Back to Pricing
Legal

Privacy Policy

Last Updated: February 5, 2026

1. Introduction

Formailo operates an interactive email forms platform. This Privacy Policy explains how we collect, use, disclose, and protect your information. By using Formailo, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account info: name, email, company, password
  • Billing info: processed by Paddle (we don't store card numbers)
  • Content: forms, email templates, branding
  • Support communications

Automatically Collected

  • Usage data: features used, emails sent, response rates
  • Technical data: IP, browser, device info
  • Cookies and email engagement metrics

3. How We Use Your Information

  • Provide and improve Formailo service
  • Process payments and send receipts
  • Customer support and inquiries
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

We do NOT: sell your data, use form responses for our purposes, or share data except as described here.

4. Legal Basis for Processing (GDPR)

For EU users, we process data based on: Contract (to provide service), Legitimate Interest (fraud prevention, analytics), Consent (marketing, cookies), and Legal Obligation (tax compliance).

5. Data Sharing and Disclosure

We share data only with:

  • Paddle: Payment processing
  • AWS: Hosting and email infrastructure
  • Google Analytics: Usage analytics (anonymized)

We may also share if required by law or during business transfers (with notice).

6. Data Retention

  • Active account: retained while active
  • Deleted account: 90 days then deleted
  • Billing records: 7 years (legal requirement)

7. Data Security

  • TLS/SSL encryption in transit
  • Database encryption at rest
  • Role-based access controls
  • Regular security audits
  • 72-hour breach notification

8. Your Privacy Rights

All users: Access, correct, delete your data; opt-out of marketing; close account.

GDPR (EU): Data portability, restrict processing, object, withdraw consent, lodge complaint.

CCPA (California): Know, delete, opt-out of sale (we don't sell), non-discrimination.

Contact privacy@formailo.com to exercise rights.

9. International Data Transfers

Data may be transferred internationally. We use Standard Contractual Clauses and adequacy decisions to ensure protection.

10. Children's Privacy

Formailo is not for users under 18. We don't knowingly collect children's data.

11. Cookies

Essential: Required for functionality. Analytics: Usage patterns (opt-out available). Preferences: Your settings.

12. Third-Party Links

We're not responsible for external site privacy practices.

13. Policy Changes

We may update this policy. Material changes communicated via email or notice. Continued use = acceptance.

14. Contact Us

Privacy: privacy@formailo.com

DPO: dpo@formailo.com

Related Legal Documents

Terms of ServiceRefund Policy