WebFormafy

Privacy Policy

Your privacy is important to us. This policy explains how WebFormafy, operated by Sky Grid Developments LLC, collects, uses, shares, and protects your information.

Last updated: March 10, 2026

Your privacy is our top priority. We never sell your data. You control your information, and you can delete your account and all associated data at any time.

Your Privacy in 30 Seconds

Encrypted

HTTPS + TLS everywhere

You Control It

Access, export, or delete

PCI Compliant

No card data stored

Minimal Tracking

Only essential cookies

Full Deletion

Delete everything instantly

Never Sold

No data brokers. Ever.

What We Collect & How We Use It

Information We Collect

Account: Name, email, password (hashed), and organization details when you register.
Form Data: Data you collect via forms, menus, and auctions is stored securely and only accessible to you and authorized collaborators.
Orders & Payments: Order details, tip amounts, and shipping info. We never store credit card numbers.
Usage Analytics: Page views, form conversion rates, device info, heatmap interactions, and drop-off analysis.
Auction Activity: Bids, watchlists, trust scores, and bidding history.

How We Use Your Information

To provide and maintain the WebFormafy platform (forms, menus, auctions, organizations).
To process orders, payments, and auction settlements.
To generate analytics, A/B test results, and conversion insights for your forms.
To send notifications — email, Slack, and in-app — about submissions, orders, bids, and account activity.
To power AI features (form field suggestions, headline generation) via OpenAI.
To comply with legal obligations.

Data Security

In Transit: All data encrypted via HTTPS/TLS.
At Rest: Sensitive tokens encrypted using .NET Data Protection API. Database protected with SQL Server TDE.
Rate Limiting: API (100 req/min), form submissions (5/min per IP), webhooks (10/min per IP).
Security Headers: X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy enforced on all responses.
CSRF Protection: Anti-forgery tokens on all state-changing operations.
Audit Logging: All user actions, authentication events, and data access are logged.

Third-Party Services & Data Sharing

Payment Processors

We never store credit card data. All payment processing is handled by PCI-compliant third-party providers:

Stripe — Checkout, subscriptions, Connect marketplace, auction escrow payouts. Privacy Policy
PayPal — Checkout and subscription billing. Privacy Policy
Square — Online checkout. Privacy Policy
Google Pay — Mobile checkout. Privacy Notice

These providers receive only the payment and billing data necessary to process your transaction.

CRM & Integrations

When you choose to enable an integration, form submission data may be sent to:

HubSpot — Contacts/leads from form submissions (OAuth 2.0). Privacy Policy
Salesforce — Leads/contacts (OAuth 2.0). Privacy Policy
Mailchimp — Email list subscribers (OAuth 2.0). Privacy Policy
Google Sheets — Submission data appended to spreadsheets (OAuth 2.0). Privacy Policy
Slack — Notification messages via webhooks. Privacy Policy
Zapier / Webhooks — Data sent to your configured webhook endpoints with HMAC-signed payloads.

Integrations are opt-in only. You can disconnect any integration at any time, and all stored OAuth tokens are immediately cleared.

AI Services

When you use the AI Form Designer, your form goal description and field context are sent to OpenAI to generate field suggestions, headlines, and CTAs.
No personal user data (names, emails, submission content) is sent to OpenAI — only form design prompts.
OpenAI Privacy Policy

Infrastructure & Operations

SendGrid — Transactional email delivery (account confirmations, notifications). Privacy Policy
Azure / Cloud Hosting — Application hosting, database, and storage. Privacy Statement
Application Insights — Performance monitoring and error tracking (no PII collected).

We do not sell, rent, or share your data with data brokers, advertisers, or any third parties not listed above.

Data Retention & Your Rights

Data Retention

Form Submissions: Retained per your subscription tier limits. You can delete individual submissions or all data at any time.
Audit Logs: 90 days minimum (anonymized upon account deletion).
Webhook Logs: 30 days retention, then automatically purged.
Analytics Data: Form views, heatmaps, and conversion data are retained while your account is active.
Deleted Accounts: All data — forms, menus, auctions, orders, integrations, submissions, analytics, organizations, and messaging — is permanently deleted immediately upon account deletion.

Your Rights

Access: View all your stored data via your account dashboard.
Update: Edit your profile, organization, and form data at any time.
Export: Request a full export of your data by contacting support.
Delete: Delete your account and all associated data from your account settings. This action is immediate and irreversible — it removes all forms, submissions, menus, orders, auctions, bids, organizations, integrations, analytics, and messaging data.
Disconnect Integrations: Revoke any connected CRM, payment, or notification integration at any time. All stored OAuth tokens are immediately cleared.

To exercise any of these rights, visit your account settings or contact us at skygridobe@gmail.com.

Cookies & Tracking

Cookies We Use

Authentication Cookies: Required. Used to keep you signed in and manage your session.
Anti-Forgery Cookies: Required. Used for CSRF protection on all forms and API calls.
Theme Preference: Optional. Stores your light/dark mode preference.

We do not use third-party advertising cookies or social media tracking pixels.

Analytics We Collect

Form Analytics: Page views, submission rates, drop-off points, and conversion funnels — tied to your forms, not to individual visitors' identities.
Heatmaps: Click and interaction patterns on your forms to help you optimize layouts.
Device & Browser: Aggregate device type, browser, and screen size data for responsive design insights.
Application Performance: Page load times and error rates via Application Insights (no PII).

You can control cookies via your browser settings. Disabling authentication cookies will prevent you from signing in.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

Contact Us

If you have questions about this policy, your data, or want to exercise your rights, contact us:

Sky Grid Developments LLC

skygridobe@gmail.com

Email Support