← Back to PostMyForm

Legal

Privacy Policy

How PostMyForm expects to collect, use, retain, and protect account data, form configuration, and form submissions.

Draft status: this page is founder-drafted and must be reviewed before public production launch.

Effective date: pending public launch.

1. Overview

PostMyForm is a privacy-conscious form backend for static websites. This policy explains the data we expect to process to provide accounts, form endpoints, submission storage, email notifications, billing, security, abuse prevention, and support.

2. Data we collect

We may collect account information such as email address, authentication metadata, organization records, plan status, and account activity.

We store form configuration such as form names, endpoint identifiers, allowed origins, destination email addresses, success redirect URLs, and form status.

We store form submissions, including the submitted fields, normalized submitter email when present, submission status, spam or abuse signals, and delivery events.

For abuse prevention and rate limiting, we avoid storing raw submitter IP addresses by default and use peppered hashes where correlation is needed.

3. How we use data

We use data to operate the service, authenticate users, receive and store submissions, send notification emails, enforce plan limits, prevent abuse, troubleshoot problems, process billing, and meet legal or security obligations.

4. Payment data

Card payments are handled by a third-party payment provider. PostMyForm does not store payment card numbers. We store only the provider metadata needed to manage billing status, plans, and account access.

5. Email delivery

PostMyForm uses an email provider to send authentication emails and form submission notifications. Email delivery metadata may be stored to confirm whether a notification was sent or failed.

6. Retention

Form submission retention depends on the customer plan. Current intended retention windows are 30 days for Trial, 90 days for Starter, and 180 days for Growth. Operational records, billing records, audit records, security records, and backups may be retained for different periods when needed to operate, secure, or comply with obligations for the service.

7. Service providers

We use service providers for hosting, database infrastructure, email delivery, payment processing, source-code hosting, security, and operational monitoring. These providers are used only as needed to operate PostMyForm.

8. Security

We use passwordless authentication, hashed tokens, environment-specific secrets, plan-based retention, rate limiting, and operational controls to reduce risk. No internet service can be guaranteed perfectly secure.

9. Customer responsibilities

Customers are responsible for the content of their forms, the disclosures shown on their own websites, and the legal basis for collecting data from their visitors.

10. Requests

Account owners may request help with access, export, deletion, or privacy questions by contacting privacy@postmyform.com.

11. Contact

Privacy contact: privacy@postmyform.com.