Nextcloud Forms inherits many security controls from the base Nextcloud instance. Configure both app and platform policies together.
- Nextcloud HTTPS and trusted domain config
- Forms app enabled and updated
- Mail delivery configured for notifications
Example related config.php items:
'overwrite.cli.url' => 'https://cloud.example.com',
'trusted_domains' => ['cloud.example.com'],
'mail_from_address' => 'nextcloud',
'mail_domain' => 'example.com',
- Restrict form creation to approved groups.
- Use internal-only sharing for sensitive surveys.
- Define owner and retention policy per form.
¶ Data retention and exports
- Document how long responses are kept.
- Restrict export/download permissions.
- Include form responses in Nextcloud backup scope.
¶ Backup and recovery
Back up Nextcloud DB + data directory. Test restore and validate one form + response set.
- App update compatibility checked.
- Mail notifications functioning.
- Response access audited.
- Restore test completed.
Feel free to contact us. Find all contact information on our contact page.