Documentation

Resources

GDPR & Formflow

Documentation

Resources

GDPR & Formflow

Documentation

GDPR & Formflow

This page does not serve as legal advice. Please consult with your legal advisor to determine how GDPR applies to your business.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that grants EU citizens and residents control over their personal data. It outlines how companies must collect, store, and process personal data, ensuring transparency, security, and accountability.

Does it affect you?

If you collect or process personal data from individuals in the EU, the GDPR applies to you—no matter where your business is located.

Is Formflow GDPR Compliant?

Yes. Formflow complies with the GDPR framework and takes the privacy and security of your data seriously.

Here are some of the measures we take:

  • Transparent privacy policy — Our Privacy Policy explains what data we collect, how it’s used, retention policies, and your data rights.

  • Data encryption — All form data is encrypted both in transit and at rest.

  • Secure storage — Your form data is stored in trusted, GDPR-compliant data centers.

  • Data accessibility & control — You have full control over the data you collect, store, and manage within Formflow.

  • Data Processing Agreement (DPA) — Available to all professional users.

For more details, please review our Privacy Policy.

Do you have a Data Processing Agreement (DPA)?

Yes. By agreeing to our Terms of Service when creating a Formflow account, professional users also agree to the content of our DPA and accept to be bound by it.
It is not necessary to sign the document separately.

What happens with form data?

Formflow provides the platform to collect form responses, but we are not the owner of the collected data.

  • Form creators are the data controllers of the responses they collect.

  • Formflow acts as the data processor, storing the data on behalf of form creators.

As long as your account is active, you maintain full control of your collected data and how long you retain it.

You can:

  • Export or delete form responses at any time.

  • Permanently delete your account and all associated data.

  • Rely on our process that ensures all deletions are reflected in backups within 90 days.

(Coming soon: automated data retention tools that allow you to set submission expiration periods.)

How do you use my personal data?

Formflow acts as a data controller for the information you provide to us as a customer (e.g., your registration details).

  • We do not sell personal data to third parties.

  • We do not use your data for advertising.

  • We only share information with trusted service providers who help us operate Formflow, and they are required to comply with GDPR.

👉 If you have questions about how Formflow handles your data, feel free to reach us at [email protected].

Table of contents