diff --git a/controllers/form.controller.js b/controllers/form.controller.js
index dc1c678..0c1b315 100644
--- a/controllers/form.controller.js
+++ b/controllers/form.controller.js
@@ -127,8 +127,6 @@ export async function updateForm(req, res) {
   });
 }
 
-
-
 export async function createForm(req, res) {
   if (!verifycaptcha(req.body.recaptcha_token))
     return response_400(res, 'Captcha not verified');
@@ -298,32 +296,71 @@ export async function getFormSubmissions(req, res) {
 
 export async function deleteForm(req, res) {
   try {
-    const id = req.body.id;
-    const form = await Form.findById(id)
-      .populate({
-        path: 'project',
-        select: 'owner',
-      })
-      .populate({
-        path: 'project.owner',
-        select: '_id name email passwordHash',
-      });
+    const { formId } = req.params;
+    const password = req.body.password;
+
+    const [form] = await Form.aggregate([
+      {
+        $match: {
+          formId: formId,
+        },
+      },
+      {
+        $lookup: {
+          from: 'projects',
+          localField: 'project',
+          foreignField: '_id',
+          as: 'project',
+        },
+      },
+      {
+        $unwind: '$project',
+      },
+      {
+        $lookup: {
+          from: 'users',
+          localField: 'project.owner',
+          foreignField: '_id',
+          as: 'project.owner',
+        },
+      },
+      {
+        $unwind: '$project.owner',
+      },
+      {
+        $project: {
+          formId: 1,
+          name: 1,
+          'project.owner': 1,
+        },
+      },
+    ]);
+
     if (!form) {
-      return res.status(400).json({ msg: 'Form not found' });
+      return response_400(res, 'Form not found');
     }
-    const isOwner = req.user._id === form.project.owner._id;
+    const isOwner = req.user._id.equals(form.project.owner._id);
     if (!isOwner) {
-      return res.status(401).json({ msg: 'Unauthorized' });
+      return response_401(res, 'Unauthorized');
     }
-    const password = req.body.password;
-    password = await hash_password(password); // Assuming the password is provided in the request body
-    if (password !== form.project.owner.passwordHash) {
-      return res.status(400).json({ msg: 'User is not the owner' });
+
+    const hash = await hash_password(password);
+    const isPasswordValid = hash === form.project.owner.passwordHash;
+
+    if (!isPasswordValid) {
+      return response_400(res, 'Invalid password');
     }
-    await form.deleteOne();
-    res.status(200).json({ data: form, msg: 'Form deleted successfully' });
+
+    await Form.deleteOne({ formId });
+    await prisma.formSubmission.deleteMany({
+      where: {
+        formId: formId,
+      },
+    });
+    return response_200(res, 'Form deleted successfully');
   } catch (error) {
-    res.status(500).json({ msg: 'An error occurred while deleting the form' });
+    console.log(error);
+    return response_500(res, 'Server Error', error);
   }
 }
 
diff --git a/routes/form.routes.js b/routes/form.routes.js
index ff50a93..1d334a2 100644
--- a/routes/form.routes.js
+++ b/routes/form.routes.js
@@ -16,7 +16,7 @@ const router = Router();
 router.get('/', greet);
 router.post('/new/:projectId', verifiedMiddleware, createForm);
 router.patch('/update/:id', verifiedMiddleware, updateForm);
-router.delete('/', verifiedMiddleware, deleteForm);
+router.delete('/:formId', verifiedMiddleware, deleteForm);
 router.get('/dashboard/:formId', verifiedMiddleware, getForm);
 router.get('/submissions/:formId', verifiedMiddleware, getFormSubmissions);
 router.get('/csv/:formId', verifiedMiddleware, generateCSV);