Inbox
The inbox is where every clean submission lands. One row per submission, newest first, filterable by form, by date, by content. Click a row to open the detail panel.
If a submission was flagged by any spam layer, it's not here — it's in the spam folder. See Spam →.
The list
Each row shows:
- A timestamp (relative —
2 minutes ago, hover for absolute). - The form name.
- A one-line preview of the payload (we pick the most useful field — usually
email, falling back tonameor the first long-text field). - A status pill (
received,processed,failed). - An attachment icon if the submission has any uploaded files.
Click anywhere on the row to open the detail panel.
Search and filter
The search bar above the list does substring search across all payload fields. We tokenise on save, so it's fast — even at hundreds of thousands of rows.
Filters are stacked from the toolbar:
| Filter | What it scopes by |
|---|---|
| Form | Specific form, or "all forms" (default). |
| Status | received, processed, failed. |
| Date range | From / to. Defaults to last 30 days. |
| Has files | Only show submissions with attachments. |
Filters compose. URL state encodes them, so a filtered view is shareable and bookmarkable.
The detail panel
Opens when you click a row. Three sections:
Payload
Pretty-printed key/value pairs from the form schema. Fields render in their original schema order, not alphabetically — so a contact form always shows name → email → message, never sorted weirdly.
For complex values (arrays from checkbox fields, nested objects), we show a collapsed JSON tree — click to expand.
There's a Copy as JSON button at the top. Useful for pasting into a backend log, a Slack thread, or a support ticket.
Files
Any uploads, with thumbnails for images and PDFs. Click to download — we mint a fresh signed URL valid for 15 minutes per click. See Files →.
Metadata
What we know that isn't payload:
- IP — submitter's IP, masked to /24 on Free plans for privacy.
- User agent — browser/OS sniff.
- Referrer — where the form was embedded.
- AI moderation — score and category, if AI moderation was on.
- Spam reason — empty for inbox rows; populated in the spam folder.
Actions
From the detail panel:
- Mark as spam — flips status to
spamand moves it. Use this when something slipped through the spam stack. - Delete — permanent. No trash, no undo. Files go too.
- Edit — for correcting typos. See Editing →.
- Resend webhooks — replays every webhook the submission was supposed to fire.
From the list, bulk-select rows with the leftmost checkbox column. The bulk action bar appears at the top — delete, mark-as-spam, mark-not-spam, export. See Bulk actions →.
Who can see what (team scopes)
Submissions are scoped to the team that owns the form, not the individual user. Every member of the team can see every submission for forms in that team — there's no per-form ACL.
If you need stricter scoping, split forms across multiple teams. The team picker in the dashboard header switches your active scope, and the inbox respects it.
API tokens have the same scope as their team — a token minted in Team A can't read submissions for Team B's forms.
Real-time updates
The inbox uses background polling — when a new submission lands in the team's queue, the list refreshes within a few seconds without a page reload. A small "n new" pill at the top of the list lets you click to surface them at the top.
For lower-latency needs (live event feeds, dashboards), use webhooks instead.
What's next
- Spam → — the other folder
- Files → — uploads and signed URLs
- Bulk actions → — operate on many rows at once
- Editing → — fix a payload after the fact