Privacy policy

Last updated: May 8, 2026

This privacy policy describes how splitforms.com ("we", "us") collects, uses, and protects information about you when you use our service. We aim for the shortest, plainest policy we can write while still being honest.

What we collect

Account data. When you sign up, we store your email address and (optionally) a display name. If you sign in with Google, we additionally receive the email address and name from your Google profile. We do not request or store any other Google data.

Form submissions.When a visitor submits a form using your access key, we store the submitted fields, the visitor's IP address, user agent, and referer. Submissions are visible only to you (the form owner) and our service operators for support and spam-prevention purposes.

Usage. We log basic request metadata (IP, path, status code) for operational monitoring and abuse prevention. We do not run third-party analytics on your dashboard.

What we don't do

We don't sell or rent your data. We don't share submission contents with third parties unless legally required. We don't send marketing emails to your form submitters — they only receive mail you (or your auto-responder) explicitly send.

Data retention

Submissions are retained for the lifetime of your account. You can delete individual submissions or your entire account at any time from the dashboard. When you delete your account, all associated submissions, forms, and webhooks are deleted within 30 days.

Subprocessors

We use the following services to operate splitforms.com:

• Supabase(database, auth) — submissions and account data are stored on Supabase's managed Postgres in the region you signed up under.
• Hostinger (compute, hosting) — runs the application servers and email infrastructure.
• Vercel (CDN, edge) — may serve static assets and handle DNS routing.
• Google(OAuth) — only invoked when a user clicks "Continue with Google" on the login page.

Security

All traffic is encrypted in transit via TLS. Submissions are encrypted at rest. Database access is restricted to a small set of service operators. You can lock your access key to specific domains to prevent unauthorized use.

Your rights (GDPR, CCPA)

You can access, correct, export, or delete any of your data at any time from the dashboard. For GDPR/CCPA-specific requests, email hello@splitforms.com and we'll respond within 30 days.

Changes

If we make material changes to this policy, we'll email registered account holders at least 30 days before the change takes effect.

Contact

Questions or concerns? hello@splitforms.com