Overview
Privacy regulations (GDPR, CCPA, and their peers) give individuals the right to request access to, deletion of, or correction of their personal data. To receive those requests, you need a public intake mechanism. Shield intake forms are that mechanism. You build the form in TagPipes, publish it to CDN, and drop the resulting URL into your privacy page.
Because the forms are hosted on CloudFront, they load instantly from anywhere in the world without touching the TagPipes application. Submissions flow back into Shield as tracked requests with auto-calculated deadlines, audit trails, and a closure-email workflow. Every valid submission becomes a tracked request; there is no manual triage step.
Create a form
Open Shield > Forms from the left sidebar and click Add Form. Set the form title, slug, company display name, theme color, and logo. The slug becomes part of the public URL, so pick something stable and brandable like dsar or privacy-requests.
Companies with multiple privacy flows (employee vs consumer, different jurisdictions, separate brands) can build multiple forms. Each gets its own URL and branding; admin notifications still route to the same company-level inbox by design.
Add custom fields
Standard fields (full name, email, request type, description, country, state, optional identity document) ship with every form. Use the custom field editor to collect anything else you need. Five field types are supported: Text (single-line), Textarea (multi-line), Dropdown (single-select from a list), Checkbox (boolean or acknowledgment), and File upload.
Mark fields required where you genuinely need the data to process the request. Over-requiring creates friction that pushes legitimate requesters to give up. Under-requiring creates incomplete requests you cannot act on.
Configure support contact
Set the Support Email and Company Display Name. These appear on three customer-facing surfaces: the acknowledgment email when a request is submitted, the rejection email when a request is closed without action, and the requester status page. They should read in your brand voice, not TagPipes branding.
Identity document upload
The standard form includes an optional identity verification document upload supporting JPEG, PNG, and PDF up to 10 MB. Files land in a private S3 bucket and are only accessible to admins via 5-minute presigned URLs. Even with the file submitted, identity is not considered verified until an admin manually attests to it on the Detail page. See the Verify Identity guide for the attestation workflow.
Optional Cloudflare Turnstile
Beyond the always-on honeypot field, forms can also enforce a Cloudflare Turnstile challenge. The widget renders directly above the submit button and the Lambda verifies the response token against Cloudflare's siteverify endpoint before processing. Turnstile is global to the deployment (configured in web.config and the Lambda environment) and starts off. Once configured, re-publish each form so the new widget ships to its public URL.
Publish the form
Click Publish. Shield generates static HTML and uploads it to CloudFront. The status badge transitions from Queued to Publishing to Published within seconds. The public URL is displayed on the form card and stays stable across republishes.
Republish whenever you change the form, toggle Turnstile, or update branding. The published HTML is a snapshot; edits stay in draft until you publish again, so visitors never see half-edited forms during your iteration.
Embed or link the form
Add the public URL to your privacy policy footer, a dedicated Do Not Sell page, or your CMP's request-link configuration. The form posts directly to the Shield intake Lambda. No TagPipes login is required to submit, and the Lambda URL is independent of TagPipes uptime; downtime in the admin app does not affect the public intake.
Automatic deadline detection
Each submission auto-detects applicable privacy law from the requester's country and state, then sets the response deadline accordingly: 30 days for GDPR (EU/UK), PIPEDA (Canada), and Quebec Law 25; 45 days for CCPA (California), VCDPA (Virginia), CPA (Colorado), and CTDPA (Connecticut). Unknown jurisdictions fall back to the company-level Default Deadline Days setting.
The hidden honeypot field website_url drops obvious bot traffic without showing a CAPTCHA to real users. Turnstile layers on top for protection against sophisticated bots. Form publishing invalidates CloudFront automatically, so changes go live in under a minute. Per-form admin notification routing is on the Phase 4 backlog; today all forms for a company share one notification list configured in Settings.
Troubleshooting
Published form URL returns 404
The form has not finished deploying to CDN yet, or the CDN has not invalidated cached 404s from a prior request. Wait 60 seconds and reload. If it still fails, republish the form. CDN deployment is usually under 30 seconds but occasionally takes longer during AWS CloudFront churn.
Submissions arriving but missing fields
Older browsers or aggressive ad blockers sometimes drop form fields. Verify the form renders correctly in the affected browser, check whether the missing field was marked required, and inspect the browser console for JS errors on the live form.
Turnstile widget not appearing after I enabled it
Turnstile activates only when both Shield.Turnstile.Enabled=true AND Shield.Turnstile.SiteKey are set in web.config. Either half missing keeps the widget hidden. After flipping both, re-publish each form so the new HTML with the widget ships to CloudFront. The Lambda side independently requires TURNSTILE_ENABLED=true AND TURNSTILE_SECRET_KEY as environment variables.