That wasn't my point. I meant the feature is available to a very small subset of our users. Then even a smaller subset chooses to use it and I believe, it's up to the form creator to add a disclaimer on why this is necessary for their use case.
I'm not usually a big privacy person, but the way you're responding to this is a dealbreaker. This feature is fundamentally unethical. The fact that it's paywalled and not everyone uses it changes nothing.
Consider an implementation of "draft" submissions. Imagine you wanted to implement such a feature on top of some form builder. You would require such a feature.
I don't necessarily agree or disagree with the points raised on ethics here, but there's a very real consideration when you're offering a library/package/feature, sometimes you have to expose guts that can be used improperly in order to enable certain featuresets. I think it's obvious why someone building such a tool as OP would offer such a feature as is in discussion, because they would lose money otherwise from implementations that require this feature.
So, if a subset of things that can be done with your work are nefarious, how much effort are you meant to put in to make it ethical to sell your work? Is it inherently always unethical to build a tool which can be used to nefarious ends?
You can build anything you want after acquiring the end user's informed consent.
A user knows what a draft is, and would agree to such a feature upon pressing a button that indicates that the draft will be saved for later by submitting the form verbatim as-is to the server
Saving everything a user types in, without a user's informed consent, is a severe trust violation.
Well, that was a ridiculously non-general treatment of my attempt to lift this question to an actual abstraction.
Again, OP isn't selling things directly to end-users, so I don't know how the OP is meant to acquire the end user's consent, informed or not. The OP is exposing abilities in a tool which enables his end users to turn around and deliver something to their end users. My question is how culpable OP is for abuse of his tool's abilities, and what level he must go thru to put abuse protections in place to be not morally culpable for his end user's treatment of their end user's, and your answer is "OP needs to get informed consent". Ridiculously simplified.
That's ridiculous. If you provide a whitelabel solution, you simply add consent checkboxes and and explanatory text, the same way shop systems and virtually all other whitelabel software meant to be embedded works.
> how culpable OP is for abuse of his tool's abilities
Regulators don't care where you sourced the software from that you provided. You provide it, you host it, you're culpable.
The people filling the forms aren't the people paying the bills, so their opinions on the matter are moot. The actual customers want the feature, so it would be silly to not offer it and leave money on the table.