Formidable

Privacy Policy

Effective Date: February 12, 2026

1. Introduction

This Privacy Policy describes how Formidable ("we", "us", or "our") collects, uses, and shares information when you use our Service. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Formidable is the data controller for the personal data we collect about you as a user of our Service. For data collected through forms you create and publish, you are the data controller and we act as a data processor on your behalf.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication credentials
  • Account preferences

2.2 Form Creation Data

When you use the Service to create forms, we collect:

  • Form specifications and configurations you create
  • Instructions and descriptions you provide to our AI form generation features
  • Modification requests and conversational inputs

2.3 Submission Data

When respondents complete forms you have published, we collect and store submission data on your behalf. This data is controlled by you and processed by us solely to provide the Service.

2.4 Payment and Billing Data

When you make a purchase, payment information (such as credit card details) is collected and processed directly by our payment provider, Polar Software Inc ("Polar"), which acts as Merchant of Record. We do not store your full payment details. We receive order confirmations, transaction identifiers, and billing status from Polar to manage your account and provide paid features.

2.5 Usage Information

We automatically collect:

  • Log data (IP address, browser type, access times)
  • Device information
  • Usage patterns and interactions with the Service, including AI token consumption

2.6 Cookies and Similar Technologies

We use cookies and similar technologies for authentication, preferences, and analytics.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

  • To create and maintain your account
  • To provide and operate the Service
  • To process and store your forms and submission data
  • To enable AI-assisted form creation and modification
  • To process purchases and manage your paid features (via Polar)

3.2 Communications

  • To send transactional emails (account notifications, security alerts, service updates, purchase confirmations)
  • To send product feedback requests, surveys, and research invitations related to improving the Service
  • To send marketing communications (only with your explicit consent)
  • To respond to your inquiries and support requests

3.3 Service Improvement

  • To analyze usage patterns and improve the Service
  • To develop new features and functionality
  • To ensure the security and integrity of the Service

4. AI Processing

Our Service uses artificial intelligence provided by Anthropic PBC ("Anthropic") to assist with form creation. It is important to understand:

What IS processed by AI:

  • Form generation requests and descriptions you provide
  • Instructions for modifying existing forms
  • Conversational inputs related to form creation

What is NOT processed by AI:

  • Submission data collected through your published forms
  • Respondent personal information
  • Your account credentials
  • Your payment information

AI processing is performed solely to provide the form generation functionality. We do not use submission data or respondent information for AI training or processing.

5. Data Sharing

We do not sell your personal data. We may share your information with:

5.1 Service Providers

We engage third-party service providers to assist in providing the Service, including:

  • Anthropic PBC — AI service provider for form generation features. Only form creation instructions and conversational inputs are shared with Anthropic; submission data and respondent information are never sent to AI services.
  • Polar Software Inc — Merchant of Record for payment processing, invoicing, and tax collection. Polar receives your email address and name to process transactions.
  • Stripe Inc — Payment infrastructure provider used by Polar. Payment card details are processed by Stripe on Polar's behalf.
  • Cloud hosting and infrastructure providers
  • Email delivery services

These providers are contractually bound to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Location and Transfers

Your account data, form data, and submission data are stored within the European Union (EU).

Some of our service providers are based in the United States, including Anthropic (AI processing) and Polar/Stripe (payment processing). When data is transferred outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR requirements, including Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework.

7. Data Retention

We retain your information as follows:

  • Account data: For the duration of your account plus 30 days after deletion to allow for recovery.
  • Form creation data and conversations: For the duration of your account.
  • Submission data: Until you delete it or terminate your account.
  • Usage and token consumption logs: Up to 12 months.
  • Payment records: As required by applicable tax and accounting laws (typically 7 years).

After account termination, we may retain certain information as required by law or for legitimate business purposes (such as fraud prevention).

8. Your Rights

Under applicable data protection laws, including the GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, contact us at legal@formidable.software. We will respond within one month as required by law.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

10. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after notification constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Data Controller:
Formidable
legal@formidable.software