What is GDPR?
The General Data Protection Regulation (GDPR) is a data privacy law that applies to individuals in the European Union (EU) and European Economic Area (EEA). It gives people more control over their personal data — including the right to access, modify, delete, and understand how their information is processed.
Is Formsuite GDPR compliant?
Yes. Formsuite is designed with privacy and security at its core. All data is encrypted in transit and at rest, and stored securely with GDPR-compliant infrastructure providers. Our privacy practices follow the principles and requirements outlined in the GDPR framework.
We’ve implemented:
A clear Privacy Policy that explains what data we collect, how it’s stored, transferred, and how you can exercise your rights. Strong data encryption and security measures to protect all form data. Tools that give form creators control over the data they collect and manage. A standard Data Processing Agreement (DPA) to support your compliance needs.
Do you provide a DPA?
Yes. By creating a Formsuite account and accepting our Terms of Service, professional users also agree to the terms of our Data Processing Agreement (DPA) on behalf of their organization. No separate signature is required. Download or view the DPA here
How does Formsuite handle form data?
Formsuite is the data processor — we provide the infrastructure to create and host forms. Our customers (the form creators) are the data controllers and are responsible for determining what data they collect, how long they keep it, and for ensuring they have a lawful basis (such as consent) when required.
Form creators have full control over their collected data. Data can be deleted or exported at any time directly from the account. When data is deleted, it is permanently removed from active systems and backups within 30 days.
How Formsuite uses your personal information
Formsuite acts as the data controller for the information you provide to us (e.g., account registration details). We do not sell personal data. We only use your information to provide and improve the service. We work with trusted subprocessors who meet GDPR standards and only process data on our behalf. Contact us about data privacy if you have any questions, concerns, or requests about your data privacy, you can contact us at: support@formsuite.co. We aim to respond to all requests within a reasonable timeframe.
Subprocessors
Vercel Hosting and deployment - EU/US - Learn more
PlanetScale - Database - USA - Learn more
Stripe - Payment processing -USA - Learn more
OpenAI - AI services - USA - Learn more
Resend - Email delivery - USA - Learn more
(This list may evolve as we add or change service providers. Any changes will be reflected here.)
Need a Data Processing Agreement (DPA)?
If you require a copy of our DPA, you can download it here or contact us at support@formsuite.co.