Legal

Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last updated: May 1, 2026

1. Information We Collect

Account Information

When you create a QuipForm account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub OAuth, we receive your profile name and email from those providers.

Form Data

We store the forms you create (questions, settings, themes) and the submissions your respondents provide. File uploads are stored in encrypted cloud storage (Cloudflare R2).

Usage Data

We automatically collect basic analytics: pages viewed, features used, browser type, device type, and approximate location (country level). We use this data solely to improve the product.

2. How We Use Your Information

  • To provide, maintain, and improve the QuipForm service
  • To send transactional emails (submission notifications, password resets)
  • To process payments through our merchant of record (Lemon Squeezy)
  • To detect and prevent fraud, abuse, or security incidents
  • To respond to your support requests

We never sell your personal data to third parties. We never use your form submissions data for advertising or profiling.

3. Data Sharing

We share data only with the following categories of service providers:

  • Supabase — database hosting and authentication
  • Cloudflare — CDN, DNS, and file storage (R2)
  • Resend — transactional email delivery
  • Lemon Squeezy — subscription billing and payment processing
  • Vercel — application hosting

Each provider processes data under a data processing agreement (DPA) and is contractually bound to use your data only to provide services to us.

4. Data Retention

We retain your account data and form data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days, except where we are legally required to retain it (e.g., financial transaction records for tax compliance).

5. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. Passwords are hashed with bcrypt and never stored in plaintext.

6. Your Rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data in a portable format (CSV)
  • Object to or restrict certain processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@quipform.com.

7. Children's Privacy

QuipForm is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

If you have questions about this Privacy Policy, contact us at hello@quipform.com.