Privacy Policy | Mobyform

Overview

This Privacy Policy explains how Mobyform collects, uses, discloses, stores, and protects personal data when you use our public website, help center, documentation, public forms, and hosted product. It also explains the choices available to you and how to contact us about privacy questions.

For the purposes of this policy, "Mobyform," "we," "our," and "us" refer to the operator of the Mobyform website and product. "You" refers to a visitor, customer, account owner, collaborator, or respondent, depending on the context.

Scope

This Privacy Policy applies to:

the public website at https://mobyform.com
the hosted product application currently served from https://build.mobyform.com
help center, documentation, changelog, and blog pages published under the Mobyform domain
support, contact, newsletter, and sales communications
public forms and form-related experiences hosted by Mobyform

This policy does not apply to third-party websites, integrations, or services that you access from within Mobyform and that operate under their own privacy notices.

The Data We Collect

We may collect the following categories of data, depending on how you interact with Mobyform:

Information you provide directly

Account and workspace data such as your name, email address, organization name, user profile, collaborator details, and login-related identifiers.
Contact and support data such as the contents of messages you send through support, contact, partnership, procurement, or sales forms.
Billing and commercial data such as plan information, invoice details, company information, billing contacts, subscription metadata, and transaction records. Payment card entry is handled by the active payment processor rather than stored directly by Mobyform.
Form, response, and file content such as form configurations, submissions, comments, attachments, generated exports, and related records created by customers or respondents.
Marketing and newsletter preferences such as subscription status, referral attribution, and communication preferences.

Information collected automatically

Usage data such as pages visited, referring pages, feature interactions, pricing page visits, and timestamps.
Device and browser data such as IP address, approximate location, browser type, device type, operating system, language settings, and identifiers associated with sessions or requests.
Log and diagnostic data such as error reports, security events, rate-limit signals, audit-oriented records, and performance information.
Cookie and similar technology data used to maintain sessions, remember locale and consent choices, measure traffic, and improve service reliability.
File and upload metadata such as MIME type, file size, upload context, and integrity-related metadata where files are processed through the product.

Information from third parties

Identity or authentication providers when you sign in through a supported single sign-on or social login method.
Payment processors such as Stripe or Creem when billing is enabled for a plan or checkout flow.
Infrastructure and delivery providers such as Cloudflare for DNS, edge delivery, traffic protection, and request handling, and configured storage backends depending on deployment.
Integrations and connected services when you authorize a product integration and choose to sync data with external systems.
Referral, partner, or campaign sources when traffic reaches Mobyform through attribution links or marketing campaigns.

How We Use Personal Data

We use personal data only where there is a valid operational, contractual, legal, or legitimate business reason to do so. Typical purposes include:

providing, operating, securing, and maintaining the website, help center, documentation, and hosted product
creating and managing accounts, workspaces, permissions, and authentication flows
hosting forms, collecting submissions, storing files, and delivering product functionality
routing product messages, transaction notices, and newsletters through configured communication providers such as Resend
responding to support requests, onboarding inquiries, procurement reviews, and sales conversations
processing subscription, billing, refund, and checkout events through the active payment provider
improving usability, performance, reliability, abuse prevention, and product planning
detecting abuse, fraud, spam, automation, and other unauthorized or harmful activity
complying with legal obligations, enforcing terms, and protecting the rights of Mobyform, customers, respondents, and the public

We may also send marketing communications where permitted by law and where you have requested them or where another lawful basis applies. You can unsubscribe from marketing messages at any time.

Product Roles: Customer Data and Respondent Data

When a customer uses Mobyform to create and publish forms, the customer typically decides what information is collected from respondents and how that information is used. In those situations:

the customer is generally the controller or business responsible for respondent data
Mobyform generally acts as a processor or service provider handling data on the customer's behalf

If you are a respondent submitting information to a form built by a Mobyform customer, you should review that customer's privacy notice as well. Questions about how a specific form owner uses your submission should usually be directed to that form owner.

Legal Bases for Processing

Depending on the jurisdiction and context, we may process personal data on one or more of the following bases:

to perform a contract or take steps at your request before entering into a contract
to comply with a legal obligation
to pursue legitimate interests such as service security, fraud prevention, analytics, product improvement, and business operations
with your consent, where consent is required

We do not sell personal data in the ordinary sense of selling customer lists for money. We may share personal data in the following circumstances:

with service providers and infrastructure vendors that help us operate the website, product, support, communications, hosting, storage, billing, and security
with payment processors such as Stripe or Creem when you purchase or manage a paid plan
with communications vendors such as Resend when we send support, transactional, or newsletter emails
with network and delivery infrastructure such as Cloudflare that handles DNS, CDN, edge protection, and request routing
with configured storage providers or storage environments used for uploads, exports, or generated assets, which may vary by deployment and region
with identity providers and other third-party services you or your organization choose to use
with affiliates, advisors, auditors, or professional service providers where reasonably necessary
in connection with a merger, financing, acquisition, reorganization, or sale of assets
where required to comply with law, regulation, court order, lawful request, or to protect rights, safety, and security

When we use service providers, we expect them to process data only for authorized purposes and under appropriate contractual or legal safeguards.

Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this policy, including to:

provide the service and maintain active customer accounts
preserve records required for security, compliance, taxation, billing, and dispute resolution
enforce agreements and investigate misuse
support customer-requested exports, backups, account lifecycle operations, and deletion requests

Retention periods vary depending on the type of data, the role in which we process it, the configuration chosen by the customer, and the requirements that apply to the relevant account, file, submission, or transaction. In some product areas, retention is governed by organization- or context-specific policies. Residual copies can remain in backups and logs until ordinary rotation or deletion cycles complete.

Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure. These measures include, where appropriate to the deployment and use case, encrypted transport for browser and API traffic, role-based access controls, rate limiting and abuse defenses, audit-oriented logging, file integrity metadata, and controlled delivery of stored files. No method of storage or transmission is completely secure, and we cannot guarantee absolute security, but we work to maintain safeguards appropriate to the nature of the data and the risks involved.

International Transfers

Mobyform and its service providers may process data in countries other than the one where you are located. Where applicable, we rely on appropriate legal mechanisms and contractual safeguards for cross-border transfers.

Your Rights and Choices

Depending on your location and the applicable law, you may have rights to:

request access to personal data we hold about you
request correction or update of inaccurate information
request deletion of personal data in certain circumstances
object to or restrict certain processing
request portability of certain data
withdraw consent where processing is based on consent
opt out of marketing communications

You may also be able to manage certain data directly through your account or by contacting the form owner, if the relevant data was collected through a customer-created form.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the site, remember preferences, analyze usage, improve performance, and support security. For more detail, please review our Cookie Policy.

Children's Privacy

Mobyform is not directed to children under the age required by applicable law to provide consent on their own. If we learn that personal data has been collected from a child in violation of applicable law, we will take appropriate steps to delete it or otherwise address the issue.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or operational updates. When we do, we will update the effective date on this page and, where appropriate, provide additional notice.

Contact

If you have questions about this Privacy Policy or want to make a privacy-related request, please contact us or email support@mobyform.com.

Overview

Scope

This Privacy Policy applies to:

the public website at https://mobyform.com
the hosted product application currently served from https://build.mobyform.com
help center, documentation, changelog, and blog pages published under the Mobyform domain
support, contact, newsletter, and sales communications
public forms and form-related experiences hosted by Mobyform

This policy does not apply to third-party websites, integrations, or services that you access from within Mobyform and that operate under their own privacy notices.

The Data We Collect

We may collect the following categories of data, depending on how you interact with Mobyform:

Information you provide directly

Account and workspace data such as your name, email address, organization name, user profile, collaborator details, and login-related identifiers.
Contact and support data such as the contents of messages you send through support, contact, partnership, procurement, or sales forms.
Billing and commercial data such as plan information, invoice details, company information, billing contacts, subscription metadata, and transaction records. Payment card entry is handled by the active payment processor rather than stored directly by Mobyform.
Form, response, and file content such as form configurations, submissions, comments, attachments, generated exports, and related records created by customers or respondents.
Marketing and newsletter preferences such as subscription status, referral attribution, and communication preferences.

Information collected automatically

Usage data such as pages visited, referring pages, feature interactions, pricing page visits, and timestamps.
Device and browser data such as IP address, approximate location, browser type, device type, operating system, language settings, and identifiers associated with sessions or requests.
Log and diagnostic data such as error reports, security events, rate-limit signals, audit-oriented records, and performance information.
Cookie and similar technology data used to maintain sessions, remember locale and consent choices, measure traffic, and improve service reliability.
File and upload metadata such as MIME type, file size, upload context, and integrity-related metadata where files are processed through the product.

Information from third parties

Identity or authentication providers when you sign in through a supported single sign-on or social login method.
Payment processors such as Stripe or Creem when billing is enabled for a plan or checkout flow.
Infrastructure and delivery providers such as Cloudflare for DNS, edge delivery, traffic protection, and request handling, and configured storage backends depending on deployment.
Integrations and connected services when you authorize a product integration and choose to sync data with external systems.
Referral, partner, or campaign sources when traffic reaches Mobyform through attribution links or marketing campaigns.

How We Use Personal Data

We use personal data only where there is a valid operational, contractual, legal, or legitimate business reason to do so. Typical purposes include:

providing, operating, securing, and maintaining the website, help center, documentation, and hosted product
creating and managing accounts, workspaces, permissions, and authentication flows
hosting forms, collecting submissions, storing files, and delivering product functionality
routing product messages, transaction notices, and newsletters through configured communication providers such as Resend
responding to support requests, onboarding inquiries, procurement reviews, and sales conversations
processing subscription, billing, refund, and checkout events through the active payment provider
improving usability, performance, reliability, abuse prevention, and product planning
detecting abuse, fraud, spam, automation, and other unauthorized or harmful activity
complying with legal obligations, enforcing terms, and protecting the rights of Mobyform, customers, respondents, and the public

We may also send marketing communications where permitted by law and where you have requested them or where another lawful basis applies. You can unsubscribe from marketing messages at any time.

Product Roles: Customer Data and Respondent Data

When a customer uses Mobyform to create and publish forms, the customer typically decides what information is collected from respondents and how that information is used. In those situations:

the customer is generally the controller or business responsible for respondent data
Mobyform generally acts as a processor or service provider handling data on the customer's behalf

Legal Bases for Processing

Depending on the jurisdiction and context, we may process personal data on one or more of the following bases:

to perform a contract or take steps at your request before entering into a contract
to comply with a legal obligation
to pursue legitimate interests such as service security, fraud prevention, analytics, product improvement, and business operations
with your consent, where consent is required

We do not sell personal data in the ordinary sense of selling customer lists for money. We may share personal data in the following circumstances:

with service providers and infrastructure vendors that help us operate the website, product, support, communications, hosting, storage, billing, and security
with payment processors such as Stripe or Creem when you purchase or manage a paid plan
with communications vendors such as Resend when we send support, transactional, or newsletter emails
with network and delivery infrastructure such as Cloudflare that handles DNS, CDN, edge protection, and request routing
with configured storage providers or storage environments used for uploads, exports, or generated assets, which may vary by deployment and region
with identity providers and other third-party services you or your organization choose to use
with affiliates, advisors, auditors, or professional service providers where reasonably necessary
in connection with a merger, financing, acquisition, reorganization, or sale of assets
where required to comply with law, regulation, court order, lawful request, or to protect rights, safety, and security

When we use service providers, we expect them to process data only for authorized purposes and under appropriate contractual or legal safeguards.

Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this policy, including to:

provide the service and maintain active customer accounts
preserve records required for security, compliance, taxation, billing, and dispute resolution
enforce agreements and investigate misuse
support customer-requested exports, backups, account lifecycle operations, and deletion requests

Security

International Transfers

Your Rights and Choices

Depending on your location and the applicable law, you may have rights to:

request access to personal data we hold about you
request correction or update of inaccurate information
request deletion of personal data in certain circumstances
object to or restrict certain processing
request portability of certain data
withdraw consent where processing is based on consent
opt out of marketing communications

You may also be able to manage certain data directly through your account or by contacting the form owner, if the relevant data was collected through a customer-created form.

How Mobyform collects, uses, stores, shares, and protects personal data across the website and hosted product.

Overview

Scope

The Data We Collect

Information you provide directly

Information collected automatically

Information from third parties

How We Use Personal Data

Product Roles: Customer Data and Respondent Data

Legal Bases for Processing

Data Retention

Security

International Transfers

Your Rights and Choices

Cookies and Similar Technologies

Children's Privacy

Changes to This Policy

Contact

How Mobyform collects, uses, stores, shares, and protects personal data across the website and hosted product.

Overview

Scope

The Data We Collect

Information you provide directly

Information collected automatically

Information from third parties

How We Use Personal Data

Product Roles: Customer Data and Respondent Data

Legal Bases for Processing

Data Retention

Security

International Transfers

Your Rights and Choices

Cookies and Similar Technologies

Children's Privacy

Changes to This Policy

Contact