Skip to content
Docs
Docs Log in

Privacy Policy

This policy explains how Formerie may collect, use, disclose, retain, and protect information while operating secure form intake, delivery, and dashboard services.

Scope

This Privacy Policy explains how Formerie may collect, use, disclose, retain, and protect information when operating its websites, customer applications, APIs, SDKs, hosted forms, embedded forms, delivery workflows, and related support channels.

Formerie provides infrastructure that customers use to publish forms and receive submissions. For submitted form data, the customer that controls the form usually decides what fields are collected, why they are collected, how long they are needed, and who should receive them. In that context, Formerie generally acts as a service provider or processor for the customer. For account, billing, website, security, and support data, Formerie may act as an independent organization, business, or controller depending on the applicable law and context.

This policy is written for the Formerie launch surface and must be reviewed against the final production data flows, vendors, retention settings, and customer agreements before paid launch or regulated processing.

Information we may process

Formerie may process the following categories of information:

  • Account information, such as name, email address, organization, role, authentication identifiers, and account settings.
  • Customer configuration, such as forms, fields, validation rules, published versions, domains, delivery rules, notification preferences, API keys, and integration settings.
  • Submitted form data, which depends on the customer-controlled form configuration.
  • Delivery and operational data, such as delivery attempts, provider response codes, webhook attempts, message identifiers, queue status, and dead-letter records.
  • Billing and plan data, such as plan type, usage counts, invoice metadata, payment provider customer identifiers, and entitlement state.
  • Support communications, such as emails, messages, issue descriptions, diagnostic files, and related contact details.
  • Technical and security data, such as IP address, user agent, request URL, timestamps, session identifiers, authentication events, device or browser information, error logs, rate-limit events, and abuse signals.
  • Website and product usage data, such as page views, feature usage, SDK/runtime version, documentation interactions, and aggregate analytics if such tools are enabled.

Customers should configure forms to collect only the information needed for their stated purpose.

Sources of information

Formerie may receive information from:

  • Account users and organization administrators.
  • Public visitors who submit customer forms.
  • Customer websites or applications that embed Formerie forms or SDKs.
  • Authentication, billing, email delivery, hosting, observability, security, and support providers.
  • Browser, device, network, and runtime systems that transmit technical metadata as part of normal service operation.
  • Customer instructions, support requests, imports, or integrations.

How information is used

Formerie may use information to:

  • Provide, maintain, secure, and improve the service.
  • Authenticate users and administer organizations, roles, plans, domains, forms, and settings.
  • Validate form submissions and apply server-side form, delivery, origin, security, spam-prevention, and rate-limit rules.
  • Store submissions and operational logs according to customer configuration and retention settings.
  • Queue, route, retry, and audit notifications, webhooks, and other delivery channels.
  • Troubleshoot errors, investigate abuse, prevent fraud, and protect service reliability.
  • Communicate about the product, support requests, security notices, policy updates, and administrative matters.
  • Generate aggregate or de-identified analytics for usage, capacity planning, quality, billing, and reliability.
  • Comply with legal obligations and enforce Formerie agreements and policies.

Formerie should not sell personal information. If the product later uses advertising, cross-context behavioral advertising, or similar tracking, this policy and the Cookie Policy must be updated before that use begins.

Disclosure and subprocessors

Formerie may disclose information only as needed for legitimate service, legal, security, and business purposes, including:

  • To the customer that controls a form and the recipients or integrations configured by that customer.
  • To service providers and subprocessors that help operate hosting, storage, delivery, authentication, billing, analytics, observability, support, and security functions.
  • To professional advisers, auditors, insurers, or prospective business transaction parties under appropriate confidentiality terms.
  • To authorities, courts, or third parties when required by law or necessary to protect Formerie, customers, users, or the public.

Production subprocessors should be listed on the Subprocessors page before Formerie processes production customer submission data.

Customer responsibilities

Customers are responsible for:

  • Providing their own privacy notices to people who submit their forms.
  • Having an appropriate legal basis for collecting, using, and delivering submitted data.
  • Choosing suitable fields, validation rules, retention settings, recipients, integrations, and access permissions.
  • Avoiding unnecessary or excessive collection of personal information.
  • Not collecting sensitive categories of information unless the use case is permitted by Formerie and appropriate contractual, legal, and technical controls are in place.
  • Responding to requests from people whose information they collect through their forms, except where Formerie is directly responsible for the information.

Sensitive information

Formerie is not intended to collect highly sensitive information unless Formerie has explicitly agreed to the use case in writing and the required safeguards are in place.

Examples may include payment card data, government identifiers, health information, biometric information, precise location data, authentication secrets, criminal records, children’s data, or other sensitive categories under applicable law.

Cookies and similar technologies

Formerie websites and applications may use cookies, local storage, session storage, and similar technologies for authentication, security, preferences, abuse prevention, product operation, and analytics if enabled.

See the Cookie Policy for more detail.

Retention

Formerie should retain information only as long as needed for service delivery, customer configuration, security, support, compliance, auditability, backup, and legitimate business purposes.

Retention periods may differ by data category. For example, submission payloads, delivery attempts, audit logs, billing records, security events, backups, and aggregate analytics may have different retention rules. Production retention defaults and deletion behavior should be documented before processing customer data at scale.

Security

Formerie should use administrative, technical, and organizational measures designed to protect information, including tenant scoping, role-based access controls, encrypted transport, secure secret handling, provider credential isolation, audit logging, monitoring, backup practices, and abuse-prevention controls.

No system is perfectly secure. Customers should configure access carefully, avoid collecting unnecessary sensitive data, and report suspected security issues promptly.

International processing

Formerie may process information in Canada, the United States, the European Economic Area, or other locations where Formerie or its subprocessors operate. Before production launch, Formerie should document applicable transfer mechanisms, subprocessor locations where known, and customer contract terms for regulated data.

Privacy rights and requests

Depending on where a person lives and the context of the processing, privacy rights may include access, correction, deletion, portability, withdrawal of consent, restriction, objection, appeal, or complaint rights.

Because Formerie often processes submitted form data on behalf of customers, requests about a specific submitted form may need to be directed to the customer that controls the form. Formerie may need to verify the requester’s identity and authority before acting on a request.

Privacy requests and questions can be sent to hello@formerie.com until a dedicated privacy contact is published.

Children’s information

Formerie is not intended for children to create accounts or submit information except where a customer has an appropriate lawful basis and required safeguards for its form. Customers should not use Formerie to collect children’s information unless the use case is lawful and permitted by Formerie.

Changes to this policy

Formerie may update this policy to reflect product, vendor, legal, or operational changes. Material changes should be communicated through the website, customer app, email, or another practical notice mechanism.