GDPR API

an image of a volcano at the end of a road

This page is developer-facing documentation related to GPDR and other privacy features. Most of these features require Caldera Forms 1.7 or later.

For all documentation on Caldera Forms’ GDPR compliance tools see the main documentation for GDPR.

Personally Identifying Information Fields

In Caldera Forms 1.6.1 or later you can mark a field as containing personally identifiable information (PII).

Find All Personally Identifiable Fields Of A Form

You can find all fields of a form that contain PII, using the function Caldera_Forms_Forms::personally_identifying_fields()

Check If A Field Contains Personally Identifiable Information

You can check if a field contains PII, using the function Caldera_Forms_Field_Util::is_personally_identifying()

Set A Field As Email Identifying

Email Identifying Fields

While personally identifying fields contain personal data, the email identifying fields are used to search by email for form entries whose data is personally identifying.

Finding All Email Identifying Fields

Checking If A Field Is Email Identifying

Adding An Email Identifying Field

Enabling Or Disabling Data Export and Eraser Integration

By default, Caldera Forms data is not included in personal data exports or erasers. There is a UI option to enable them, which is documented here. You can also enable or disable them programmatically:

Enable Caldera Forms Data Export And Eraser

Disable Caldera Forms Data Export And Eraser

Changing The Privacy Page Link

The Caldera Forms consent field and privacy page magic tag use WordPress’ setting for the privacy page link. You can change this using the “caldera_forms_privacy_policy_page_url” filter. 

Creating A Custom Exporter Or Eraser

If Caldera Forms’ default data exporter or eraser is not sufficient for your needs, you may make your own. There will be a filter to change the callback function for exporters and erasers. This filter is not included in 1.7 beta 1. See: https://github.com/CalderaWP/Caldera-Forms/issues/2545

caldera_forms_gdpr_callback

Using The Caldera Forms PII Query Class

The default exporters and erasers use the class Caldera_Forms_Query_Pii to find personal data. This class decorates the Caldera_Forms_Query_Paginated class. It makes heavy use of the Caldera Forms Query tool under the hood.

REST API Routes

If you would like to read or update privacy settings via the REST API from a JavaScript client or other service you can. All routes require authentication as an admin user. No special, Caldera Forms-specific authentication is needed.

JavaScript developers can take advantage of the API functions found here.

Accessing Privacy Settings For A Form Via The WordPress REST API

You can read the privacy settings by making a GET request to one of these two endpoints

  • /wp-json/cf-api/v2/forms/<form-id>/privacy
  • /wp-json/cf-api/v2/forms/<form-id>? privacy=true

Saving Privacy Setting For A Forms Via The WordPress REST API

You can update the privacy settings by making a POST request to this endpoint:

  • /wp-json/cf-api/v2/forms/<form-id>/privacy

Where Does This Code Go?

When using WordPress hooks to customize Caldera Forms or other plugins you should not modify the plugin files, or you will lose your changes when you update the plugin. Instead you should create a small plugin to hold the custom code. It's easy, learn how here.

Technically you can add the custom code to your theme's functions.php, but then you will not be able to change your theme and keep these customizations.

Learn More