DropForm collects only the data that users intentionally submit through forms connected to the Service. We do not collect unnecessary personal data, and all collected data is processed solely for the purpose of providing form handling and submission management functionality.

DropForm is designed to support compliance with major data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We provide tools that allow users to access, export, delete, and manage their submitted data in accordance with applicable privacy laws.

All DropForm data is stored and processed on secure servers located within the European Union (EU). This ensures strong data protection standards and compliance with EU data residency requirements.

We apply industry-standard security measures to protect data, including encryption in transit using HTTPS/TLS and encryption at rest for stored submissions. Our infrastructure is hosted in secure, compliant EU data centers and is regularly monitored and updated.

Access to user data is restricted to authorized personnel only and is protected by role-based access controls. All access to production systems is logged to support accountability, security reviews, and compliance audits.

DropForm provides user-configurable data retention policies, including automatic deletion of submissions after a defined period. Users may also manually delete or anonymize data at any time and export submissions prior to deletion.

In accordance with GDPR and CCPA, users have the right to access their data, export it in a machine-readable format, request correction or deletion, and withdraw consent where applicable. DropForm provides tools to support these rights.

All payments are processed by Stripe, an industry-standard payment provider. DropForm does not store or process credit card or billing information on its own servers.

Where third-party services are used, DropForm ensures they meet high security and compliance standards and maintains appropriate data processing agreements with such providers.

Security and compliance are ongoing commitments. DropForm regularly reviews and improves its policies, infrastructure, and processes to address evolving threats and regulatory changes.

For security or compliance-related questions, please contact us at info@dropform.app.