Everything you need to know about how FormSentry handles data, protects your users, and secures your forms.
Does FormSentry store my form submissions?
FormSentry processes submissions to determine whether they are legitimate or spam. Submission data may be temporarily stored depending on your configured retention policy. You control how long data is retained - including automatic deletion after 7, 30, or 365 days.
Can I control how long data is stored?
Yes. FormSentry includes configurable data retention policies. You can choose how long submission data is stored, and it is automatically deleted based on your selected timeframe.
Does FormSentry use cookies or fingerprinting?
No. FormSentry does not use browser fingerprinting, tracking scripts, or client-side cookies. Verification runs server-side, meaning visitors are not tracked or challenged in the browser.
Is data shared with third parties?
No. FormSentry does not share submission data with advertising networks or tracking vendors. Data is processed strictly for spam verification purposes.
Are API requests encrypted?
Yes. All communication between your server and FormSentry is encrypted using HTTPS/TLS. No plaintext data is transmitted.
How are API keys protected?
Each workspace has a unique API key. Requests must include the workspace key and the target form ID. Treat the API key as a secret (server-side only). Form IDs are identifiers (not secrets). Rotate/regenerate keys any time.
What happens if FormSentry is unavailable?
In the rare event FormSentry is unavailable, you can choose how your application behaves (for example, allowing submissions through, or holding them for review).
Is FormSentry GDPR-friendly?
FormSentry is designed with privacy in mind. It does not use tracking scripts, fingerprinting, or behavioral profiling. Configurable data retention helps support modern data protection practices.
Does FormSentry require a frontend SDK?
No. FormSentry works via a simple server-side API request. No JavaScript widgets, injected scripts, or client-side challenges are required.
Can I audit spam decisions?
Yes. Verification results are logged in your dashboard, including classification status and confidence scores. This provides visibility into how submissions are processed.
Protect your forms without increasing your risk
Secure, private spam protection - no trackers, no CAPTCHA, no third parties.