{"id":14281,"date":"2025-07-04T06:48:30","date_gmt":"2025-07-04T10:48:30","guid":{"rendered":"https:\/\/www.med.unc.edu\/webguide\/?page_id=14281"},"modified":"2025-11-18T09:44:21","modified_gmt":"2025-11-18T14:44:21","slug":"gravity-forms","status":"publish","type":"page","link":"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/gravity-forms\/","title":{"rendered":"Gravity Forms"},"content":{"rendered":"<div class = \"alert alert-danger  oscitas-bootstrap-container\">\n<p style=\"text-align: center;\">UNC\u2019s <strong>Gravity Forms Retention Policy<\/strong> takes effect January 1, 2026. <strong>Entries older than 90 days will be deleted beginning March 31, 2026<\/strong>.<\/p>\n<\/div>\n<p>Gravity Forms is a WordPress plugin used directly within your School of Medicine website. It\u2019s great for building simple forms like contact forms, basic event RSVPs, or general sign-ups. It\u2019s user-friendly and styled to match your site, but it <strong>should not be used to collect any sensitive or confidential information. Never use Gravity Forms to collect health information, student IDs, or any sensitive data<\/strong>.<\/p>\n<p>If you use Gravity Forms, we strongly recommend posting a disclaimer that sensitive information should not be submitted through the form.\u00a0 You <strong>must<\/strong>\u00a0frequently review uploads and\u00a0<a href=\"https:\/\/safecomputing.unc.edu\/data\/reporting-a-security-incident\/\" target=\"_blank\" rel=\"noopener\">notify ISO<\/a>\u00a0if there is accidental exposure of sensitive information.<\/p>\n<p>We recommend using Qualtrics if a file upload field is added to the form. There have been issues where sensitive data has inadvertently been uploaded.<\/p>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2><a id=\"retention-policy\"><\/a>Retention Policy<\/h2>\n<p><strong>Effective January 1, 2026<\/strong>, UNC\u2019s Gravity Forms Retention Policy will take effect.<\/p>\n<p>As part of this policy, <strong>all form entries and uploaded files older than 90 days will be automatically deleted beginning March 31, 2026<\/strong>.<\/p>\n<p>This policy was created to:<\/p>\n<ul>\n<li>Improve overall site performance and reduce storage use<\/li>\n<li>Enhance data security and privacy<\/li>\n<li>Align with University data governance standards<\/li>\n<\/ul>\n<h3>What This Means for Site Editors<\/h3>\n<ul>\n<li>The system will <strong>automatically delete<\/strong> all Gravity Forms entries and uploaded files <strong>after 90 days<\/strong>.<\/li>\n<li>Deleted entries and files<strong> cannot be recovered<\/strong>.<\/li>\n<li>You must <strong>manually<\/strong> <a href=\"https:\/\/www.gravityforms.com\/blog\/how-to-export-form-entries\/\">export any form entries<\/a> you need before the 90-day deadline.<\/li>\n<\/ul>\n<p>For full details, view the <a href=\"https:\/\/tdx.unc.edu\/TDClient\/33\/Portal\/KB\/ArticleDet?ID=487\">Gravity Forms: Retention Policy and Mandatory Standards<\/a>.<\/p>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2>Best Practices<\/h2>\n<p>Following these best practices helps keep your forms secure, accessible, and compliant with the <a href=\"https:\/\/tdx.unc.edu\/TDClient\/33\/Portal\/KB\/ArticleDet?ID=487\">University\u2019s data retention policy<\/a>.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/reducing-spam-in-gravity-forms#captcha\"><strong>Add CAPTCHA<\/strong><\/a> &#8211; Always include a CAPTCHA field to help prevent spam submissions from automated bots.<\/li>\n<li><a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/reducing-spam-in-gravity-forms\/\"><strong>Enable Honeypot<\/strong><\/a> &#8211; In your form settings, enable the Honeypot option. This adds an invisible field that traps spam bots without affecting user experience.<\/li>\n<li><strong>Limit File Upload Fields<\/strong> &#8211; We recommend using <a href=\"https:\/\/software.sites.unc.edu\/qualtrics\/\"><strong>Qualtrics<\/strong><\/a> instead of Gravity Forms for collecting files. There have been incidents where sensitive data (such as personal or confidential information) was inadvertently uploaded through web forms. If you must use file upload fields in Gravity Forms:\n<ul>\n<li>Restrict to safe file types such as <strong>.pdf<\/strong>, <strong>.jpg<\/strong>, or <strong>.png<\/strong>.