We take your data privacy serious. It is our highest priority to offer a solution, both self-hosted and in our managed cloud. We take on considerable additional effort to collect as little data as neccessary and handle it safely and securely.
To avoid confusion, let’s define who we collect data from:
- Researcher: the person who uses the Cloud to create and distribute Formbricks forms and surveys or manage submissions from other forms
- Website visitors: People who visit our marketing landing page
We are data processor, you are data controller
With our Cloud we are a provider of this service. We are not the owner of the collected personal data from survey respondents. The Researcher (the person who sends out a form i.e. you) is responsible for the data they collect and thus data controller of respondent data.
2. What data do we collect
This is the information we collect from Website visitors and Researchers as long as you are using our service:
- Electronical identification data: including anonymized IP address, device & browser data;
- Anonymized information about your use of our website: including how you end up on our website, what actions you perform and the pages you visited.
- Registration information: When you register for an account, we collect your name, username, hashed password and email address.
- Billing information: If you pay for Formbricks, we will ask for your billing details including name, address and financial information depending on your payment method (stored by our payment service provider Stripe)
- Form data: We store your form data (questions and responses) for you and provide tools for you to use this data.
3. How we use your data
Formbricks does not sell personal data to third parties. Generally, we only collect your data with your consent in order to:
- Deliver our service to you
- To improve your user experience
- To email you with essential product updates
- To troubleshoot product functionality and fix bugs
- To respond to legal requests or prevent fraud
4. Data Subprocessors
We only share your information with our service providers who help us operate our business, in which case those third parties are also required to comply with the GDPR framework. We worked hard to reduce the number of subprocessors to a minimum and keep your information within the EU. This is a list of the subprocessors we are working with:
|Subprocessor||Data||Use||Server Location||DPA||GDPR Info|
|Vercel Inc.||IP, Browser & Device Information||Hosting||🇩🇪||DPA signed||GDPR Info|
|AWS||Email Address||🇩🇪||Part of ToS||GDPR Info|
|PostHog EU||Anon. IP, Browser & Device Information||Product Analytics||🇩🇪||DPA signed||GDPR Info|
|Stripe||Billing Information||Payments||🇺🇸||Part of ToS||GDPR Info|
5. Data retention
If you are a Formbricks Researcher we do not delete the data in your account. You can delete data in your Formbricks account. You are responsible for the time period for which you store the data.
If you are a Respondent, you will need to ask the Researcher how long your responses will be stored in Formbricks.
All form data which has been deleted by the form Researcher is permanently deleted from our back-ups within 90 days.
6. Your data protection rights
Formbricks Researchers can exercise their rights directly with us.
If you’ve submitted your personal data through a Formbricks form, the Researcher who created the form is responsible for the collected data. Formbricks only processes the data. Respondents should contact the person or organization which created the form. If this isn't possible, please contact us. We'll help in any way we can.
If Researchers register to Formbricks, we may send them emails about company news, updates, related product or service information, etc. Researchers can always opt out of the email communications.
- Keeping you signed in
- Understanding how you use our product
What types of cookies does Formbricks use?
How can you block or eliminate cookies?
9. Data Transfers
Formbricks is based in the EU and all form and user data is stored in Germany, EU. Only billing information processed by Stripe Inc. and anonymized personal data neccessary to provide this service may be transfered overseas.
10. Users Acceptance Of These Terms
By using Formbricks, Researchers signify their acceptance of this policy. If Researchers do not agree to this policy, they should not use Formbricks. Researchers continued use of Formbricks following the posting of changes to this policy will be deemed their acceptance of those changes.
Please use the following contact information for privacy inquiries:
Johannes Dancker & Matthias Nannt