Skip links
Login
Create FREE Form
Create Form

Privacy Policy

Privacy Policy Last Updated: April 28, 2025 Welcome to Buildform! We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our form‑building platform anywhere in the world. It also outlines the choices and rights available to you.

1. Who We Are

Buildform (“we,” “us,” “our”) provides no‑code tools for creating, managing, and storing online forms at https://buildform.ai. We operate globally and strive for full transparency in how we handle data.

2. User Categories and the Data We Handle

User type Role under data‑protection law Data we collect/handle
Form Owners (account holders) Controller • First & last name • Email address • Profile picture (optional) • Billing metadata • Google Drive scope (if connected) • Usage & diagnostic data
Form Responders (people who fill out a form) Processor on behalf of the Form Owner • Form responses and any files the responder uploads
We never create accounts for Form Responders, send them marketing, or otherwise repurpose their data. Form Owners are solely responsible for obtaining any required consents from responders.

3. Information We Collect From Form Owners

  1. Personal information: name, email, optional profile image.
  2. OAuth data (Google Drive): limited to the files and scopes you explicitly grant.
  3. Usage & diagnostic data: IP address, device type, OS, browser, referring URLs, pages viewed, and session duration.
  4. Payment data: processed by Stripe; we never store full card numbers.
  5. Third‑party service identifiers: Clerk (authentication), Brevo (transactional email).

4. How We Use Your Information

  • Provide, maintain, and support your Buildform account.
  • Facilitate form creation, response storage, and integrations (e.g., Google Drive).
  • Monitor performance, troubleshoot errors, and improve features.
  • Send service notices and (with your opt‑in) newsletters or promotions.
  • Detect, prevent, and mitigate fraud or security incidents.
  • Fulfil legal or contractual obligations.

5. Google User‑Data Disclosure

We access Google Drive only when you connect your account for Google Sheets Integration:
  • Read: import or reference existing files.
  • Write: create or update files generated by Buildform.
  • We never share Google data with third parties without your explicit direction.
  • Access can be revoked at any time in your Google security settings.
Our use complies with Google API Services User‑Data Policy, including the Limited Use requirements.

6. Cookies & Similar Technologies

We use:
  • Essential cookies – required for login and core site functions.
  • Analytics cookies (Google Analytics, Microsoft Clarity) – to understand aggregate usage patterns. You can block or delete cookies in your browser settings. A cookie‑consent banner is scheduled for release soon to give you fine‑grained control.

7. Data Storage, Infrastructure & Security

Layer Provider Region(s) Safeguards
Object & file storage AWS S3 US Server‑side encryption (SSE‑S3)
Primary database MongoDB Atlas US/ EU/ Asia Encryption‑at‑rest & in‑transit, VPC peering
Compute / serverless AWS US/ EU/ Asia IAM least‑privilege roles, runtime isolation
CDN & WAF Cloudflare Global edge network TLS 1.3, DDoS protection
Additional controls:
  • All traffic is forced over HTTPS.
  • Secrets are stored in AWS Secrets Manager and rotated regularly.
  • Quarterly vulnerability scans and annual third‑party penetration tests.
  • If a data breach occurs, we will notify affected users and regulators as required by law.

8. Your Rights & Choices

Depending on your jurisdiction, you can:
  1. Access the personal data we hold about you.
  2. Request correction of inaccurate information.
  3. Delete your account (we retain backups for up to 90 days).
  4. Download your form data at any time.
  5. Object to or restrict certain processing.
  6. Opt out of marketing emails by clicking unsubscribe.
Contact hello@buildform.ai to exercise these rights.

9. Data Retention

  • Form Owners – account data retained while the account is active plus 90 days.
  • Form Responders – retained only as long as the Form Owner keeps it or instructs deletion.
  • Usage logs – 24 months, then aggregated or deleted.

10. International Data Transfers

All primary storage is in the United States. If we transfer data outside your region, we rely on legally recognised safeguards (e.g., Standard Contractual Clauses).

11. Business Transfers

In the event of a merger, acquisition, or asset sale, we will notify you and honour any pre‑existing privacy commitments before personal data is transferred or becomes subject to a different policy.

12. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect their data. If you believe a child has provided personal information, please email us so we can delete it promptly.

13. Use of AI Technologies

Certain features use OpenAI APIs to generate content based on the text you provide. We transmit only the relevant prompt data; we do not feed entire databases or responder submissions into these models. AI outputs are offered “as is” and should be reviewed before use. 

14. External Links

Our platform may contain links to external sites we do not control. We recommend reviewing the privacy practices of every site you visit.

15. Changes to This Policy

We may occasionally update this Privacy Policy. Material changes will be announced via email and a notice on the dashboard. The “Last Updated” date at the top reflects the most recent revision.

16. Contact Us

Questions about this Policy or your personal data? Email hello@buildform.ai. Thank you for trusting Buildform with your data.