Security
A clear boundary between public forms and private delivery.
Formerie is built so websites can submit form data without deciding where sensitive messages go or how providers are used.
No client-chosen recipients
Recipients are configured server-side. A browser request cannot redirect a submission to an arbitrary address.
No exposed provider credentials
Provider keys, tokens, and account-level delivery settings stay out of public JavaScript and HTML.
No client-selected templates
Templates are resolved from the form policy, tenant configuration, and server rules.
Controls
Security controls belong to the API and admin surfaces.
The public form surface should stay narrow. Operational decisions, delivery configuration, provider credentials, and privileged actions belong behind authenticated systems.
Privacy policy- Allowed-origin checks
- Field validation
- Spam and abuse controls
- Audit events
- Provider retry state
- Admin-only operational actions