formkoalaforms that feel like magic ✨
Last updated: June 25, 2025

Privacy Policy

Your privacy is fundamental to our mission. Learn how FormKoala collects, uses, and protects your information with transparency and care.

Transparent

Clear about what we collect

Secure

Industry-leading protection

Your Control

Manage your data anytime

Compliant

GDPR, CCPA, SOC 2

Our Commitment to Your Privacy

At FormKoala, we understand that you're trusting us with important information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We're committed to being transparent about our data practices and giving you control over your information.

This policy applies to all FormKoala services, including our web application, mobile apps, APIs, and any other services we offer. By using FormKoala, you agree to the collection and use of information in accordance with this policy.

We regularly review and update this policy to reflect changes in our practices, technology, and legal requirements. We'll notify you of any material changes through our platform or via email.

Information We Collect

Personal Information

  • Name, email address, and contact details when you create an account
  • Billing information for subscription services
  • Company information for business accounts
  • IP address and device information

Usage Data

  • Form creation and submission data
  • Feature usage patterns and preferences
  • Integration and API usage statistics
  • Performance and error logs

Communications

  • Support tickets and correspondence
  • Feedback and survey responses
  • Marketing preferences and interactions

How We Use Your Information

Service Delivery

  • Provide and maintain FormKoala services
  • Process transactions and manage subscriptions
  • Send service-related notifications
  • Provide customer support

Improvement & Development

  • Analyze usage patterns to improve features
  • Develop new functionality based on user needs
  • Conduct research and analytics
  • Personalize user experience

Communication

  • Send product updates and announcements
  • Share educational content and best practices
  • Marketing communications (with consent)
  • Security and compliance notifications

Data Security

Technical Measures

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • ISO 27001 certified infrastructure

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Regular access reviews and updates
  • Principle of least privilege

Operational Security

  • 24/7 security monitoring
  • Incident response procedures
  • Regular security training for staff
  • Vendor security assessments

Data Sharing & Third Parties

Service Providers

  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Analytics services (with anonymization)
  • Customer support tools

Legal Requirements

  • Compliance with legal obligations
  • Response to valid legal requests
  • Protection of rights and safety
  • Business transfers or acquisitions

Your Consent

  • With your explicit consent
  • For features you choose to enable
  • Aggregated and anonymized data
  • Public information you choose to share

Your Rights & Choices

Access & Control

  • Access your personal information
  • Update or correct your data
  • Download your data (data portability)
  • Delete your account and data

Communication Preferences

  • Opt-out of marketing emails
  • Manage notification settings
  • Control cookie preferences
  • Update communication channels

Privacy Rights

  • Right to be informed about data use
  • Right to restrict processing
  • Right to object to certain uses
  • Right to lodge a complaint

Data Retention

Active Accounts

  • Personal data retained while account is active
  • Form data retained per your settings
  • Submission data retained for 90 days after deletion
  • Backups retained for 30 days

Inactive Accounts

  • Accounts inactive for 2 years may be deleted
  • Prior notification before deletion
  • Option to export data before removal
  • Legal retention requirements may apply

International Data Transfers

FormKoala operates globally, and your information may be transferred to, stored, and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that your information remains protected.

  • EU-US Data Privacy Framework certified
  • Standard Contractual Clauses for international transfers
  • Data localization options for enterprise customers

Children's Privacy

FormKoala is not intended for use by children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child, please contact us immediately.

Contact Us

Email

privacy@formkoala.com

Data Protection Officer dpo@formkoala.com

Updates

Subscribe to privacy updates and policy changes

Have Questions About Our Privacy Practices?

We're here to help. Contact our privacy team for any questions or concerns about how we handle your data.

Contact Privacy TeamPrivacy Documentation