We take your data privacy serious. It is our highest priority to offer a privacy-first solution, both self-hosted and in our managed cloud. We take on considerable additional effort to collect as little data as neccessary and handle it safely and securely.
To avoid confusion, let’s define who we collect data from:
- Researcher: the person who uses the Cloud to create and distribute Formbricks forms and surveys or manage submissions from other forms
- Website visitors: People who visit our marketing landing page
We are data processor, you are data controller
With our Cloud we are a provider of this Service. We are not the owner of the collected personal data from survey respondents. The Researcher (the person who sends out a form i.e. you) is responsible for the data they collect and thus data controller of respondent data.
Data do we collect
This is the information we collect from Website visitors and Researchers as long as you are using our Service:
- Electronical identification data: including anonymized IP address, device & browser data;
- Anonymized information about your use of our website: including how you end up on our website, what actions you perform and the pages you visited.
- Registration information: When you register for an account, we collect your name, username, hashed password and email address.
- Billing information: If you pay for Formbricks, we will ask for your billing details including name, address and financial information depending on your payment method (stored by our payment service provider Stripe)
- Survey data: We store your survey data (questions and responses) for you and provide tools for you to analyse and use this data.
- Error logs: We collect error logs to help us diagnose and fix issues with our service.
How we use your data
Formbricks does not sell personal data to third parties. Generally, we only collect your data with your consent in order to:
- Provide and improve our Service.
- Email you essential updates and offers (only if you're interested).
- Ensure our product works smoothly and fix any issues.
- Respond to legal situations and prevent fraud.
- Let you engage with our Service's interactive features.
- Support you when you need help.
- Track how our Service is used.
- Handle technical problems.
- Manage our relationship with you, including billing.
- Inform you about account changes or renewals.
- Share news and offers about our other services (only if you've shown interest).
- Use data in ways we explain when you provide it.
- Other reasons, but only with your agreement.
Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
We only share your information with our Service providers who help us operate our business, in which case those third parties are also required to comply with the GDPR framework. We worked hard to reduce the number of subprocessors to a minimum and keep your information within the EU. This is a list of the subprocessors we are working with:
|Subprocessor||Data||Use||Server Location||DPA||GDPR Info|
|Vercel Inc.||IP, Browser & Device Information||Hosting||🇩🇪||DPA signed||GDPR Info|
|AWS||Email Address||🇩🇪||Part of ToS||GDPR Info|
|PostHog EU||Anon. IP, Browser & Device Information||Product Analytics||🇩🇪||DPA signed||GDPR Info|
|Stripe||Billing Information||Payments||🇺🇸||Part of ToS||GDPR Info|
|Sentry||Error Logs||Error Tracking||🇺🇸||DPA signed||GDPR Info|
If you are a Formbricks Researcher we do not delete the data in your account. You can delete data in your Formbricks account. You are responsible for the time period for which you store the data.
If you are a Respondent, you will need to ask the Researcher how long your responses will be stored in Formbricks.
All form data which has been deleted by the form Researcher is permanently deleted from our back-ups within 90 days.
Researcher's data protection rights
Formbricks Researchers can exercise their rights directly with us.
If you’ve submitted your personal data through a Formbricks form, the Researcher who created the form is responsible for the collected data. Formbricks only processes the data. Respondents should contact the person or organization which created the form. If this isn't possible, please contact us. We'll help in any way we can.
Researcher's Rights Under GDPR
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at GDPR Official Site.
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have on you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests. Additionally, we may not be able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Researcher's Data Protection Rights under CalOPPA
According to CalOPPA we agree to the following:
- Users can visit our site anonymously.
- Users are able to change their personal information by emailing us at email@example.com
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Your Data Protection Rights under CCPA
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
- What personal information we have about you.
- The categories of personal information we have collected about you.
- The categories of sources from which we collect your personal information.
- The business or commercial purpose for collecting or selling your personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we have collected about you.
- A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
- A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
To exercise your California data protection rights described above, please send your request(s) by email to firstname.lastname@example.org.
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
If Researchers register to Formbricks, we may send them emails about company news, updates, related product or service information, etc. Researchers can always opt out of the email communications.
- Keeping you signed in
- Understanding how you use our product
What types of cookies does Formbricks use?
How can you block or eliminate cookies?
Formbricks is based in the EU and all form and user data is stored in Germany, EU. Only billing information processed by Stripe Inc. and anonymized personal data neccessary to provide this Service may be transfered overseas.
Users Acceptance Of These Terms
By using Formbricks, Researchers signify their acceptance of this policy. If Researchers do not agree to this policy, they should not use Formbricks. Researchers continued use of Formbricks following the posting of changes to this policy will be deemed their acceptance of those changes.
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.
Please use the following contact information for privacy inquiries: