Server-side validation
Forms are validated on the server with CSRF protection and consent capture.
Trust posture
This first release avoids outbound submission delivery and keeps intake data on the origin server.
Application and contact submissions are stored in a local SQLite database for administrator review. No outbound email, webhook, CRM sync, analytics pixel, or third-party form processor is configured.
Forms are validated on the server with CSRF protection and consent capture.
Honeypot filtering and request rate limits reduce low-effort automated submissions.
Admins can filter, update status, and export submissions from the protected admin console.