<\/li>\n<li>Block unsafe file types such as <strong>.exe<\/strong> or <strong>.zip<\/strong>.<\/li>\n<li>Set the <strong>maximum file size<\/strong> to under <strong>5 MB<\/strong>.<\/li>\n<li>Never request or accept <strong>sensitive data<\/strong> (e.g., personal identifiers, financial, or medical information).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Export Data Before the <a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/gravity-forms#retention-policy\">90-Day Retention Limit<\/a><\/strong>\u00a0&#8211; All form entries and uploaded files are automatically deleted after 90 days under UNC\u2019s Gravity Forms Retention Policy.<\/li>\n<li><strong>Restrict Access to UNC Users (If Applicable)<\/strong> &#8211; If your form is intended for internal use, consider requiring Onyen authentication to limit access to UNC users only. Contact the SOM Web Team for assistance enabling this feature.<\/li>\n<li><strong><a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/reducing-spam-in-gravity-forms#spam-tab\">Review the Spam Tab<\/a> in Gravity Forms<\/strong> &#8211; Occasionally, legitimate submissions may be incorrectly flagged as spam.<\/li>\n<li><strong>Monitor Your Outlook Inbox<\/strong> &#8211;\u00a0Occasionally, valid form submissions may be routed to your Junk or Spam folder in Outlook.<\/li>\n<\/ul>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2>Accessing Gravity Forms<\/h2>\n<p>To access these forms, select <strong>Forms<\/strong> in the Dashboard.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11647\" src=\"https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/forms.png\" alt=\"screenshot of where to find the Forms option in the Dashboard menu.\" width=\"160\" height=\"228\" \/><\/p>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2>Why Forms May Not Display in the Dashboard<\/h2>\n<ol>\n<li>You do not have sufficient <a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/sharing-permissions\/\">permissions<\/a> to create and edit forms. Only users with the <strong>Administrator<\/strong> role can manage forms.<\/li>\n<li>The plugin may have been deactivated. To activate the plugin:\n<ol>\n<li>In your site&#8217;s Dashboard, click on <strong>Plugins<\/strong>. You must have\u00a0the <a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/sharing-permissions\/\">Administrator role<\/a>\u00a0to manage plugins.<\/li>\n<li>Find the\u00a0<strong>Gravity Forms<\/strong> plugin and click on the <strong>Activate<\/strong>\u00a0link below the plugin name.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2>Email Notifications<\/h2>\n<p>When setting up the form notifications, there is no need to fill in the <strong>From Email<\/strong> field. Due to a compatibility requirement for the UNC mail system, the <strong>no-reply@mail.unc.edu<\/strong> will automatically be used. Anything added to the <strong>From Email<\/strong> field will be overwritten. To control where replies go, you can use the <strong>Reply-to<\/strong> field.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-11648\" src=\"https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/Screen-Shot-2021-04-05-at-8.24.07-AM.png\" alt=\"screenshot highlighting the From Email field on form submissions.\" width=\"650\" height=\"339\" srcset=\"https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/Screen-Shot-2021-04-05-at-8.24.07-AM.png 981w, https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/Screen-Shot-2021-04-05-at-8.24.07-AM-300x156.png 300w, https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/Screen-Shot-2021-04-05-at-8.24.07-AM-768x400.png 768w, https:\/\/www.med.unc.edu\/webguide\/wp-content\/uploads\/sites\/419\/2021\/04\/Screen-Shot-2021-04-05-at-8.24.07-AM-600x313.png 600w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/p>\n<hr  style=\"margin:40px 0\"class=\" rule-thin osc-rule\" \/>\n<h2>How To<\/h2>\n<p>Refer to the official <a href=\"https:\/\/docs.gravityforms.com\/category\/user-guides\/\">Gravity Forms documentation<\/a> or <a href=\"https:\/\/www.gravityforms.com\/video-tutorials\/\">Gravity Forms Video Tutorials<\/a> for form creation and configuration guidance. Use the links below to learn how to complete the most common form-building tasks.