FormLab LogoFormLab.AI
Join

Privacy Policy

At FormLab.AI, we are committed to protecting your privacy and ensuring the security of your personal information. This policy outlines our practices concerning the collection, use, and sharing of your data.

Effective Date: December 22, 2024

Information Collection

We collect information from both Form Creators (name, email, payment info) and Form Respondents (form submissions). All data is processed securely through our trusted infrastructure providers including Vercel, Supabase, and planned European servers on Hetzner.

AI Processing & Features

Our Service includes AI-powered features that process form submission data. We implement data minimization principles, ensure secure processing, and maintain transparency about all AI processing activities.

Geographic Compliance

We comply with GDPR requirements for EU users and CCPA requirements for California residents, ensuring data protection rights including access, deletion, and portability across all jurisdictions.

Data Security

We implement robust security measures including encryption in transit and at rest, access controls, regular security assessments, and employee training to protect your information.

Your Rights

You have the right to access, correct, delete your data, and object to processing. We provide data portability options and honor consent withdrawal requests as per applicable regulations.

Policy Updates

We may update this policy periodically and will notify users of material changes through email and website notifications, always indicating the effective date of any updates.

Detailed Privacy Information

1. Introduction

Welcome to FormLab.AI ("us", "we", "our", or "FormLab.AI"), an AI-First Form Builder and Online Survey Management platform operated by GIGABRAINLAB LLC. This Privacy Policy explains how we collect, use, process, and protect your information when you use our service.

2. Key Terms and Definitions

  • Service: The FormLab.AI platform, including all features and functionalities
  • Form Creator: Any person or entity that creates and manages forms using our Service
  • Respondent: Any person who responds to forms created through our Service
  • Personal Data: Any information relating to an identified or identifiable natural person
  • AI Processing: The use of artificial intelligence to process and analyze form data

3. Information We Collect

3.1 Form Creators

  • Full name
  • Email address
  • IP address
  • Payment information (for paid plans)
  • Usage data and platform interactions
  • Error logs and diagnostic information

3.2 Form Respondents

The information collected from respondents depends on the form configuration set by the Form Creator, but may include:

  • Full name
  • Email address
  • IP address
  • Any additional information requested in the form

3.3 Log Data

We collect Log Data whenever you interact with our Service. This includes:

  • Internet Protocol (IP) address
  • Browser type and version
  • Pages visited within our Service
  • Timestamp of visits
  • Time spent on each page
  • Device information
  • Operating system details
  • Diagnostic information

4. Cookies

Cookies are small text files containing data that are stored on your device when you use our Service. We use cookies to maintain session information, remember preferences, improve functionality, enable offline capabilities, and analyze usage. You can control cookie settings through your browser preferences, though this may affect certain features.

5. How We Use Your Information

  • Providing and maintaining our Service
  • Processing and analyzing form submissions
  • Facilitating AI-powered insights and analytics
  • Processing payments and managing subscriptions
  • Sending service-related communications
  • Improving and optimizing our Service
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations

6. Data Processing and Storage

6.1 Data Storage

Your data is primarily stored on secure servers through our infrastructure providers:

  • Vercel (hosting)
  • Supabase (database)
  • Future planned migration to Hetzner (European servers)

6.2 Service Providers

We partner with carefully selected third-party service providers:

Infrastructure and Hosting:

  • Vercel: Application hosting
  • Supabase: Database services
  • Hetzner (planned): European server infrastructure

Analytics and Monitoring:

  • Datafa.st: Web analytics
  • Sentry: Error tracking and monitoring

Communication and Processing:

  • Resend/Loops: Email communications
  • Stripe: Payment processing
  • Google/OpenAI/Anthropic: AI inference services

7. AI Processing and Data Protection

7.1 AI Features

Our Service includes AI-powered features that process form submission data. We are committed to:

  • Implementing data minimization principles
  • Processing data securely and confidentially
  • Transitioning to metadata-only processing where possible
  • Maintaining transparency about AI processing activities

8. Security

We implement industry-standard security measures to protect your information:

Technical Measures:

  • End-to-end encryption for data transmission
  • Secure data storage with encryption at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication options
  • Automated threat detection and prevention

Organizational Measures:

  • Regular security training for staff
  • Strict access control policies
  • Data handling procedures and guidelines
  • Incident response plans
  • Regular security assessment and updates

While we implement these security measures, please note that no method of electronic storage or transmission over the internet is 100% secure. We strive for continuous security improvement but cannot guarantee absolute security.

9. Data Retention

  • We retain Form Creator data for the duration of the account's active status
  • Form submission data is retained according to Form Creator specifications
  • Account deletion will trigger data removal from our primary systems
  • Backup retention may extend up to 90 days after deletion

10. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access your personal information
  • Correct inaccurate data
  • Request data deletion
  • Object to data processing
  • Data portability
  • Withdraw consent

11. Geographic Compliance

11.1 GDPR Compliance (EU Users)

We comply with GDPR requirements for EU users, including:

  • Lawful basis for processing
  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Rights enforcement

11.2 CCPA Compliance (California Users)

California residents have specific rights under CCPA, including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of personal information sales
  • Right to non-discrimination

12. Links to Other Sites

Our Service may include links to external websites or services. Please note:

  • We do not control these external sites
  • We are not responsible for their content or practices
  • Their privacy policies may differ from ours
  • We recommend reviewing their privacy policies
  • Your interactions with these sites are governed by their terms

13. Children's Privacy

FormLab.AI does not knowingly collect or process data from children under 13 years of age. Our commitment to protecting children's privacy includes:

  • Age verification measures during account creation
  • Immediate deletion of any identified underage user data
  • Prompt response to parental/guardian notifications
  • Cooperation with legal guardians to remove information
  • Support for parental consent verification

If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected] for immediate assistance.

14. Changes to This Privacy Policy

We regularly review and update our Privacy Policy to reflect:

  • Service improvements
  • Legal requirements
  • User feedback
  • Industry best practices
  • Technological advances

When we make changes:

  • We'll update the "Effective Date" at the top
  • We'll post prominent notices on our Service
  • We'll email significant changes to registered users
  • Previous versions will be archived and available upon request
  • Changes become effective when posted

We recommend reviewing this policy periodically to stay informed about our privacy practices.

Contact Us

For any questions about this Privacy Policy, please contact us:

By email: [email protected]

Address: GIGABRAINLAB LLC

1603 CAPITOL AVE SUITE 413G-819

CHEYENNE, WYOMING, 82001