Privacy Policy

Introduction

We take your data privacy serious. It is our highest priority to offer a privacy-first solution, both self-hosted and in our managed cloud. We take on considerable additional effort to collect as little data as neccessary and handle it safely and securely.

This Privacy Policy explains how and why our organization collects personal data and how it is used. If you have any questions after reading this Privacy Policy, feel free to contact us at privacy@formbricks.com

Important Notice

This Privacy Policy only applies to the Formbricks Cloud under app.formbricks.com (”Cloud”) and our Landing Page under formbricks.com. (”Landing Page”) If you are self-hosting our open source tool on your own servers, this Privacy Policy does not apply.

Definitions

To avoid confusion, let’s define who we collect data from:

  • Researcher: the person who uses the Cloud to create and distribute Formbricks forms and surveys or manage submissions from other forms
  • Website visitors: People who visit our marketing landing page

We are data processor, you are data controller

With our Cloud we are a provider of this Service. We are not the owner of the collected personal data from survey respondents. The Researcher (the person who sends out a form i.e. you) is responsible for the data they collect and thus data controller of respondent data.

Data do we collect

This is the information we collect from Website visitors and Researchers as long as you are using our Service:

  • Electronical identification data: including anonymized IP address, device & browser data;
  • Anonymized information about your use of our website: including how you end up on our website, what actions you perform and the pages you visited.
  • Registration information: When you register for an account, we collect your name, username, hashed password and email address.
  • Billing information: If you pay for Formbricks, we will ask for your billing details including name, address and financial information depending on your payment method (stored by our payment service provider Stripe)
  • Survey data: We store your survey data (questions and responses) for you and provide tools for you to analyse and use this data.
  • Error logs: We collect error logs to help us diagnose and fix issues with our service.

How we use your data

Formbricks does not sell personal data to third parties. Generally, we only collect your data with your consent in order to:

  • Provide and improve our Service.
  • Email you essential updates and offers (only if you're interested).
  • Ensure our product works smoothly and fix any issues.
  • Respond to legal situations and prevent fraud.
  • Let you engage with our Service's interactive features.
  • Support you when you need help.
  • Track how our Service is used.
  • Handle technical problems.
  • Manage our relationship with you, including billing.
  • Inform you about account changes or renewals.
  • Share news and offers about our other services (only if you've shown interest).
  • Use data in ways we explain when you provide it.
  • Other reasons, but only with your agreement.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Data Subprocessors

We only share your information with our Service providers who help us operate our business, in which case those third parties are also required to comply with the GDPR framework. We worked hard to reduce the number of subprocessors to a minimum and keep your information within the EU. This is a list of the subprocessors we are working with:

SubprocessorDataUseServer LocationDPAGDPR Info
Vercel Inc.IP, Browser & Device InformationHosting🇩🇪DPA signedGDPR Info
AWSEmail AddressEmail🇩🇪Part of ToSGDPR Info
PostHog EUAnon. IP, Browser & Device InformationProduct Analytics🇩🇪DPA signedGDPR Info
StripeBilling InformationPayments🇺🇸Part of ToSGDPR Info
SentryError LogsError Tracking🇺🇸DPA signedGDPR Info
Customer.ioEmail Address, User Interaction DataMarketing and Communication🇪🇺DPA signedGDPR Info

Data retention

If you are a Formbricks Researcher we do not delete the data in your account. You can delete data in your Formbricks account. You are responsible for the time period for which you store the data.

If you are a Respondent, you will need to ask the Researcher how long your responses will be stored in Formbricks.

All form data which has been deleted by the form Researcher is permanently deleted from our back-ups within 90 days.

Researcher's data protection rights

Formbricks Researchers can exercise their rights directly with us.

If you’ve submitted your personal data through a Formbricks form, the Researcher who created the form is responsible for the collected data. Formbricks only processes the data. Respondents should contact the person or organization which created the form. If this isn't possible, please contact us. We'll help in any way we can.

Researcher's Rights Under GDPR

If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at GDPR Official Site.

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at hola@formbricks.com.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests. Additionally, we may not be able to provide Service without some necessary data.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Researcher's Data Protection Rights under CalOPPA

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at CalOPPA Official Site.

According to CalOPPA we agree to the following:

  • Users can visit our site anonymously.
  • Our Privacy Policy link includes the word “Privacy”, and can easily be found on the home page of our website.
  • Users will be notified of any privacy policy changes on our Privacy Policy Page.
  • Users are able to change their personal information by emailing us at hola@formbricks.com

Our Policy on “Do Not Track” Signals:

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Data Protection Rights under CCPA

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

  • What personal information we have about you.
  • The categories of personal information we have collected about you.
  • The categories of sources from which we collect your personal information.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we share personal information.
  • The specific pieces of personal information we have collected about you.
  • A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
  • A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.

Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.

To exercise your California data protection rights described above, please send your request(s) by email to hola@formbricks.com.

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.

Marketing

If Researchers register to Formbricks, we may send them emails about company news, updates, related product or service information, etc. Researchers can always opt out of the email communications.

Cookies

Cookies are small text files that are placed on your computer or mobile device by websites you visit. They are widely used in order to make a website work, or work more efficiently, as well as to provide information to the owners of the site. Formbricks uses cookies to improve your experience on our website and with our product.

Formbricks uses cookies to improve your user experience, including:

  • Keeping you signed in
  • Understanding how you use our product

What types of cookies does Formbricks use?

Required cookies: Certain cookies are necessary in order for the website to operate correctly and remain secure. For example, we use cookies to authenticate you. When you log on to our website, authentication cookies are set which let us know who you are during a browsing session. We have to load essential cookies for legitimate interests pursued by us in delivering our Sites essential functionality to you.

How can you block or eliminate cookies?

We only use cookies when you are logged into our Service. You can allow, eliminate, or block cookies within your browser. If you block all cookies, some websites will not work properly anymore.

Data Transfers

Formbricks is based in the EU and all form and user data is stored in Germany, EU. Only billing information processed by Stripe Inc. and anonymized personal data neccessary to provide this Service may be transfered overseas.

Users Acceptance Of These Terms

By using Formbricks, Researchers signify their acceptance of this policy. If Researchers do not agree to this policy, they should not use Formbricks. Researchers continued use of Formbricks following the posting of changes to this policy will be deemed their acceptance of those changes.

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Changes to our Privacy Policy

We can make changes to this Privacy Policy from time to time. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will send a notice of this change to all of our account holders.

We keep our privacy policy under regular review and will place any updates on this web page. This privacy policy was last updated on 23rd January 2024.

Contact

Please use the following contact information for privacy inquiries:

privacy@formbricks.com

Formbricks GmbH
Kuhnkestr. 6
24118 Kiel
Germany