Privacy Policy

Account & Profile Information

• Name and email address
• Authentication credentials (hashed and encrypted)
• Google ID (for Google Sign-In users)
• Account preferences and settings

Form Data

• Form titles and form schemas (fields, sections, settings, validation rules)
• Form publishing status and visibility settings
• Share URLs and embed configurations
• Form expiry dates
• Creation and modification timestamps

Form Response Data

• Responses submitted by form respondents (all field values as structured data)
• Respondent email addresses (only when OTP verification is enabled for private forms)
• Submission timestamps

AI-Generated Content (Optional Feature)

When you use our AI-powered features:

• Text prompts you provide for form generation
• Uploaded PDF documents used for AI-based form generation (RAG)
• AI chat history for conversational form refinement
• AI-generated form schemas and translations
• Smart Analytics reports (AI-generated analysis of form responses)
• Analytics Chat conversations (stored locally in your browser only, not on our servers)
• Token usage and credit consumption data

Form Access Control Data

• Whitelisted email addresses for private forms
• OTP session data (hashed OTP codes, email, verification attempts) — temporary, deleted after verification

Subscription & Billing Data

• Subscription plan type (Free, Starter, Pro, Max)
• Subscription status and billing period
• AI credit balance and usage counters
• Stripe customer and subscription identifiers (we do not store credit card numbers or payment details)

Template Data

• User-created form templates (title, description, category, schema)

Security & Authentication Logs

• Authentication events (login attempts, token refreshes, account deletions)
• Event metadata for security monitoring (no passwords or tokens are logged)

Core App Functionality

• Create, edit, and manage your forms with drag-and-drop builder
• Generate forms from natural language prompts using AI
• Generate forms from uploaded PDF documents using AI
• Translate forms into different languages using AI
• Publish and share forms via links or embed codes
• Collect and store form responses from respondents
• Provide form analytics dashboards (response counts, growth charts, per-question breakdowns)
• Generate AI-powered Smart Analytics reports
• Provide conversational AI for querying form response data
• Manage form templates (system and personal)
• Process OTP verification for private form access

App Improvement

• Analyze application performance and fix bugs
• Understand feature usage patterns
• Develop new features based on usage trends

Communication

• Send transactional emails (account verification OTP, password reset links, form access OTP codes)
• Provide customer support

Where Your Data Lives

• Form Content & Responses: Stored in cloud-hosted PostgreSQL database with encryption
• Authentication: Token-based authentication with securely hashed passwords and refresh tokens
• AI Processing: Processed by third-party AI service providers when you use AI features
• Smart Analytics Reports: Generated PDF reports and analysis data stored in secure cloud storage
• Browser Storage: Authentication tokens stored in secure httpOnly cookies

Security Measures

• Industry-standard hashing for passwords and authentication tokens
• Short-lived access tokens and secure refresh token rotation
• SSL/TLS encryption for all network communications
• Rate limiting and request throttling
• Automated bot protection on registration and form submission endpoints
• Security headers to prevent common web attacks
• Graceful account deletion with email obfuscation and data retained briefly before permanent removal
• Time-limited, signed URLs for secure report access

Your Data Rights

• You can export your form response data (CSV/Excel) at any time
• You can delete individual forms, responses, or your entire account
• Account deletion removes your data from our systems

What We Use

• httpOnly Cookies: We use httpOnly cookies to store authentication tokens (access token and refresh token). These cookies are not accessible to client-side JavaScript and are used solely for session management.

What We Do Not Use

• No third-party tracking cookies
• No analytics cookies
• No advertising cookies

Access & Control

• View and export your form responses (CSV/Excel)
• Edit or delete any form, response, or template
• Delete your entire account and all associated data
• Correct any inaccurate profile information

Communication Preferences

Transactional emails (account verification, password reset, form access OTP) are required for app functionality and cannot be opted out of while your account is active.

Data Deletion

To delete your account:

1. Go to your Profile settings
2. Select "Delete Account"
3. Confirm deletion

Upon deletion:

• Your email is obfuscated and account is soft-deleted
• Your Stripe subscription is cancelled
• Your Smart Analytics reports are deleted from cloud storage
• Your data is permanently removed within 30 days

Active Accounts

• Form content and responses: Retained as long as your account is active
• Authentication data: Until account deletion
• AI job records: Retained for credit accounting and history

After Account Deletion

• Account and form data: Permanently deleted within 30 days
• Authentication logs: May be retained for security audit purposes
• Legal obligations: Data may be retained as required by law

Legal Basis for Processing

• Consent: For optional features like AI form generation, Smart Analytics, and Analytics Chat
• Contract: For core form building, response collection, and account management
• Legitimate interests: For application improvement and security