Privacy Policy

Last updated: December 28, 2025

1. Introduction

Polyform ("we," "us," or "our") operates the website located at polyform.to and the Polyform form builder application (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Definitions

  • Personal Data means data about a living individual who can be identified from that data (or from that data combined with other information in our possession).
  • Usage Data means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (such as page visit duration, device information, and IP address).
  • Cookies are small files stored on your device that help us improve your experience and analyze Service usage.
  • Data Controller means the entity that determines the purposes and means of processing personal data. For your account data, Polyform is the Data Controller.
  • Data Processor means an entity that processes data on behalf of the Data Controller. For form response data you collect, Polyform acts as a Data Processor.
  • Form Responses means data submitted by respondents through forms you create using our Service.

3. Information We Collect

Personal Data

When you use our Service, we may ask you to provide certain personally identifiable information, including:

  • Name and email address
  • Profile information (avatar, timezone, locale preferences)
  • Team information (team name, logo, branding colors)
  • Payment information (processed securely by Polar; we only store subscription status, not payment card details)
  • Communications with us (support requests, feedback)

Usage Data

We automatically collect certain information, including:

  • Device information (browser type, operating system, screen resolution)
  • Approximate location derived from your IP address (country and timezone only; we do not store your IP address)
  • Pages visited and features used
  • Time and date of your visits
  • Browser language and platform

Form Content

We store the forms you create, including questions, settings, themes, and configurations.

Form Responses

When respondents submit data through your forms, that data is stored on our servers. You are the Data Controller for this information, and we process it on your behalf. In addition to the responses themselves, we collect:

  • A hashed browser fingerprint (used for duplicate detection, not tracking)
  • Session identifier
  • Time spent on each question
  • Device and browser metadata
  • Respondent's country and timezone (derived from request headers)

4. How We Collect Information

We collect information in the following ways:

  • Directly from you: When you register, create forms, contact support, or otherwise interact with the Service.
  • Automatically: Through cookies, log files, and similar technologies when you use the Service.
  • From third parties: When you sign in using third-party authentication (Google or GitHub), or through our payment processor (Polar).

5. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process transactions and manage your subscription
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities to improve the Service
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Personalize and improve your experience
  • Power AI features such as form generation and theme generation
  • Send you marketing communications (with your consent, where required)

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your Personal Data based on the following legal grounds:

  • Consent: Where you have given us consent to process your data for specific purposes, such as marketing communications.
  • Contractual Necessity: Where processing is necessary to provide you with our Service under our Terms of Service.
  • Legal Obligation: Where we need to process your data to comply with applicable laws.
  • Legitimate Interests: Where processing is necessary for our legitimate interests (such as improving our Service, preventing fraud, and ensuring security), provided these interests are not overridden by your rights.

7. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party vendors who assist us in operating our Service, such as hosting providers, payment processors, analytics services, and AI providers.
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: If Polyform is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With Your Consent: We may share information with your consent or at your direction.

8. Form Respondent Data

When you collect responses through forms created with our Service, you are the Data Controller for that information. This means:

  • You are responsible for obtaining appropriate consent from respondents.
  • You must provide privacy notices to respondents as required by applicable law.
  • You are responsible for handling respondent data in compliance with applicable data protection laws.
  • You must respond to data subject requests (access, deletion, etc.) from your respondents.

Polyform acts as a Data Processor for form response data, meaning we process this data on your behalf according to your instructions.

9. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication requirements
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Data Retention

We retain your Personal Data for as long as your account is active or as needed to provide you with our Service. We will also retain and use your information as necessary to:

  • Comply with our legal obligations
  • Resolve disputes
  • Enforce our agreements

When you delete your account, we will delete or anonymize your Personal Data within a reasonable timeframe, except where we are required to retain it for legal purposes.

11. Your Rights

Depending on your location, you may have the following rights regarding your Personal Data:

  • Access: Request a copy of the Personal Data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your Personal Data in certain circumstances.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Object: Object to processing of your Personal Data in certain circumstances.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
  • Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at hello@polyform.to.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Service. Specific cookies we use include:

  • tracking-consent: Stores your preference for analytics tracking (required for GDPR compliance).
  • PreferredSignInProvider: Remembers your preferred authentication method (Google or GitHub).
  • Authentication Cookies: Managed by Supabase to maintain your session.
  • Analytics Cookies: Set when you consent to analytics tracking.

You can manage your cookie preferences through our consent banner. Analytics cookies are only set with your explicit consent. You can also instruct your browser to refuse all cookies, but some features of our Service may not function properly without essential cookies.

13. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use.

14. Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect Personal Data from children under 13. If we become aware that we have collected Personal Data from a child under 13 without parental consent, we will take steps to delete that information.

15. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we take appropriate safeguards to protect your information in accordance with this Privacy Policy.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email for significant changes.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: hello@polyform.to