At FormDraft ("we," "our," or "us"), we are committed to protecting your privacy and ensuring that your personal information is handled responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at form-draft.com and use our document generation services. Please read this policy carefully. By using FormDraft, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, subscribe to our services, or contact us, we may collect the following personal information:

Account Information: Your name, email address, and password when you register for a FormDraft account. If you sign up through a third-party service (such as Google), we receive your name and email from that provider.
Payment Information: When you subscribe to a paid plan, our payment processors (Stripe and Asaas) collect your billing details, including credit card number, billing address, and transaction history. We do not store your full credit card number on our servers.
Document Data: The content you input when creating and customizing documents, including business names, addresses, contract terms, and other information specific to your documents.
Communication Data: Any messages, feedback, or support requests you send to us through email, contact forms, or other communication channels.
Profile Information: Optional details you add to your profile, such as company name, industry, and job title.

1.2 Information Collected Automatically

When you access or use FormDraft, we automatically collect certain technical and usage information:

Device Information: Your IP address, browser type and version, operating system, device type, and screen resolution.
Usage Data: Pages visited, features used, templates accessed, documents generated, time spent on each page, click patterns, and navigation paths.
Log Data: Server logs that record your requests, including timestamps, URLs, referring pages, and error information.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activity. See our Cookie Policy for detailed information.

1.3 Information from Third Parties

We may receive information about you from third-party services, including authentication providers (when you sign in with Google or other social accounts), payment processors (transaction confirmations), and analytics services (aggregated usage data).

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, operate, and maintain our document generation platform, process your document requests, and deliver customized templates.
Account Management: To create and manage your account, authenticate your identity, and process subscription payments.
Platform Improvement: To analyze usage patterns, identify bugs, test new features, and improve our AI models and template library.
Communication: To send you service-related notifications, respond to your inquiries, provide customer support, and send important updates about changes to our services or policies.
Marketing: With your consent, to send promotional emails about new features, templates, or special offers. You can opt out of marketing emails at any time by clicking the unsubscribe link.
Security: To detect, prevent, and address technical issues, fraud, and unauthorized access to our platform.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable government requests.
Analytics and Advertising: To understand how our platform is used, measure the effectiveness of our marketing campaigns, and serve relevant advertisements through third-party advertising partners such as Google AdSense.

3. Cookies and Tracking Technologies

FormDraft uses cookies and similar technologies to enhance your experience on our platform. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you interact with our services.

3.1 Types of Cookies We Use

Essential Cookies: Required for the platform to function properly. These include session cookies for authentication, CSRF protection tokens, and load balancing cookies. You cannot opt out of essential cookies.
Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use Google Analytics to track page views, session duration, and user flows.
Advertising Cookies: Used by our advertising partners, including Google AdSense, to serve relevant advertisements based on your browsing history. These cookies may track your activity across different websites.
Preference Cookies: Store your settings and preferences, such as language selection, theme preference, and previously selected template categories.

For more details about our cookie usage and how to manage your cookie preferences, please visit our Cookie Policy page.

4. Third-Party Services

We integrate with the following third-party services to provide and improve our platform:

Stripe and Asaas: Payment processing. These providers have their own privacy policies governing how they handle your payment data.
OpenAI: AI-powered document generation. When you use our AI features, your document prompts are processed by OpenAI. We do not send personally identifiable information to OpenAI — only the document content necessary for generation.
Google Analytics: Website analytics. Collects anonymized usage data to help us understand traffic patterns and user behavior.
Google AdSense: Advertising. May use cookies and web beacons to serve advertisements based on your prior visits to our site and other sites on the Internet.
Vercel: Hosting and content delivery. Processes server requests and may log IP addresses for security and performance monitoring.

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

5. Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security).
Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. All access is logged and monitored.
Regular Audits: We conduct regular security assessments and vulnerability testing to identify and address potential risks.
Secure Infrastructure: Our servers are hosted in secure, SOC 2-compliant data centers with physical access controls, fire suppression, and redundant power systems.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing best practices and promptly addressing any security incidents.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

Account Data: Retained for the lifetime of your account. Upon account deletion, personal data is removed within 30 days.
Document Data: Your generated documents are stored for the duration of your account. Deleted documents are permanently removed within 30 days.
Payment Records: Transaction records are retained for 7 years as required by tax and financial regulations.
Log Data: Server logs are retained for 90 days for security and debugging purposes, then automatically deleted.
Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for trend analysis.

7. Your Rights

7.1 Under GDPR (European Economic Area)

If you are located in the EEA, you have the following rights under the General Data Protection Regulation:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing: Request that we limit how we use your data.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to the processing of your personal data for certain purposes, including direct marketing.
Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent as a legal basis.

7.2 Under LGPD (Brazil)

If you are located in Brazil, the Lei Geral de Protecao de Dados grants you similar rights:

Confirmation of the existence of data processing
Access to your personal data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or deletion of unnecessary or excessive data
Data portability to another service provider
Deletion of data processed with your consent
Information about public and private entities with whom we share your data
Information about the possibility of denying consent and its consequences
Revocation of consent

7.3 Under CCPA (California)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Request deletion of your personal information
Opt out of the sale of your personal information (we do not sell personal data)
Non-discrimination for exercising your privacy rights

8. Children's Privacy

FormDraft is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have inadvertently collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at [email protected].

9. International Data Transfers

FormDraft operates globally, and your data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission, and we comply with applicable data protection laws in all jurisdictions where we operate.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, by sending you an email notification or displaying a prominent notice on our platform.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: [email protected]
General Support: [email protected]
Data Protection Officer: [email protected]

We will respond to your inquiry within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.