Privacy Policy

1. Information We Collect

DirectForm collects only the data necessary to provide the form backend service. This includes:

• Your account email address and authentication credentials
• SMTP configuration details (stored encrypted)
• Form submission data sent through your endpoints
• Basic usage analytics (page views, form submission counts)

2. How We Use Your Data

Your data is used solely to operate the DirectForm service — routing form submissions, sending email notifications via your SMTP provider, and maintaining your dashboard. We never sell, rent, or share your personal data or form submission data with third parties.

3. Data Storage & Security

All data is stored securely using Supabase with encryption at rest. SMTP passwords are encrypted before storage. We use HTTPS everywhere and follow security best practices including HSTS, CSP headers, and rate limiting.

4. Your Rights

You can export all your form submissions as CSV at any time from your dashboard. You may delete your account and all associated data by contacting us. We will process deletion requests within 30 days.

5. Cookies

DirectForm uses only essential cookies required for authentication and session management. We do not use any tracking cookies or third-party analytics scripts.

6. Contact

If you have questions about this privacy policy, please reach out via the contact form on our homepage.