Brieform Logo
Brieform

Legal

Privacy Policy

Last updated: February 26, 2026

1. Who we are

Brieform (“we”, “us”, “our”) operates the Brieform service at brieform.app. We are an AI-powered form builder. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

If you have questions, contact us at: dany@brieform.app

2. Information we collect

Account information

When you create an account, we collect your name, email address, and (if using OAuth) your Google profile picture. We do not collect or store passwords in plain text — authentication is handled via secure hashed credentials or OAuth tokens.

Forms and responses

We store the forms you create (fields, themes, settings) and the responses submitted by your form respondents. You own this data entirely.

Usage data

We collect basic usage data such as pages visited, features used, and error logs to improve the service. This data is aggregated and never linked to individual identities for analysis purposes.

For published forms, we record page views and traffic referrers (hostname only). Platform operators may view aggregate analytics across published forms—submission volumes, traffic sources, and trends. These dashboards do not display individual response contents.

Account sign-up

When you create an account, we collect your email address to provide access to the service and send relevant product updates. You can unsubscribe at any time via the link in any email.

3. How we use your information

  • To provide, operate, and improve the Brieform service
  • To send transactional emails (password reset, email verification)
  • To send early access and product update emails (opt-out available)
  • To respond to support inquiries
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not sell your data. We do not use your form responses to train AI models. We do not share your personal information with third parties except as described in this policy.

4. Data sharing and third parties

We share data with a limited set of trusted service providers solely to operate the service:

  • Database hosting — PostgreSQL hosted on a secure cloud provider (EU or US region)
  • Email delivery — Resend, for transactional emails only
  • AI processing — Your prompts to generate forms are processed via an AI gateway using providers whose terms prohibit training on API inputs.
  • Authentication — Google OAuth (only if you choose to sign in with Google)

We select providers with appropriate data handling commitments and limit data sharing to what is strictly necessary to operate the service.

5. Cookies

We use a minimal set of cookies required to operate the service:

  • Session cookie — keeps you logged in during your session
  • CSRF token — protects against cross-site request forgery

We do not use advertising cookies, third-party tracking pixels, or analytics that identify individuals.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, all associated forms, responses, and personal data are permanently deleted within 30 days.

Form responses submitted by your respondents are retained until you delete them or close your account. Respondents wishing to exercise their GDPR rights (access, erasure, etc.) over their submitted data may contact either the form owner (the data controller) or us directly at dany@brieform.app.

7. Your rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and data
  • Portability — export your data in a machine-readable format
  • Objection / Restriction — object to or restrict certain processing
  • Opt-out of sale — we don't sell data, but you may request confirmation

To exercise any of these rights, email us at dany@brieform.app. We will respond within 30 days.

8. Security

All data is encrypted in transit (TLS) and at rest. We follow security best practices including hashed passwords, signed session tokens, and principle of least privilege for internal access. See our Security page for full details.

9. Children

Brieform is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. We will notify you via email or an in-app notice at least 14 days before material changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact

For privacy inquiries: dany@brieform.app