Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Create an account or register for our Services
• Complete forms, surveys, or questionnaires
• Subscribe to newsletters or marketing communications
• Opt-in to receive SMS/text messages
• Contact our customer support team
• Participate in promotions, contests, or events
• Upload documents, images, or other content
• Provide feedback or reviews

This information may include:

• Contact Information: Name, email address, phone number, mailing address
• Account Credentials: Username, password, security questions
• Professional Information: Company name, job title, industry, business address
• Payment Information: Credit card details, billing address, transaction history
• Communications: Messages, feedback, support requests
• User Content: Documents, forms, images, and other files you upload

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Log Data: IP address, access times, pages viewed, referring URL, clickstream data
• Usage Information: Features used, actions taken, time spent on pages
• Location Data: General location based on IP address (precise location only with consent)
• Cookie Data: Information stored in cookies and similar technologies

1.3 Information From Third Parties

We may receive information from:

• Business Partners: Companies with whom we offer joint services
• Service Providers: Analytics, advertising, and technology partners
• Public Sources: Publicly available databases and directories
• Social Media: If you connect social media accounts to our Services

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Create and manage your account
• Provide customer support and respond to inquiries
• Send service-related communications and notifications

2.2 Personalization and Improvement

• Personalize your experience and content
• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Conduct research and analytics

2.3 Communications

• Send promotional materials (with your consent)
• Send SMS/text messages (with explicit opt-in consent)
• Notify you about changes to our Services
• Provide updates about your account or transactions

2.4 Security and Compliance

• Protect against fraud, abuse, and security threats
• Enforce our terms of service and policies
• Comply with legal obligations
• Respond to legal requests and prevent harm

3. Legal Bases for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Services
• Consent: Processing based on your explicit consent (e.g., marketing communications, SMS messages)
• Legal Compliance: Processing necessary to comply with applicable laws and regulations

4. Information Sharing and Disclosure

4.1 We May Share Information With:

• Service Providers: Third parties who perform services on our behalf (hosting, analytics, payment processing, customer support)
• Business Partners: Companies with whom we partner to offer integrated services
• Affiliates: Our parent company, subsidiaries, and affiliated entities
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Your Consent: When you direct us to share information with third parties

4.2 We Do NOT:

• Sell your personal information to third parties
• Share your personal information for third-party advertising purposes without consent
• Provide your information to data brokers

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Fulfill the purposes described in this Privacy Policy

When determining retention periods, we consider:

• The nature and sensitivity of the information
• The purposes for which we process the information
• Applicable legal requirements
• Whether the purpose can be achieved through other means

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access and multi-factor authentication
• Monitoring: Continuous security monitoring and logging
• Audits: Regular security assessments and penetration testing
• Employee Training: Security awareness training for all personnel
• Incident Response: Documented procedures for security incidents

While we implement safeguards to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@formaflow.io. We will respond within the timeframe required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by relevant authorities
• Data Processing Agreements with appropriate protections
• Certification mechanisms where applicable

10. Children's Privacy

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at privacy@formaflow.io.

11. Third-Party Services

Our Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access.

We are not responsible for the privacy practices or content of third-party services.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality and security features
• Analytics Cookies: Understand how users interact with our Services
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

We may also use web beacons, pixel tags, and similar technologies for analytics and marketing purposes.

13. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights
• Right to Limit Use: Limit use and disclosure of sensitive personal information

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising without your consent.

To exercise your California privacy rights, contact us at privacy@formaflow.io or call 1-800-FORMA-FL.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• All rights listed in Section 8 (Your Privacy Rights)
• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent at any time
• Right to obtain information about international transfers

Our legal bases for processing are described in Section 3. For GDPR-related inquiries, contact our Data Protection Officer at dpo@formaflow.io.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our Services
• Obtain consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: