Privacy Policy

Last updated: 11/21/2025

1. Who we are

Formulatiq ("Formulatiq," "we," "us," or "our") provides an AI‑powered form builder and related services available at formulatiq.itah.ai and associated subdomains (collectively, the "Service").

2. Scope

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the Service, including our website, form builder, analytics features, AI‑assisted content generation, and third‑party integrations.

3. Information we collect

3.1 Information you provide

  • Account & profile data: name, email, password (hashed), organization, role, billing contact.
  • Billing data: payment method details processed by our payment processor (we store limited tokens and transaction metadata only), tax/VAT IDs, invoices.
  • Content & configuration: forms, fields, templates, file uploads, logic rules, branding assets, workspace/team settings.
  • AI prompts & outputs: prompts, instructions, contextual data you provide to generate forms or copy, and resulting outputs.
  • Support communications: messages, tickets, survey responses, and feedback.

3.2 Information we collect automatically

  • Usage & diagnostics: device and browser information, IP address, pages viewed, referrers, session events, feature usage, error logs, and performance metrics.
  • Analytics: aggregated traffic and conversion data, form view/submit rates, and geolocation approximations derived from IP.
  • Cookies & similar tech: session cookies for authentication, preference cookies, and analytics pixels.

3.3 Information we process on your behalf (Customer Data)

When you publish a form, we process responses (including any personal or sensitive data end‑users submit) solely to provide the Service to you, in accordance with your configuration and our Data Processing Addendum ("DPA"). You are the controller of Customer Data; we are the processor.

4. How we use information

  • Provide, secure, and maintain the Service (auth, storage, logging, fraud prevention).
  • Generate content and configurations using AI features at your direction.
  • Measure and improve performance (analytics, A/B testing, UX research).
  • Provide support and communicate product updates, security notices, and transactional emails.
  • Process payments, invoicing, and collections.
  • Enforce our Terms of Service, prevent abuse, and comply with law.

5. Legal bases (EEA/UK)

We rely on: (i) contractual necessity to deliver the Service; (ii) legitimate interests (e.g., product improvement, security); (iii) consent where required (e.g., certain cookies/marketing); and (iv) legal obligations.

6. AI features

Model providers: We may route prompts/inputs/outputs to third‑party AI providers and sub‑processors to deliver AI functionality. We require appropriate confidentiality, security, and data‑use restrictions via contract.

Training: We do not use your Customer Data (form responses) to train generalized models. We may use de‑identified product telemetry to improve features. You can disable optional analytics where available.

Safety: Do not include secrets or regulated data in prompts unless you have configured appropriate safeguards.

7. Data retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may configure retention for form responses; deleting a form typically deletes associated responses after a short safety window. Backups persist for limited periods.

8. Sharing & disclosures

We share information with:

  • Service providers/sub‑processors (e.g., hosting, storage, email, payments, analytics, AI providers, customer support tools) under data‑processing terms.
  • Team members you invite and integrations you enable (e.g., Slack, webhooks, embeds, or API connections). Data sent to integrations is governed by those third parties' policies.
  • Legal & compliance: to comply with lawful requests, enforce our rights, prevent fraud/security incidents, or during corporate transactions (merger, acquisition).

9. International transfers

We may transfer, store, and process information in countries other than where it was collected. Where required, we implement safeguards such as Standard Contractual Clauses (SCCs) and conduct transfer risk assessments.

10. Security

We employ technical and organizational measures such as encryption in transit, access controls, logging, and least‑privilege practices. No method of transmission or storage is 100% secure.

11. Your rights & choices

Access, correction, deletion, portability (subject to verification and limits). Object/restrict certain processing and withdraw consent for marketing. Cookie controls via browser or our preference center. For Customer Data, contact the form owner/controller. For requests to us, email privacy@formulatiq.ai.

12. Region‑specific disclosures

EEA/UK: Formulatiq is the controller for personal data not processed as Customer Data. You may contact our DPO at privacy@formulatiq.ai. Complaints may be directed to your local supervisory authority.

California: We act as a service provider/processor for Customer Data. We do not "sell" or "share" personal information for cross‑context behavioral advertising as defined by the CCPA. We honor verifiable consumer requests as required by law.

HIPAA: If you are a covered entity or business associate, execution of a Business Associate Agreement (BAA) is required before using the Service to process Protected Health Information (PHI). Contact hipaa@formulatiq.ai.

13. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

14. Data Processing Addendum (DPA)

Our DPA (including SCCs where applicable) is available upon request or via your admin settings. The DPA governs processing of Customer Data where required by law.

15. Changes

We may update this Policy from time to time. We will post changes here and update the Effective Date. Material changes will be communicated via email or in‑app notices.