Back to Formlio

Privacy Policy

Last updated: February 10, 2026

Introduction

Formlio ("we," "our," or "us") is an online form builder and workflow automation platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, including how we handle data from third-party integrations such as Google APIs.

By using Formlio, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

1. Google User Data Access

Formlio integrates with Google services to enhance your workflow automation. We access Google user data only after you provide explicit consent through Google's OAuth authentication process.

Data We Access:

  • Google Sheets: We access only the specific spreadsheets you select for form submission storage. We do not access spreadsheets you have not explicitly connected.
  • Google Drive Metadata: We access limited metadata (file names and IDs) solely to display a list of your spreadsheets for selection. We do not access, read, or store the contents of files you have not selected.
  • Google Calendar: When you enable the Google Calendar integration, we access your calendar only to create events based on form submissions. Calendar access is limited to event creation in calendars you explicitly authorize.

2. How We Use Google User Data

We use Google user data strictly to perform actions you explicitly request:

  • Form Submission Storage: When you connect a Google Sheet to a form, we write form submission data to that spreadsheet.
  • Calendar Event Creation: When you enable Google Calendar integration, we create calendar events based on form submission data.
  • User-Initiated Actions Only: Data is processed only when an integration is actively enabled by you and triggered by a form submission. We do not access your Google data in the background or without your explicit action.

We do not:

  • Use Google user data for advertising or marketing purposes
  • Analyze your Google data for purposes unrelated to providing our services
  • Access your Google data when integrations are disabled

3. Data Storage & Security

We take the security of your data seriously and implement industry-standard practices:

  • OAuth Token Security: Google OAuth access tokens and refresh tokens are encrypted using AES-256 encryption before storage. Tokens are stored securely and are never exposed in logs or API responses.
  • Minimal Data Retention: Formlio does not permanently store the contents of your Google Sheets or Calendar data. We only temporarily process data during the execution of integrations.
  • Secure Transmission: All data transmitted between Formlio and Google services uses HTTPS/TLS encryption.
  • Access Controls: Access to backend systems is restricted to authorized personnel only, with audit logging enabled.

4. Data Sharing & Selling

Formlio does NOT sell Google user data to any third party.

Formlio does NOT share Google user data with third parties except as necessary to fulfill user-requested integrations (e.g., writing to a Google Sheet you have authorized).

We may share data only in the following limited circumstances:

  • With your explicit consent
  • To comply with legal obligations or valid legal requests
  • To protect the rights, safety, or property of Formlio or our users

5. User Control & Data Deletion

You have full control over your data and integrations:

  • Disconnect Integrations: You can disconnect any Google integration at any time from the Integrations panel in your form settings.
  • Immediate Revocation: When you disconnect a Google integration, Formlio immediately deletes the stored OAuth tokens and revokes access to your Google services.
  • Google Account Settings: You can also revoke Formlio's access directly from your Google Account settings at https://myaccount.google.com/permissions
  • Account Deletion: You may request deletion of your Formlio account and all associated data by contacting us at privacy@formlio.app

6. Google API Services Compliance

Formlio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure:

Formlio limits its use of Google user data to providing and improving user-facing features that are visible and prominent in our application's user interface. We do not use Google user data for:

  • Serving advertisements
  • Training machine learning or AI models unrelated to providing the service
  • Any purpose other than providing the specific integration features you enable

7. Other Data We Collect

In addition to Google integration data, Formlio collects:

  • Account Information: Email address and password (hashed) for account creation and authentication.
  • Form Data: Forms you create and submissions you receive are stored securely on our servers.
  • Usage Data: Basic analytics about how you use our service to improve functionality.

8. Cookies

Formlio uses essential cookies for authentication and session management. We do not use tracking cookies for advertising purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of Formlio after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@formlio.app

Website: https://formlio.app

Made with Emergent