Privacy Policy

Last updated: 7/3/2026

1. Data Controller

GenXForm ("we", "us", "our") is the data controller for personal data collected through this application. By using GenXForm, you consent to the collection and use of your data as described in this policy.

2. Information We Collect

  • Account Data: Email address, full name, and hashed password when you create an account.
  • Form Data: Form schemas and configurations you create within the platform.
  • Submission Data: Responses collected through your published forms.
  • Usage Data: API usage counts, feature usage, and technical diagnostics.
  • Session Data: Authentication tokens stored as HTTP-only cookies.

3. How We Use Your Data

  • To provide and maintain the GenXForm service
  • To authenticate your identity and secure your account
  • To process form submissions on your behalf
  • To enforce usage limits and prevent abuse
  • To communicate important service updates

4. Data Storage & Security

All data is stored on Cloudflare's global infrastructure. Passwords are hashed using PBKDF2 with salt. Sessions use cryptographically secure tokens stored in HTTP-only, Secure, SameSite=Strict cookies. We implement industry-standard security measures including rate limiting, CORS enforcement, and input sanitization.

5. Data Retention

We retain your data for as long as your account is active. You may request deletion of all your data at any time (see Section 7). Audit logs are retained for compliance purposes and may be kept for up to 12 months after account deletion.

6. Third-Party Services

GenXForm uses OpenAI's API for AI-powered form generation features. When you use AI generation, your form prompts are sent to OpenAI for processing. We set temperature to 0 for deterministic output and implement prompt injection guards and output safety validation.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Right of Access (Article 15): Request a copy of all your personal data.
  • Right to Rectification (Article 16): Request correction of inaccurate data.
  • Right to Erasure (Article 17): Request deletion of all your data.
  • Right to Data Portability (Article 20): Export your data in a machine-readable format.

To exercise these rights, use the data export and account deletion features in your account settings, or contact us at privacy@genxform.ai.

8. Contact

For privacy-related inquiries, contact us at privacy@genxform.ai.