Privacy Commitment

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law that went into effect on May 25, 2018. The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. This data protection law requires businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data at any time), and ensure appropriate security protections are put in place to protect the personal data they process.

Who does the GDPR apply to?

The GDPR applies to all businesses and individuals based in the EU and to those outside the EU that process the personal data of EU individuals. Personal data, as definied by the GDPR, is any information relating to an identified or identifiable natural person. This includes data that is obviously personal (such as a name or email address) as well as data that can be used to identify an individual indirectly (such as an IP address).

Data Processors and Controllers

Article 4 of the GDPR defines data controllers and data processors as:

Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor - a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.

We as Data Controller

If you create an account on, we will ask you for a valid email address. You are not required, but you may also give us a name on the Profile Settings page. Your email address is used as the primary key for our service. Your email and name is the only personal information we collect from you.

Why we collect your personal information

  • We need your email address to create your account, and provide the services you request.
  • We use your email address to identify you in our system.
  • We will use your email address to send you system notifications and communicate with you about product updates. You can change your email and unsubscribe from those messages at any time.

We limit our use of your personal information to the purposes listed in our Privacy Policy. We do not share, sell, rent, or trade personal information with any third party.

NOTE: We do NOT store any credit card information. For that, we use an external service: Paddle.

You as a Data Controller

You determine which data is collected from your end users. It is your responsibility as a account owner to limit the collection of Personally Identifiable Information and adhere to our Terms of Service, which follow GDPR requirements. As a account owner, we provide you with a toolkit to make adherence to GDPR requirements simple and straightforward.

  • On your settings page, you are provided with all the tools needed to manage your own personal data, in addition to the ability to request to change or delete all or some of your own personal data.
  • Within your individual form settings, you are provided with all the tools needed to manage the personal data of those who submit to your form, including permanently deleting it from our service.
  • Individuals who submit to your forms are sent a submission receipt that contains a link to our GDPR request page that allows them to request a change in how their personal data is used or to permanently delete it from our service.

We as a Data Processor

All data stored in service is defined by our users. It is the responsibility of our users as data controllers to ensure that the personal information they collect through powered forms is GDPR compliant.

NOTE: is NOT to be used for:

  • Collecting children's personal information
  • Collecting personal health information
  • Collecting personal criminal history
  • High risk processing of sensitive data
  • Lawful basis for data processing

    All data collected by is in the legitimate interesest of our users, both the account owners and the submissions which they receive. For account owners, we require the minimal amount of Personally Identifiable Information to perform billing, ensure legitimate users, and prevent abuse. When an end user submits data to an account owner's form, we collect only the data that was submitted. When a user’s submission is sent to, it functions as expected. The account owner is notified of the submission and the data is passed along.

    Right of access and Right to be forgotten does not ask for more personal data from our users than we need to provide our service. We provide you the ability to access and delete both the data you have given us and the data your form submitters have given to you at any time.

    Closing your account automatically deletes any and all associated data, including submission data for your forms. When you delete individual submissions from your forms, they are permanently removed from our storage systems and cannot be restored.

    As part of our limited data retention policy, submissions are automatically deleted after 1460 days. Spam and trashed submissions are deleted every 72 hours.

    Notice of security breaches takes all measures reasonably necessary to protect Personal Information from unauthorized access, alteration, or destruction, maintain data accuracy, and help ensure the appropriate use of Personal Information at all times. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. We are committed to announcing any security breaches within 72 hours after we notice this kind of issue.

    Our Vendors

    We use the following services that have already confirmed their commitment to GDPR compliance:

    Data Removal Request

    To exercise your rights and make a request to change or permanently delete your data from our service, please submit a request to us.