Legal

Privacy Policy

Last Updated: March 10, 2026

1. Overview

This Privacy Policy explains how goldform.io ("goldform", "we", "our", "us") collects, uses, stores, and shares personal information when you use our websites, applications, APIs, and services.

2. Information We Collect

We may collect the following categories of information:

  • Account information, such as name, email address, authentication provider, and hashed passwords.
  • Workspace and form data, including form schemas, settings, collaborator data, and metadata.
  • Submission data entered by respondents into forms you publish.
  • Integration data, such as Google account tokens needed to connect and sync Google Sheets.
  • Usage and diagnostics data, including logs, request metadata, device/browser information, and IP-derived security signals.
  • Support and communications data when you contact us.

3. How We Use Information

We use information to:

  • Provide, maintain, and improve the service.
  • Authenticate users and secure accounts.
  • Process form creation, sharing, collaboration, exports, and integrations.
  • Detect abuse, spam, fraud, and policy violations.
  • Send service emails, security notices, onboarding messages, and transactional communications.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (Where Applicable)

Where required by law, we process personal data based on one or more legal bases: performance of a contract, legitimate interests, consent, and compliance with legal obligations.

5. AI Features

Prompts submitted to AI-assisted features may be processed to generate form drafts and improve feature reliability. You should avoid entering sensitive personal data in prompts unless you have a lawful basis to do so.

6. Sharing of Information

We may share information with:

  • Service providers that help us operate hosting, database, email, and infrastructure services.
  • Integration partners when you explicitly connect third-party tools (for example, Google Sheets).
  • Authorized workspace members and collaborators based on permissions set by workspace administrators.
  • Law enforcement or regulators where required by applicable law.

We do not sell personal information as traditionally defined under most privacy laws.

7. Google API Data and Limited Use

If you use Google sign-in, we receive basic identity data such as your name, email address, and profile image. If you connect Google Sheets, we request access to create and update spreadsheets for your form responses and to read spreadsheet metadata needed for sync operations.

We use Google user data only to provide the features you request (authentication, Sheets connection, and response sync). We do not use Google user data for advertising, do not sell it, and do not use it to train generalized AI or ML models.

We store Google OAuth tokens in our database so your connection can continue to work. Access is restricted to application services that perform authorized integration tasks. Disconnecting Google Sheets for a form stops further sync for that form. You can also revoke access at any time in your Google account security settings.

goldform's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Data Retention

We retain data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type, account status, and legal requirements.

9. Security

We use reasonable technical and organizational safeguards to protect information. No system is perfectly secure, and we cannot guarantee absolute security.

10. International Transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for international data transfers.

11. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to request portability of your information.

To exercise rights requests, contact hi@goldform.io.

12. Children's Privacy

The service is not directed to children under 13 (or higher age where required by local law). If you believe a child has provided personal information, contact us and we will take appropriate steps.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by updating the "Last Updated" date and, where appropriate, additional notice.

14. Contact

For privacy questions, data requests, or concerns, contact us at hi@goldform.io.

Back to goldform.io