[purerandomness]

You can build anything you want after acquiring the end user's informed consent.

A user knows what a draft is, and would agree to such a feature upon pressing a button that indicates that the draft will be saved for later by submitting the form verbatim as-is to the server

Saving everything a user types in, without a user's informed consent, is a severe trust violation.

[nawgz]

Well, that was a ridiculously non-general treatment of my attempt to lift this question to an actual abstraction.

Again, OP isn't selling things directly to end-users, so I don't know how the OP is meant to acquire the end user's consent, informed or not. The OP is exposing abilities in a tool which enables his end users to turn around and deliver something to their end users. My question is how culpable OP is for abuse of his tool's abilities, and what level he must go thru to put abuse protections in place to be not morally culpable for his end user's treatment of their end user's, and your answer is "OP needs to get informed consent". Ridiculously simplified.

[purerandomness]

> OP isn't selling things directly to end-users

That's ridiculous. If you provide a whitelabel solution, you simply add consent checkboxes and and explanatory text, the same way shop systems and virtually all other whitelabel software meant to be embedded works.

> how culpable OP is for abuse of his tool's abilities

Regulators don't care where you sourced the software from that you provided. You provide it, you host it, you're culpable.