Privacy policy

1. Who we are

This Privacy Policy explains how Formfyl ("we", "us", "our") collects, uses, shares, and protects personal data when you use formfyl.com, app.formfyl.com, the form-builder Service, and any forms rendered by the Service ("Service").

For data about you as our customer, we are the data controller. For personal data submitted to forms our customers publish, we act as a data processor on behalf of those customers, who are the controllers; this policy describes our role in that processing.

2. What we collect

Account data: name, email, hashed password (or OAuth identifier for social sign-in), profile preferences, and authentication metadata.

Billing data: subscription plan, billing history, and a Paddle customer identifier. Payment card details are collected directly by Paddle, our Merchant of Record, and are never stored on our systems.

Form content: the form definitions you create, including questions, labels, and configuration.

Response data: data submitted to your forms by your respondents, plus optional metadata (submission time, country derived from IP, anonymised user-agent hash, UTM parameters if present in the URL).

Usage data: pages visited, features used, and aggregated event counts. We use a privacy-friendly analytics tool (Plausible) that does not set cookies and does not collect personal identifiers.

Support communications: messages you send to support, including any attachments.

3. How we collect it

Directly from you when you create an account, build a form, configure settings, or contact support.

Automatically when you use the Service (server logs of API requests, including timestamp, path, response status, and IP address for security and rate-limiting).

From third parties: identity data from Google when you choose Google sign-in; payment confirmation from Paddle when you subscribe.

4. Why we use it (lawful bases)

To provide the Service to you (contract performance): authenticate you, store your forms and responses, deliver feature functionality.

To bill and collect fees (contract performance): process subscriptions via Paddle, send receipts, manage renewals.

For security, abuse prevention, and integrity of the Service (legitimate interests): rate-limiting, fraud detection, log inspection.

For service improvement and analytics (legitimate interests): aggregated usage metrics so we can understand which features matter.

For legal compliance (legal obligation): tax records, responses to lawful requests.

For marketing communications about Formfyl product updates, but only with your prior consent (which you can withdraw at any time by clicking unsubscribe).

5. Who we share it with

Sub-processors that help us run the Service. We have written data-processing agreements with each:

— Cloudflare (CDN, edge hosting, R2 object storage for files and template images)

— Railway.app (compute hosting for the backend API)

— Supabase (managed Postgres database and authentication service)

— Paddle.com Market Limited (Merchant of Record for billing and payments)

— Postmark (transactional email delivery for receipts, password resets, and notifications)

— Plausible Analytics (privacy-friendly product analytics, no cookies, no personal data)

— Microsoft Clarity (session replay and heatmaps for product UX research; respondent data and form responses are masked in recordings)

We do not sell personal data to advertisers. We do not share personal data with third parties for their independent marketing purposes.

We may disclose personal data when legally required (court order, lawful government request), and in connection with a merger, acquisition, or asset sale subject to the same confidentiality obligations.

6. International transfers

Our infrastructure runs in multiple regions, and personal data may be transferred to and processed in countries outside your home country. Where we transfer EU/UK personal data outside the EU/UK, we rely on European Commission adequacy decisions where applicable, or on Standard Contractual Clauses (SCCs) with our sub-processors.

7. How long we keep it

Account and billing data: for the lifetime of your account and for up to 7 years after closure to comply with tax and accounting requirements.

Form content and response data: for as long as you keep your account active; after account closure, you have 30 days to export, after which we delete from active systems within 90 days (backups age out within a further 90 days).

Server logs: 30 days, then deleted.

Support communications: 3 years after the last interaction.

8. Your rights

Subject to applicable law, you have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion; (d) object to or restrict processing; (e) data portability (a machine-readable export); (f) withdraw consent where processing is based on consent; (g) lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We will not discriminate against you for exercising these rights.

9. Cookies and tracking

We use a small number of strictly necessary cookies on app.formfyl.com for authentication and session management. We do not use advertising cookies, and we do not embed third-party tracking pixels.

Our analytics provider (Plausible) does not set cookies and does not track individuals across sites.

The cross-domain `formfyl_signed_in` cookie on .formfyl.com is a simple boolean marker (value "1") set when you are signed in, so our marketing site can avoid showing signup prompts to existing users. It contains no personal data.

10. Security

We apply technical and organisational measures appropriate to the risk: encryption in transit (TLS 1.2+) and at rest, restricted production access, separation of duties, regular dependency updates, and standard application-security practices.

No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and any required regulator within applicable statutory timeframes (within 72 hours where required under GDPR).

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact [email protected] and we will delete it.

12. Forms our customers publish

When our customers publish forms using the Service, those customers — not Formfyl — decide what data to collect, why, and how to use it. They are the controllers for that data. If you submitted data through a Formfyl-powered form and wish to exercise rights regarding that data, contact the operator of the form. Where required, we will assist them in honouring your request.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be notified by email or via in-product notice at least 30 days before they take effect.

14. Contact

Privacy questions, data-subject requests, or complaints: [email protected].

For general support: [email protected].