Privacy Policy

FormWise ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our form backend service.

By using FormWise, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

We use the information we collect to:

• Provide the Service: Process form submissions, detect spam, send email notifications
• Account management: Create and maintain your account, authenticate users
• Billing: Process payments, send invoices, manage subscriptions
• Communication: Send service updates, security alerts, marketing emails (with your consent)
• Analytics: Understand usage patterns, improve features, optimize performance
• Security: Detect abuse, prevent fraud, enforce our Terms of Service
• Legal compliance: Comply with legal obligations and respond to lawful requests
• Support: Respond to your questions and provide customer support

Form Submissions: Submissions are retained according to your subscription plan:

• Free tier: 5 days
• Starter tier: 30 days
• Pro tier: 90 days
• Enterprise: Custom retention periods

After the retention period expires, submissions are automatically and permanently deleted from our systems.

Account Data: We retain your account information for as long as your account is active or as needed to provide you services. If you close your account, we will delete or anonymize your personal information within 30 days, except where required by law.

Usage Logs: API usage logs and analytics data are retained for 12 months for billing, troubleshooting, and service improvement purposes.

Financial Records: Payment and billing information is retained for 7 years to comply with tax and financial regulations.

We do not sell your personal information. We may share your information with:

Service Providers: Third-party vendors who perform services on our behalf:

• MongoDB Atlas: Database hosting
• Vercel/Railway: Application hosting
• Stripe: Payment processing
• Email providers: Transactional email delivery
• OpenAI: AI-powered spam detection analysis

Email Recipients: Form submissions are forwarded to the email address you specify in your account settings. This is the core functionality of our service.

Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

Business Transfers: If FormWise is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

With Your Consent: We may share information for any other purpose with your explicit consent.

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission uses TLS/SSL encryption (HTTPS)
• API Keys: Stored using SHA-256 hashing; never stored in plain text
• Authentication: OAuth 2.0 and magic link authentication; no password storage
• Access Controls: Role-based access with principle of least privilege
• Rate Limiting: Protection against abuse and brute-force attacks
• Monitoring: Continuous security monitoring and logging
• Regular Audits: Periodic security assessments and updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If you are located in the European Economic Area (EEA), you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your personal data for certain purposes
• Withdraw Consent: Withdraw consent for processing where we rely on consent

To exercise these rights, contact us at hello@formwise.dev. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

We use cookies and similar tracking technologies to:

• Authentication: Maintain your login session
• Preferences: Remember your settings and preferences
• Analytics: Understand how you use our Service (with privacy-focused tools)
• Security: Prevent fraud and abuse

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

Essential Cookies: Required for authentication and core functionality

Analytics Cookies: Used to understand usage patterns (can be disabled)

FormWise integrates with third-party services. Their privacy practices are governed by their own policies:

• Google OAuth: Google Privacy Policy
• GitHub OAuth: GitHub Privacy Policy
• Stripe: Stripe Privacy Policy
• Error Tracking (Glitchtip/Sentry): We use self-hosted error tracking to monitor application errors. Error reports may include request URLs, browser information, and stack traces. We strip personally identifiable information (such as IP addresses and authentication tokens) before sending error reports.
• Umami Analytics: We use Umami, a privacy-focused analytics tool, to understand how our service is used. Umami does not use cookies, does not collect personal data, and does not track users across websites.
• OpenAI: When AI-powered spam detection is enabled, form submission content (name, email, and a truncated message) may be sent to OpenAI for spam analysis. This data is processed under OpenAI's data usage policies and is not used for model training.

We recommend reviewing these policies to understand how these services handle your data.

FormWise is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you become aware that a child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 18, we will delete it promptly.

FormWise is based in Belgium. Your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Processing by service providers certified under EU-U.S. Data Privacy Framework
• Adequate levels of data protection as determined by applicable authorities

With your consent, we may send you promotional emails about new features, special offers, and other information we think may interest you.

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any email
• Updating your preferences in your account settings
• Contacting us at hello@formwise.dev

Note: You cannot opt out of transactional emails (e.g., account notifications, billing emails, form submissions) as these are essential to the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

We will notify you of material changes by:

• Sending an email to the address associated with your account
• Posting a notice in your dashboard
• Updating the "Last updated" date at the top of this page

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: hello@formwise.dev
• Address: Lebbeke, Belgium

For GDPR-related inquiries, please include "GDPR Request" in your email subject line.