All docs
3 min read Last updated:

File storage

File uploads attached to form submissions are stored in private, S3-compatible object storage hosted in EU regions. Storage is fully managed - there are no buckets to create, no credentials to configure, and no storage settings to maintain.

How uploads are stored

  • Private by default. Uploaded files are never publicly readable. There is no public URL for an uploaded file, ever.
  • EU data residency. Files live in the same EU regions as the rest of the platform. They are encrypted at rest (AES-256) and in transit (TLS).
  • Per-submission association. Each file is tied to the submission it arrived with. Deleting the submission deletes the file.

Downloading files

Files are only accessible through signed, time-limited download URLs generated from the dashboard or the API:

  1. Open a submission that includes a file upload.
  2. Click the file link - the platform generates a signed URL on the fly.
  3. The URL expires after a short window (default 5 minutes), after which a fresh one must be generated.

Because every download URL is signed and short-lived, sharing a link does not grant lasting access, and expired links return 403.

Upload limits

Plan File uploads Per-file limit Total storage
Free Disabled - -
Pro Enabled Up to 25 MB (configurable per form) 5 GB
Team Enabled Up to 25 MB (configurable per form) 50 GB

The per-file limit can be lowered per form in the form's settings if you want to restrict what visitors can send.

Retention

File uploads follow the same per-form retention rules as submissions. When a retention rule deletes a submission, the associated files are deleted from storage in the same queued job - there are no orphaned files left behind. One-click erasure and data-subject erasure requests cascade to file storage the same way.

Security notes

  • Uploads travel from the visitor's browser to Formspring over HTTPS; Formspring then stores them server-side. Visitors never talk to the storage layer directly, and no storage credentials are ever exposed to the front end.
  • Every file download is available in the submission audit log: who accessed, when.
  • Files are scanned as part of the spam-protection pipeline before they reach your dashboard.

Troubleshooting

Symptom Cause
Download link returns 403 The signed URL expired (default 5 minutes). Re-open the submission to generate a fresh link.
Upload rejected at submit time File exceeds the per-file limit configured on the form, or the form's plan has file uploads disabled.
File missing from an old submission A retention rule or erasure request deleted the submission; files are removed together with their submission.

Related

  • Webhooks - webhook payloads reference files by signed URL, not by raw content.
  • REST API - retrieve submission files programmatically with a scoped token.
Previous
---
Next
---