<\/p>\n<p>Note: the SOM web system uses the <strong>Classic Editor<\/strong>, not the Block Editor.<\/p>\n<h3>Form Basics<\/h3>\n<ul>\n<li><a href=\"https:\/\/docs.gravityforms.com\/create-a-new-form\/\">Creating a Form<\/a> &#8211; learn how to create a new form (<a href=\"https:\/\/www.gravityforms.com\/video-tutorial-simple-contact-form\/\">video tutorial<\/a> also available).<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/form-editor\/#h-the-field-library\">Adding Form Fields<\/a> &#8211; explore the different field types available for your form.<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/category\/user-guides\/conditional-logic\/\">Conditional Logic<\/a> &#8211; build interactive forms that show or hide fields based on user selections. (<a href=\"https:\/\/www.gravityforms.com\/how-to-use-conditional-logic-video-tutorial\/\">video tutorial<\/a> also available).<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/adding-a-form-using-classic-editor\/\">Embedding a Form in a Page or Post<\/a> &#8211; display your completed form on the desired web page.<\/li>\n<\/ul>\n<h3>Notifications &amp; Confirmations<\/h3>\n<ul>\n<li><a href=\"https:\/\/docs.gravityforms.com\/configuring-notifications-in-gravity-forms\/\">Setting Up Form Notifications<\/a> &#8211; notifications allow you (and others) to receive automatic emails after someone submits a form. You can configure notifications to send to specific people or the form submitter. (<a href=\"https:\/\/www.gravityforms.com\/video-tutorial-enable-notifications\/\">video tutorial<\/a> also available).<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/configuring-confirmations-in-gravity-forms\/\">Creating Confirmation Messages<\/a> &#8211; a confirmation is the response shown immediately after a form submission. You can display a thank you message or redirect users to another page after submission. (<a href=\"https:\/\/www.gravityforms.com\/how-to-enable-confirmations-video-tutorial\/\">video tutorial<\/a> also available)<\/li>\n<\/ul>\n<h3>Entries &amp; Data Management<\/h3>\n<ul>\n<li><a href=\"https:\/\/docs.gravityforms.com\/edit-forms\/\">View All Forms<\/a> &#8211; manage and organize your existing forms.<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/reviewing-form-submissions\/\">View Form Entries<\/a> &#8211; view form submissions, which Gravity Forms calls entries.<\/li>\n<li><a href=\"https:\/\/docs.gravityforms.com\/exporting-form-entries\/\">Exporting Form Entries<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravity Forms is a WordPress plugin used directly within your School of Medicine website. It\u2019s great for building simple forms like contact forms, basic event RSVPs, or general sign-ups. It\u2019s user-friendly and styled to match your site, but it should not be used to collect any sensitive or confidential information. Never use Gravity Forms to &hellip; <a href=\"https:\/\/www.med.unc.edu\/webguide\/userguide\/forms\/gravity-forms\/\" aria-label=\"Read more about Gravity Forms\">Read more<\/a><\/p>\n","protected":false},"author":3206,"featured_media":0,"parent":2234,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"layout":"","cellInformation":"","apiCallInformation":"","footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-14281","page","type-page","status-publish","hentry","odd"],"acf":[],"_links_to":[],"_links_to_target":[],"_links":{"self":[{"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/pages\/14281","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/users\/3206"}],"replies":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/comments?post=14281"}],"version-history":[{"count":15,"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/pages\/14281\/revisions"}],"predecessor-version":[{"id":14817,"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/pages\/14281\/revisions\/14817"}],"up":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/pages\/2234"}],"wp:attachment":[{"href":"https:\/\/www.med.unc.edu\/webguide\/wp-json\/wp\/v2\/media?parent=14281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}