Back to FormiqaFFormiqa
Privacy

Privacy Policy

We collect the minimum personal data required to run the service, store it securely, and never sell it. This page explains exactly what we collect, why, and the rights you have.

Effective date
April 27, 2026
Last updated
April 27, 2026
01

Who we are

The Formiqa service at formiqa.app is operated by Craft Solution Tech FZE-LLC (“we”, “us”, “our”), a Free Zone company registered in the United Arab Emirates. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and the rights you have over it.

Legal entity
Craft Solution Tech FZE-LLC
License number
4306094.01
Registered address
Business Centre, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates
Phone
+971 55 284 5664

For any privacy-related question or request, contact us at contact@formiqa.app.

02

Data we collect

We collect the minimum data required to operate the service. There are three categories:

  • Account data — your name, email address, and password hash, provided when you create an account.
  • Form data — the forms you build (fields, validation, settings) and the submissions you receive from respondents. The content of submissions is your data; we process it on your behalf.
  • Operational data — server logs, IP addresses, browser identifiers, and timestamps necessary for security, abuse prevention, and basic analytics.

We do not collect or use special categories of personal data (health, ethnicity, political opinions) unless you explicitly choose to collect them in a form you build — in which case you, as the form owner, are the data controller.

03

How we use your data

We use the data we collect to:

  • Provide, maintain, and improve the Formiqa service.
  • Authenticate you, manage your account, and prevent abuse and fraud.
  • Process payments through our payment processor (see “Third parties” below).
  • Send you transactional emails (account verification, security alerts, payment receipts).
  • Send you product updates, only if you have explicitly opted in.

We do not sell your data. We do not use your form submissions to train AI models or for advertising.

04

Where your data is stored

Your account data and form metadata are stored in a managed PostgreSQL database hosted by Neon in a European Union region. Files uploaded through your forms are stored on Cloudflare R2, encrypted at rest.

Our application is served by Vercel's global edge network. Some of our sub-processors operate servers outside the European Economic Area. When personal data is transferred outside the EEA, we rely on the European Commission's standard contractual clauses or equivalent safeguards.

05

Third-party services we use

We share data with a small number of carefully chosen sub-processors that help us run the service:

  • Vercel — application hosting and global content delivery.
  • Neon — managed PostgreSQL database (European Union region).
  • Cloudflare — R2 file storage (encrypted at rest), DDoS protection, and Turnstile CAPTCHA on signup and on selected public forms.
  • Resend — transactional email delivery (account verification, payment receipts, submission notifications).
  • Stripe — payment processing for paid plans. Stripe is PCI-DSS compliant; we never see or store your full card number.

The list of sub-processors may evolve. Material changes will be announced on this page.

06

Your rights

Depending on where you live — including the European Economic Area and the United Kingdom (under the GDPR), the United Arab Emirates (under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data), or any jurisdiction with comparable protections — you have the right to:

  • access the personal data we hold about you,
  • request correction of inaccurate data,
  • request erasure of your data (subject to our legitimate obligations to retain certain records),
  • request restriction of processing,
  • request portability of your data in a machine-readable format,
  • object to processing based on legitimate interest,
  • lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at contact@formiqa.app. We respond within 30 days.

07

How long we keep your data

We keep your account data for as long as your account is active. When you delete your account, we delete your account data and form data within 30 days, except where we are required by law to retain some records (for example, accounting records related to billing, which we keep for the legal retention period in our jurisdiction).

Server logs are retained for up to 90 days for security and debugging purposes, then automatically deleted.

08

Cookies

We use a minimal set of cookies. None of them are used for third-party advertising or cross-site tracking.

  • Essential — session cookie required to keep you signed in. This cookie cannot be disabled without making the service unusable.
  • Functional — remembers your preferences (theme, locale).
  • Operational — anonymous load-balancing cookies set by Cloudflare.
09

Security

We protect your data with industry-standard measures:

  • encryption in transit (TLS 1.2 or higher) on every connection,
  • encryption at rest for uploaded files (Cloudflare R2),
  • passwords are never stored in plaintext — they are hashed using an industry-standard cryptographic function,
  • session-based authentication with scoped permissions,
  • rate limiting and bot protection on authentication endpoints,
  • isolated production environments and least-privilege access.

No system is perfectly secure. If you believe you have discovered a vulnerability, contact us at contact@formiqa.app. We respond to valid disclosures within 72 hours.

10

Changes to this policy

We may revise this policy as the service evolves. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

Read our Terms of Service