Back

Privacy Policy for Makeform

Effective Date: June 5, 2025

1. Introduction

Makeform ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit or use our website https://www.makeform.ai, our software applications, and services (collectively, the "Service").

By using our Service, you agree to the practices described in this Privacy Policy. If you do not agree with the terms, you should not access or use the Service.

This Privacy Policy is intended to comply with applicable data protection laws and regulations, including those related to Google API Services and sensitive user data.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Usage Data: Information collected automatically through your use of the Service.
  • Data Subject: An individual whose Personal Data is collected and processed.
  • Data Controller: The entity that determines the purposes and means of processing Personal Data. In this case, Makeform.
  • Data Processor: A third party that processes Personal Data on behalf of the Data Controller.
  • Service Provider: Any third party that supports the Service's operation and may have limited access to data.
  • Cookies: Small text files stored on your browser or device.
  • Google User Data: Information obtained via Google APIs (e.g., spreadsheets, email address), governed by Google's API Services User Data Policy.

3. Information We Collect

We collect several types of information to provide and improve our Service:

a. Information You Provide to Us

  • Name
  • Email address
  • Phone number
  • Business name or organization
  • Billing address and postal code (if purchasing services)
  • Content entered in forms or uploaded to our platform
  • Support messages and feedback

b. Automatically Collected Information (Usage Data)

When you use the Service, we may automatically collect:

  • IP address and location (approximate)
  • Browser type and version
  • Device type and OS
  • Pages visited and time spent
  • Referral URLs
  • Unique device identifiers
  • Crash logs and diagnostic data

c. Cookies and Similar Technologies

We use cookies and local storage for functionality, analytics, and performance optimization. You may opt out by configuring your browser settings, but doing so may impair Service functionality.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To operate and maintain the Service
  • To personalize user experience and respond to user inquiries
  • To improve platform security, performance, and reliability
  • To process transactions and provide customer support
  • To send you important notices and promotional content (opt-out anytime)
  • To enable integrations with third-party platforms, such as Google Sheets, Notion, and Slack
  • To comply with legal obligations and enforce our rights

We do not sell your personal data to any third parties.

5. Legal Bases for Processing

We may process your Personal Data under the following legal bases:

  • Consent – When you voluntarily provide us with data or authorize integrations.
  • Contract – To fulfill contractual obligations (e.g., subscriptions, data syncing).
  • Legitimate Interests – To improve service functionality and ensure security.
  • Legal Obligation – To comply with applicable laws or legal processes.

5a. Data Protection Mechanisms

We implement administrative, technical, and physical safeguards to protect your Personal Data and any sensitive content you choose to store or transmit through our Service. These safeguards include but are not limited to:

  • Data encryption at rest using AES-256 industry-standard encryption (via Supabase and AWS)
  • Data encryption in transit using TLS (Transport Layer Security) to prevent unauthorized interception
  • Use of OAuth 2.0 for all third-party integrations to ensure secure, token-based authentication
  • Role-based access controls and row-level security policies to limit data access to authorized personnel
  • Access logging and internal auditing of administrative access to user data
  • Rate limiting and automated abuse detection to mitigate unauthorized access attempts
  • Regular security reviews, vulnerability scanning, and patch management

These protections are designed to ensure the confidentiality, integrity, and availability of your data. We continually review and improve our security practices in line with industry standards and regulatory requirements.

6. Data Protection and Security Measures

We implement industry-standard safeguards to protect your data, including:

  • AES-256 encryption for data at rest (via Supabase and AWS)
  • TLS (SSL) encryption for data in transit
  • OAuth 2.0-based authentication for external integrations
  • Role-based access controls and row-level permissions
  • Regular review and audit of access logs
  • Protection against unauthorized access, disclosure, or destruction

We restrict access to your Personal Data to only those personnel and service providers who require it to perform their job functions and are subject to strict confidentiality obligations.

7. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, legal obligations, or to prevent fraud).

  • User Account Data: Retained for the duration of your account and up to 12 months after termination, unless deleted earlier upon your request.
  • Form Submission Data: Retained until you delete it or the associated form is removed.
  • Usage Data: Retained for analytics and performance improvements for a shorter duration, typically no more than 12 months.
  • User Account Data: Retained for the duration of your account and up to 12 months after termination, unless deleted earlier upon your request. You may request deletion at any time by contacting support@makeform.ai.

We may retain anonymized or aggregated data for statistical or research purposes indefinitely.

8. Third-Party Integrations

To enhance the functionality of our Service, we allow users to connect third-party platforms, including but not limited to:

a. Google Sheets

Makeform allows you to connect Google Sheets to automatically send form responses to your selected spreadsheets.

  • We request access to view and edit Google Sheets that you explicitly select.
  • We do not access, read, or store any other documents or Google Drive contents.
  • Authentication is handled via Google OAuth 2.0, and tokens are stored securely using industry best practices.
  • Data is encrypted in transit using TLS.

You may revoke access at any time through your Makeform settings or your Google Account Permissions.

b. Slack

You may connect Slack to receive instant notifications when a form is submitted.

  • We only store tokens and channel identifiers needed to deliver the integration.
  • We do not access message history or Slack content outside the intended integration purpose.

c. Notion

You may sync Makeform responses to your Notion workspace:

  • Access is granted to specific databases selected by you.
  • We transmit only the fields and responses you explicitly map.
  • We do not read or modify other Notion content.

All integrations use secure, token-based authentication. You can disconnect integrations at any time.

9. Google API User Data Policy Compliance

Makeform's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access the minimum necessary Google data for integration functionality.
  • We do not use Google data for advertising or user profiling.
  • We do not transfer Google data to third parties without your explicit consent.
  • You may revoke access at any time from https://myaccount.google.com/permissions.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

  • Right to Access – You can request a copy of the data we hold about you.
  • Right to Rectify – You may correct inaccurate or incomplete information.
  • Right to Erasure – You can request deletion of your data under certain circumstances.
  • Right to Object or Restrict Processing – You may limit how we use your data.
  • Right to Portability – You can request your data in a portable format.
  • Right to Withdraw Consent – If you provided consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@makeform.ai. We will respond within 30 days.

You may also request deletion of your account and associated data by contacting us directly at the same email address.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When changes are made, we will:

  • Update the "Effective Date" at the top of this document
  • Notify users via email or through an in-app notification when required by law

You are advised to review this policy regularly to stay informed.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Makeform
Email: support@makeform.ai
Website: https://www.makeform.ai