Skip to content
← Back to home

Privacy Policy

Last updated: May 15, 2026

1. Who we are

DodoForm ("we," "us," "our") is an AI-powered form builder operated at dodoform.com. This policy explains how we collect, use, store, and protect personal data when you use our website, dashboard, APIs, and public forms.

2. Data we collect

Account data

When you sign up we store your email address, name (if provided via Google OAuth), and a hashed authentication token. We do not store your Google password.

Form content

Form schemas, field labels, logic rules, themes, and version history you create in the editor.

Submission data

Responses submitted by visitors to your published forms, including structured field values, optional file uploads, and metadata (timestamp, anonymized IP hash, user agent).

Usage analytics

Anonymous field-level interaction events (focus, blur, completion) used to power the drop-off heatmap and friction analysis. These are keyed by a random session token, not by any personally identifiable information.

AI processing

When you use AI form generation or messy-input extraction, the text/audio/image you provide is sent to our AI provider (Google Gemini) for processing. We log the prompt, token counts, and latency for billing and debugging. We do not use your data to train AI models.

Payment data

Billing is handled by our payment processor. We store your subscription status and customer ID but never see or store your credit card number.

3. How we use your data

  • Provide, maintain, and improve the DodoForm service.
  • Generate forms and extract structured data from messy input via AI.
  • Compute analytics, lead scores, and sentiment insights for form owners.
  • Send transactional emails (submission notifications, password resets).
  • Enforce rate limits, prevent abuse, and maintain security.
  • Process payments and manage subscriptions.
  • Respond to support requests.

4. Data sharing

We do not sell your data. We share data only with:

  • Infrastructure providers — Supabase (database, auth, storage), Vercel (hosting), Upstash (rate limiting). These process data on our behalf under their own privacy policies.
  • AI providers— Google (Gemini API) for form generation and data extraction. Prompts are not used for model training per Google's API data usage policy.
  • Payment processor — for subscription billing.
  • Form owner integrations — when a form owner configures webhooks, Zapier, or other integrations, submission data is forwarded to those endpoints as configured by the owner.
  • Law enforcement — only when required by valid legal process.

5. Data retention

Account data is retained while your account is active. Submission data is retained until the form owner deletes it or deletes their account. AI prompt audit logs are retained for 90 days. Partial submission drafts are retained for 90 days then automatically purged.

6. Security

All data is encrypted in transit (TLS) and at rest. Database access is governed by row-level security policies. AI queries execute under a read-only role with constrained query plans — no raw SQL reaches the database. Webhook payloads are HMAC-signed.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You can:

  • Export all submissions as CSV/Excel from the dashboard.
  • Delete individual forms and their submissions from the dashboard.
  • Delete your entire account from Settings (this is irreversible).
  • Contact us at privacy@dodoform.com for any data request we don't cover in the UI.

8. Cookies

We use essential cookies for authentication (Supabase session) and workspace selection. We do not use advertising or third-party tracking cookies. Form owners may optionally enable Facebook Pixel or Google Tag Manager on their public forms — those are governed by the form owner's own privacy policy, not ours.

9. Children

DodoForm is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a dashboard notification. Continued use of the service after changes constitutes acceptance.

11. Contact

Questions about this policy? Email privacy@dodoform.com.