What Happens When You Submit

Submitting information through a website form creates records. This page explains, plainly and without reassurance language, what typically happens when you submit information using FOIA Shield or similar web-based submission tools.

This is a public, educational project advocating for individual privacy and full government transparency. We are not lawyers, do not provide paid services, and nothing on this page is legal advice. This page does not guarantee confidentiality, anonymity, non-retention, or protection from disclosure.

Summary (read this first)

  • Data is transmitted across the internet.
  • Data is processed by a web server.
  • Metadata is generated automatically.
  • Copies may exist in logs, email systems, backups, and third-party services.
  • Access and disclosure risks depend on infrastructure, configuration, and legal obligations.

You should assume submissions are potentially persistent and discoverable.

What is transmitted

A submission typically includes:

  • The content entered into form fields
  • IP address
  • Date and time of submission
  • Browser and operating system information (user agent)
  • Referring page URL
  • Cookies or session identifiers, if present

Even when forms minimize required fields, metadata is still generated by default.

What may be stored

Depending on configuration and infrastructure, submitted data may exist in:

  • Application databases
  • Server access and error logs
  • Email notifications sent to administrators
  • Email provider logs
  • Hosting provider logs
  • Automated backups and snapshots
  • Monitoring or security tooling

Deletion from one location does not imply deletion from all locations.

Who may have access

Access may include, but is not limited to:

  • Site administrators
  • Hosting providers
  • Email service providers
  • Infrastructure operators
  • Contractors or service vendors
  • Legal entities via lawful requests (e.g., subpoenas or court orders)

Access controls reduce risk but do not eliminate it.

What FOIA Shield does not guarantee

  • Anonymity
  • Confidentiality
  • End-to-end secrecy
  • Log-free operation
  • Immunity from legal process
  • Automatic deletion
  • Protection against all threat models

FOIA Shield is a tool for risk reduction, not risk elimination.

Practical risk-reduction guidance

Before submitting:

  • Submit test or placeholder data first
  • Avoid real names, identifiers, or unique phrases
  • Remove metadata from attachments
  • Use dedicated or throwaway email accounts if appropriate
  • Understand the threat model of the recipient organization
  • Review the Operational Boundaries and Threat Model pages

Transparency requests are often lawful and routine, but disclosure risk is contextual and depends on recipients, infrastructure, and process. If you are unsure, proceed conservatively.

Related reading

Final note

If submitting information could create legal, professional, or personal risk, consult qualified counsel before proceeding.