Privacy

Privacy Policy

We care about your privacy. Learn how Form500mg collects, uses, and protects your personal information.

Last Updated: February 19, 2026

1. Introduction

This Privacy Policy describes how Form500mg ("Company," "we," "us," or "our") collects, uses, processes, and protects your personal information when you visit our website at form500mg.online, use our applications, or interact with our services (collectively, the "Services").

By using our Services, you agree to the collection, use, and processing of your information as described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, and profile details when you create an account.

Form Data: Content you create, including form fields, questions, settings, and configurations.

Response Data: Data submitted by respondents through forms you create (processed on your behalf).

Payment Information: Billing details processed securely through our third-party payment processor. We do not store full payment card details.

Communications: Information you provide when you contact us for support or feedback.

2.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, and device identifiers.

Usage Data: Pages visited, features used, forms created, time spent, and interaction patterns.

Log Data: Server logs, error reports, and performance metrics.

Cookies & Tracking: We use cookies and similar technologies for functionality, analytics, and security.

2.3 Information from Third Parties

Authentication Providers: If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.

Analytics Services: Aggregated usage data from analytics providers.

3. How We Use Your Information

Provide and maintain the Services: Create and manage your account, host your forms, collect responses, and deliver features.

Send transactional emails: Notify form creators of new submissions and send submission confirmations to respondents (via Amazon SES).

Process payments: Handle subscription billing and invoicing.

Improve the Services: Analyze usage patterns, debug issues, and develop new features.

Ensure security: Detect and prevent fraud, abuse, and unauthorized access.

Communicate with you: Respond to support requests and send essential service updates.

Comply with legal obligations: Fulfill regulatory and legal requirements.

4. AI Data Processing

Form500mg uses artificial intelligence (Google Gemini API) to assist users in creating and modifying forms. When you use our AI features:

Your text prompts are sent to Google's Gemini API for processing.

We do not use your form data or response data to train, fine-tune, or improve any AI/ML models.

AI-generated outputs (form structures, field suggestions) are processed in real-time and not stored by the AI provider beyond the request lifecycle.

Your prompts may be logged internally for service improvement and debugging purposes, in an anonymized and aggregated manner.

5. Email Communications via Amazon SES

We use Amazon Simple Email Service (AWS SES) as our email delivery provider. We send only transactional emails — we do not send marketing, promotional, or bulk emails.

5.1 Form Submission Notifications

When a respondent submits a response to a form, the form creator receives a notification email containing the form name, submission timestamp, and a link to view the response in their dashboard. Form creators can disable these notifications in their form settings at any time.

5.2 Submission Confirmation to Respondents

When a respondent completes a form, they may receive a one-time confirmation email with a copy of their submitted responses. This email is only sent when the form creator has explicitly enabled the "send response copy" feature and the respondent has voluntarily provided their email address. No further emails are sent to respondents.

5.3 Account & Service Emails

We send essential account-related emails including email verification, password reset, billing receipts, and critical service notifications. These are necessary for the operation of your account.

5.4 Bounce & Complaint Handling

We actively monitor email delivery through AWS SNS notifications. Hard-bounced email addresses are immediately suppressed. Any complaints result in instant suppression and internal review. We maintain bounce rates below 5% and complaint rates below 0.1%.

7. Data Retention

Account Data: Retained as long as your account is active. After deletion, data is purged within 30 days, except where retention is required by law.

Form & Response Data: Retained as long as the form exists in your account. Deleted when you delete a form or your account.

Log Data: Server logs are retained for up to 90 days for security and debugging purposes.

Billing Records: Retained for up to 7 years as required by tax and financial regulations.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption

In transit (HTTPS/TLS) and at rest

Authentication

JWT tokens and OAuth 2.0

Security Reviews

Regular vulnerability assessments

Access Controls

Need-to-know basis only

While we take reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of your personal data

Correction: Request correction of inaccurate data

Deletion: Request deletion of your data

Portability: Get data in machine-readable format

Restriction: Limit processing in certain cases

Objection: Object to processing on legitimate interests

Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, contact us at business@idreambiz.co. We will respond within 30 days.

EEA, UK & Swiss Residents

We process your data under: (a) contract performance; (b) legitimate business interests; (c) your consent; and (d) legal compliance. For data transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) as described in our Data Processing Agreement.

US Residents (California, Colorado, Virginia, etc.)

Residents of states with comprehensive privacy laws have additional rights including the right to know what data is collected, the right to opt out of targeted advertising, and the right to non-discrimination. We do not sell personal information or use it for targeted advertising.

10. Cookies

Essential Cookies

Required for authentication, security, and basic functionality.

Analytics Cookies

Help us understand how users interact with our Services to improve the experience.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Services.

11. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at business@idreambiz.co.

12. International Data Transfers

Our servers are located in the United States. If you access the Services from outside the US, your data may be transferred to and processed in the US, where data protection laws may differ from your jurisdiction. For EEA/UK transfers, we use Standard Contractual Clauses to ensure adequate protection.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. The "Last Updated" date at the top indicates when this policy was last revised.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices:

business@idreambiz.co form500mg.online