Trust posture

Minimal data movement, clear consent, and local review.

This first release avoids outbound submission delivery and keeps intake data on the origin server.

Submission handling

Application and contact submissions are stored in a local SQLite database for administrator review. No outbound email, webhook, CRM sync, analytics pixel, or third-party form processor is configured.

Server-side validation

Forms are validated on the server with CSRF protection and consent capture.

Abuse controls

Honeypot filtering and request rate limits reduce low-effort automated submissions.

Review workflow

Admins can filter, update status, and export submissions from the protected admin console.