fillform
Terms of ServiceSign up free

Last updated: April 12, 2026

Privacy Policy

This Privacy Policy explains what data fillform collects, how we use it, and your rights. We keep it short and plain.

1. Who We Are

fillform is a no-code form builder that lets you create forms, publish public links, and collect responses. References to "we", "us", or "fillform" in this policy refer to the fillform service and its operators.

2. Data We Collect

Account data

When you create an account we collect your name, email address, and a bcrypt-hashed version of your password. We never store plain-text passwords.

Form and response data

We store the forms you build (titles, field definitions) and every response submitted to your forms by third parties (names, emails, phone numbers, and any custom field values they enter).

Usage and analytics data

We use Cloudflare Web Analytics to understand aggregate traffic patterns. Cloudflare's analytics are privacy-focused and do not use cookies or fingerprint individual visitors. No personal data is sent to Cloudflare.

3. How We Use Your Data

  • To provide and operate the Service (authentication, storing forms and responses).
  • To maintain session security using short-lived JWT access tokens and 7-day refresh tokens stored in secure cookies.
  • To understand aggregate usage patterns and improve the Service.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Cookies and Local Storage

fillform uses cookies solely for authentication — specifically to store your access token and refresh token. These cookies are marked SameSite=Strict and Secure in production. We do not use tracking or advertising cookies.

5. Data Storage and Security

Your data is stored in a hosted PostgreSQL database (Neon). We use TLS for all data in transit and apply standard security practices. No system is completely secure, but we take reasonable steps to protect your information.

6. Third-Party Services

ServicePurposeData shared
Neon (PostgreSQL)Database hostingAll application data
Cloudflare AnalyticsAggregate traffic statsNo personal data

7. Form Respondents

If you submit a response to a public fillform form, your submission is stored and visible to the form owner. You should review the form owner's own privacy practices before submitting. fillform acts as a data processor on behalf of the form creator in this context.

8. Your Rights

  • Access & export — Download your form data and responses as CSV from the dashboard at any time.
  • Deletion — Delete individual forms and responses from the dashboard, or delete your entire account to remove all associated data.
  • Correction — Update your account name or email via account settings.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will update the "Last updated" date above when changes are made. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy questions or data requests, please reach out via the contact information provided on the fillform website.

Also see our Terms of Service