Help Center menu

File upload security

In this article

How uploaded files are handled, validated, and stored.

Upload limits

  • Per-file size: 5MB by default, configurable per block up to ~25MB.
  • Files per submission: 5 by default, configurable per block.
  • Allowed formats: PDF, DOC, DOCX, PNG, JPG, JPEG, GIF, WEBP. Anything else (ZIP, EXE, MP4, etc.) is rejected by the server, not just hidden in the browser file picker.

Validation

Validation runs server-side on every upload — we don't trust the browser. The checks are:

  1. MIME type matches one of the allowed list.
  2. File extension matches the MIME type (no smuggled .exe renamed to .pdf).
  3. Size is under the per-block limit.
  4. Count is under the per-block limit when combined with siblings.

A failed validation rejects the entire submission and surfaces an inline error to the respondent so they can retry with a valid file.

Storage

Uploaded files are stored in our server's filesystem under /uploads, organised by form and response. Files are served through an authenticated endpoint — the form owner can access them from the response detail panel and through the CSV export (which exports each file as a clickable URL).

We don't currently use a CDN or signed URLs for uploads. As a result, the file URLs include the response ID and are obscure-by-default but not cryptographically protected.

What we don't do

To be candid: we do not scan uploaded files for malware. If your form is open to the public and accepts file uploads, treat any downloaded file as untrusted — open it in an isolated environment if it could be risky. If malware scanning matters for your use case, route uploads to a service like VirusTotal via a webhook before opening them.

Deletion

  • Deleting a response deletes its uploaded files immediately.
  • Deleting a form deletes all responses and their uploaded files.
  • Deleting your account triggers a 30-day soft-delete window, after which all files are permanently removed.

Tips

  • Use Long Text for things people might paste from a document rather than File Upload — fewer chances for the upload to fail.
  • For document collection workflows where you actually need files (consent forms, ID checks), let respondents know the size limit up front so they don't get blocked late in the form.
  • If you collect ID documents, consider routing them through a purpose-built vendor (Onfido, Persona, Stripe Identity) rather than NodumForms.

Give feedback

Was this resource helpful?

|
Previous: GDPR and privacy compliance

FAQs

Data is stored in enterprise-grade cloud infrastructure in the EU region by default. Enterprise customers can request specific regional deployments — contact support@nodumforms.com.

Never. NodumForms does not train, fine-tune, or share any machine learning models with form response data.

We follow SOC 2 controls today and formal certification is in progress. Enterprise customers can request our current security questionnaire and DPA from support@nodumforms.com.