GudForm

Privacy Policy

Last updated: February 19, 2026

This Privacy Policy describes how GudForm ("we," "us," or "our") collects, uses, and protects your information when you use our form builder platform.

1. Overview

GudForm is a form builder that lets you create forms, collect responses, and integrate with your tools. We process data in two capacities: (1) as a controller for account and platform data, and (2) as a processor for form response data that you collect from your respondents.

2. Data We Collect

Account and Platform Data

When you sign up and use GudForm, we collect:

  • Account information — Name, email address, and (if you use email/password auth) a hashed password. If you sign up with OAuth (e.g., Google), we receive your email and name from the provider
  • Billing information — For paid plans, Stripe processes payment details. We store Stripe customer and subscription IDs, but not full card numbers
  • API keys — If you create API keys, we store hashed keys and metadata (e.g., name, last used)
  • Integration configuration — OAuth tokens, webhook URLs, and config for integrations you install (e.g., Google Sheets, Slack)
  • Usage data — Form and response counts, feature usage, and basic analytics to operate and improve the Service
  • Support communications — Emails and messages you send when contacting support

Form Response Data (Data You Collect)

When respondents submit your forms, we process that data on your behalf. This may include:

  • Answers to form questions (text, choices, ratings, dates, etc.)
  • File uploads (e.g., images, PDFs) stored securely
  • Technical metadata — IP address, user agent, referrer (optional, used for analytics and fraud prevention)
  • Payment data — If you collect payments via forms, Stripe processes the payment; we do not store full card details

You are the data controller for form response data. We act as your processor and store/process it according to your instructions (e.g., delivery via webhooks, integrations).

3. How We Use Your Data

  • Provide, operate, and maintain the Service
  • Process billing and subscriptions
  • Deliver form responses to you (dashboard, exports, webhooks, integrations)
  • Send transactional emails (e.g., magic links, receipts, notifications)
  • Support your account and respond to inquiries
  • Improve the Service and develop new features
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with legal obligations

4. Third-Party Services

We use the following categories of third-party services:

  • Hosting and database — Your data is stored on cloud infrastructure (e.g., PostgreSQL/Neon, file storage)
  • Authentication — OAuth providers (e.g., Google) for sign-in; we receive limited profile data
  • Email — Resend (or similar) for transactional emails (magic links, notifications, auto-responders)
  • Payments — Stripe for subscriptions and form payment collection; Stripe's privacy policy applies to payment data
  • Analytics — We may use privacy-friendly analytics to understand usage patterns

Integrations you install (e.g., Google Sheets, Slack) may receive form response data according to your configuration. Their privacy policies apply to that processing.

5. Data Retention

  • Account data — Retained while your account is active; deleted or anonymized after termination, subject to legal hold requirements
  • Form response data — Retained until you delete it or close your account; you can export data before deleting
  • Backups and logs — May be retained for a limited period for security and recovery

6. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and secure authentication. API keys are hashed. We do not use cookie-tracking for advertising.

7. Your Rights

Depending on your location, you may have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your personal data
  • Portability — Receive your data in a structured format
  • Object or restrict processing — In certain circumstances
  • Withdraw consent — Where processing is based on consent

To exercise these rights, contact us at support@gudform.com. You may also delete your account from your account settings. If you are in the EEA/UK, you have the right to lodge a complaint with your supervisory authority.

8. Data Controller Responsibilities (Form Creators)

When you collect data through forms, you are the data controller. You must:

  • Provide a privacy notice to respondents explaining what you collect and why
  • Obtain necessary consent or rely on a lawful basis (e.g., legitimate interest)
  • Handle data subject requests (access, deletion, etc.) for your form responses
  • Comply with applicable laws (GDPR, CCPA, etc.)

We provide tools (e.g., data export, deletion) to help you fulfill these obligations.

9. Cookies and Similar Technologies

We use essential cookies for authentication, session management, and security. We may use analytics cookies to understand usage; we do not use advertising cookies or sell your data to advertisers.

10. International Transfers

Your data may be processed in regions outside your country. We use appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK where required.

11. Children

The Service is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top reflects the most recent version.

13. Contact

For privacy-related questions or to exercise your rights, contact us at support@gudform.com.

← Back to GudForm