Privacy Policy

This Privacy Policy describes how Formzet ("we," "us," or "our") collects, uses, and protects information when you use the Formzet service ("Service").

General: hello@formzet.com  |  Support: support@formzet.com

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and profile details (display name, profile photo URL). Authentication is handled via email magic links or Google OAuth.

1.2 Form Content & Responses

When you build forms and collect submissions, we store:

• Form configurations (title, description, fields, settings)
• Respondent submissions (the answers provided via your published forms)

1.3 Billing & Subscription Data

For paid plans, we store subscription status, plan tier, billing region, and payment history. We do not store payment card numbers or full payment details — these are handled exclusively by Dodo Payments.

1.4 Usage Metrics

We track monthly usage counts (forms created, responses received, AI calls made) to enforce plan limits and reset them each billing cycle. These are stored in your billing record and are not shared externally.

1.5 Technical & Log Data

We collect standard technical data including IP address, browser type, and request logs for security and performance. Your approximate geographic region (India vs. rest of world) may be inferred from your IP to determine applicable pricing (INR or USD).

1.6 Product Analytics & Monitoring

We use PostHog for product analytics and session recording. PostHog helps us understand how you interact with Formzet, identifying which features are most used and where users might experience friction. Data collected includes click events, page views, and anonymized session recordings. We use this exclusively to improve the product experience.

We also use Sentry for error tracking and performance monitoring. When errors occur, Sentry may collect your IP address, browser information, and a session replay to help us diagnose and fix issues.

2. How We Use Your Information

We use your information to:

• Provide, operate, and improve the Service
• Authenticate you and maintain your session
• Process subscriptions and payments via Dodo Payments
• Determine your billing region for localized pricing (INR for India, USD for others)
• Enforce monthly usage limits (forms, responses, AI calls)
• Send transactional emails (e.g., magic link sign-in) via Resend
• Monitor errors and diagnose issues via Sentry
• Respond to your support requests

We do not use your data for advertising.

3. AI Features

If you use Formzet's AI form generation feature, your prompts (input descriptions) are sent to Novita AI to generate form suggestions. We may store your prompt and the generated output to deliver the Service. Novita AI's usage policies apply to AI-processed data.

4. Sharing of Information

We share data only with the following categories of service providers, solely to operate the Service:

• Supabase — database, authentication, and storage
• Dodo Payments — payment processing and subscription management
• Novita AI — AI-powered form generation
• Resend — transactional emails
• PostHog — product analytics and session recording
• Sentry — error tracking and performance monitoring
• Vercel — hosting and serverless execution

We do not sell your personal information to any third party.

We may also disclose data when required by law or to protect our legal rights.

5. Your Role as a Form Owner

When you use Formzet to collect data from your users (respondents), you are the data controller for that data. You are responsible for:

• Providing your respondents with a privacy notice
• Obtaining any required consents (e.g., GDPR, CCPA)
• Ensuring you are lawfully collecting and processing their data
• Handling any respondent access, deletion, or correction requests

Formzet processes respondent data on your behalf as a data processor.

6. Data Retention

We retain your account data for as long as your account is active. Usage metrics, forms, and submissions are retained until you delete them or close your account. Payment transaction records may be retained as required by applicable law.

To request deletion of your account and associated data, contact support@formzet.com.

7. Security

We implement industry-standard security measures including:

• Row-Level Security (RLS) on all database tables
• HTTPS encryption for all data in transit
• Secure authentication (magic links, OAuth)
• Webhook signature verification for all payment events

No system is completely secure. In the event of a breach affecting your data, we will notify you as required by applicable law.

8. International Data Transfers

Formzet uses cloud infrastructure with global data centers. Your data may be stored and processed in data centers outside your country of residence. By using the Service, you acknowledge this.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact hello@formzet.com and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you via email or a notice in the app. Your continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions or data requests:

• General: hello@formzet.com
• Support: support@formzet.com