Back to Home

Privacy Policy

Last updated: December 18, 2025

About This Policy

Formbot is owned and operated by Tiny Bot Labs Limited.

When we say "Company", "we", "our", or "us" in this document, we are referring to Formbot (https://tryformbot.com).

1. Introduction

At Formbot, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our form-building service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

2. Information We Collect

Personal Information

We collect information that you provide directly to us when you:

  • Create an account (name, email address, profile picture via Google OAuth)
  • Create and publish forms
  • Collect responses through your forms
  • Communicate with us for support

Form and Response Data

When you create forms and collect responses, we store:

  • Form content, fields, and configuration
  • Responses submitted to your forms
  • Timestamps and metadata associated with forms and responses

Automatically Collected Information

When you access Formbot, we may automatically collect:

  • Log data (IP address, browser type, pages visited, time spent)
  • Device information (device type, operating system)
  • Privacy-friendly analytics data via Simple Analytics (no cookies, respects Do Not Track)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process and deliver form responses to you
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends, usage, and activities
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. AI and Data Processing

Formbot uses artificial intelligence to help generate form content and process conversational responses. We prioritize your privacy in our AI implementation:

Zero Data Retention (ZDR)

We use open-source AI models via OpenRouter with Zero Data Retention enabled. This means:

  • No training on your data: Your prompts and form content are never used to train AI models
  • No data retention: OpenRouter does not store your data after processing
  • Immediate deletion: All data sent to AI services is deleted immediately after generating responses
  • Privacy by design: We specifically use ZDR-enabled endpoints to ensure maximum privacy

When you use AI features:

  • Your prompts are processed through OpenRouter's Zero Data Retention endpoints
  • Generated content is stored only in your Formbot account and treated as your data
  • We maintain full control over your data and never share it for model training purposes

Learn more about OpenRouter's Zero Data Retention: https://openrouter.ai/docs/features/zdr

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With third-party vendors who perform services on our behalf (hosting, analytics). Note: AI processing through OpenRouter uses Zero Data Retention—no data is stored or retained by AI providers
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, sale, or acquisition

6. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Regular security assessments and updates
  • Access controls and secure authentication (OAuth 2.0)
  • Secure database storage with PostgreSQL
  • Optional AES-256-GCM encryption for sensitive form responses

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

You may delete your forms and responses at any time through your account. When you delete your account, we will delete your personal information within a reasonable timeframe, except where retention is required by law.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information
  • Data portability: Request a copy of your data in a portable format
  • Opt-out: Opt-out of certain data processing activities

To exercise these rights, please contact us through our support channels.

9. Analytics and Tracking

Privacy-First Analytics

We use Simple Analytics, a privacy-first analytics service that respects your privacy:

  • No cookies: Simple Analytics does not use cookies or track users across websites
  • No personal data: No IP addresses, fingerprints, or personally identifiable information is collected
  • Respects Do Not Track: Honors your browser's Do Not Track setting
  • GDPR compliant: Fully compliant with privacy regulations without requiring consent banners
  • Aggregate data only: We only see aggregated, anonymous statistics about page views and referrers

Google Ads Conversion Tracking

We use Google Ads conversion tracking (gtag.js) to measure the effectiveness of our advertising campaigns. This helps us understand how users interact with our site after clicking on our ads. Google may use cookies to track conversions and serve relevant ads. This data is used solely for advertising measurement purposes.

You can opt out of personalized advertising by visiting Google Ads Settings or by using the Google Analytics Opt-out Browser Add-on.

Cookies

Essential cookies are used only for authentication and session management. Google Ads may use cookies for conversion tracking. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Learn more about Simple Analytics: https://simpleanalytics.com

10. Third-Party Services

Our service integrates with third-party services:

  • Google OAuth: For secure authentication
  • Google Ads: For conversion tracking and advertising measurement
  • OpenRouter (with ZDR): For AI-powered form generation using open-source models with Zero Data Retention
  • Simple Analytics: For privacy-first website analytics (no cookies, no personal data)
  • PostgreSQL: For secure data storage

These services have their own privacy policies. We encourage you to review them:

11. Children's Privacy

Formbot is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

12. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. We will take all steps reasonably necessary to ensure that your data is treated securely.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have a question about any of the Privacy Policy, please contact support@tryformbot.com.