Privacy Policy

IdeaForm is an AI-native form builder operated by Peak Pulse (“we”, “us”, “our”). If you have questions about this policy, contact us at privacy@ideaform.co.

We collect the following categories of data:

• Account data — your email address, name, and profile image when you sign in (including via Google OAuth).
• Usage data — pages visited, features used, forms created, AI prompts submitted, and session timestamps. This is collected via server-side logs and first-party analytics.
• Form and response data — the forms you build and the responses your respondents submit through those forms.
• Billing data — payment processing is handled entirely by Stripe. We store only your subscription plan and billing status; we never see or store your full card details.
• Device and browser data — IP address, browser type, operating system, and referring URL, collected automatically when you use the Service.

We use your data to:

• Provide, operate, and improve the Service.
• Authenticate your identity and manage your account.
• Process payments and manage subscriptions.
• Send transactional emails such as magic-link sign-in emails and billing receipts.
• Respond to support requests and communicate important service updates.
• Detect and prevent abuse, fraud, and security incidents.
• Analyze aggregated, anonymized usage trends to improve the product.

We do not sell your personal data to third parties. We do not use your form response data for AI training without your explicit opt-in.

When you use AI form generation, your prompts are sent to our AI providers (currently OpenRouter and OpenAI) to produce form structures. These providers process your prompts under their own data retention and usage policies. We recommend avoiding entering sensitive personal information in prompts.

We may retain your prompts in our database to display generation history and to improve our own prompt-handling logic. Aggregated, anonymized prompt patterns may be used to improve the Service.

We use the following types of cookies and similar technologies:

• Session cookies — to keep you signed in and maintain your workspace context.
• Preference cookies — to remember your theme (light/dark) and other UI settings.
• Analytics cookies — first-party only, used to understand how the product is used. We do not use Google Analytics or other third-party ad-tracking cookies.

You can disable cookies in your browser settings, but doing so may affect the functionality of the Service.

We share data only with the following categories of third parties:

• Infrastructure providers — hosting, databases, and CDN (e.g., Vercel, Neon, AWS). Data is processed under their respective data processing agreements.
• Payment processor— Stripe, for subscription billing. Stripe's privacy policy governs payment data.
• AI providers — OpenRouter and OpenAI, for processing AI generation prompts.
• Email delivery — a transactional email provider (e.g., Resend) to deliver magic-link sign-in emails.

We may also disclose data when required by law, court order, or to protect the rights and safety of our users or the public.

We retain your account data for as long as your account is active. Form data and responses are retained until you delete them or close your account. After account deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized, aggregated usage data may be retained indefinitely.

Depending on your location, you may have the following rights over your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — request deletion of your personal data (right to erasure).
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to certain processing activities.
• Restriction — ask us to restrict processing of your data in certain circumstances.

To exercise any of these rights, email us at privacy@ideaform.co. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

IdeaForm is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

IdeaForm is operated from and primarily serves users globally. If you are located in the European Economic Area, United Kingdom, or Switzerland, please be aware that your data may be transferred to and processed in countries that may not offer the same level of data protection as your home country. When we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or concerns, contact us at privacy@ideaform.co. For general questions, visit our Terms of Service.