Effective Date: April 5, 2026
Onform is operated by Founding.dev. This policy explains what we collect, how we use it, and your choices.
Account info (name, email, authentication data), forms and their configuration, submission data including uploaded files, usage logs (IP address, browser, in-app actions), and session cookies.
To operate and improve the Service, authenticate users, deliver submissions and webhook notifications, send transactional emails, and meet legal obligations. We don't sell your data.
Responses collected through your forms are controlled by you — the form creator. You're responsible for having a lawful basis to collect that data and complying with applicable privacy laws, including obtaining any required consents.
We use Google OAuth for login, Cloudflare Turnstile for bot protection on public forms, and third-party SMTP providers for transactional email delivery. Each is subject to their own privacy policies.
We take reasonable measures to protect your data, including HMAC-signed webhooks, session-based authentication, and rate limiting. That said, no system is completely secure — use the Service accordingly.
We use session cookies to keep you logged in, and analytics and marketing cookies to understand how the Service is used and measure advertising performance. You can manage cookie preferences through your browser settings.
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at the address below.
Data is kept while your account is active. You can request deletion at any time by contacting us directly. Deleted data may persist briefly in backups before being fully purged.
The Service isn't intended for anyone under 13. If you believe a child has submitted personal data through the Service, contact us and we'll remove it.
We'll update the effective date when this policy changes. Continued use of the Service after changes are posted constitutes acceptance.