GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation that was implemented in the European Union (EU). It replaced the Data Protection Directive 95/46/EC and introduced significant changes to how personal data is processed and protected within the EU. If you process the data that belong to users from European Union (EU), then you should comply with GDPR. This is irrespective of the location of your business.

FormApe is GDPR compliant. We take all possible steps to protect users privacy and data. Though GDPR applies to the personal data of people in the EU, we at FormApe apply the measures across for all the users.

Compliance measures

FormApe's privacy policy describes what information we collect and how we handle it.

All form data is encrypted in transit.

All form data is encrypted at rest, when stored in our database.

Data is stored in Virginia, US. Our subprocessor for hosting data is DreamHost and it is GDPR compliant. GDPR does not explicitly mandate that data must be hosted in the European Union (EU). However, it does impose certain restrictions and requirements on the transfer of personal data outside of the EU to ensure that the data enjoys a level of protection equivalent to what it would have within the EU. Under GDPR, when personal data is transferred from the EU to a country or organization outside the EU, the data controller or processor must ensure that the data is adequately protected.

DreamHost's data processing addendum (DPA) for your view.

We provide a data processing agreement for our registered members. If you require one, please email to vincy@formape.com

Form data

FormApe is a tool to create an online form. We help you create a form, and host it. You can collect responses from the form. So, the registered member, form creator is the "data controller" for the respective collected responses. We (FormApe) is the data processor. You as the data controller have complete control over the data collected.

• You have the option to either store responses in the database or not store them.
• You can decide to receive responses via email or disable this feature.
• You have the ability to delete specific responses or all responses. All deletions are permanent and result in the complete erasure of data. We do not retain data in the database without your knowledge.
• You can export all form data whenever you choose to, directly from your account.
• All form data is encrypted and then stored in the database to ensure security.
• You can request the complete deletion of your account, including all associated data. We will promptly and permanently delete your account and its data.
• We maintain cyclic automated backups for business continuity, but these backups are also permanently deleted after 90 days.

Analytics and tracking

We use Google Analytics in our public website to know the traffic we get. The FormApe software does not uses it.

In the FormApe application, we do not track or analyze users using tools, software, or any other means. We also do not grant access to any third-party for the purpose of tracking application users, whether for metrics or any other purposes. Your privacy and data security are our top priorities, and we do not engage in user tracking or data sharing with external entities.

Our subprocessors

DreamHost is our hosting provider. DreamHost is GDPR compliant.

Stripe is our payment gateway provider. Stripe processess data in confirmation with the GDPR regulations.

How to create a GDPR complaint form using FormApe?

To ensure compliance with GDPR, it's essential to obtain explicit consent from users before collecting their data via a form. In FormApe, we provide out of the box support for your forms. You can achieve this by including the "GDPR" field type from the list of available fields to your form with a simple click. When a user provides consent through this field, you will record their explicit consent, along with associated data, and share this information with you as the data controller.

As the data controller, you have full control over the data collected, including the ability to export or delete it as needed. This approach aligns with best practices for ensuring user consent and data protection in accordance with GDPR and other relevant data privacy regulations.

Contact

If you have any additional inquiries concerning FormApe's GDPR compliance or related functionalities, please feel free to reach out to us via the email address vincy@formape.com.