This Data Processing Addendum ("DPA") forms part of the main agreement ("Agreement") between Formo. ("Formo", "we", "us", or "our") and the customer ("Customer") for the provision of services by Formo (the "Services") as defined in the Agreement.
1. Definitions
Personal Data refers to any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.
Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, retrieval, use, disclosure, and erasure.
Sub-processor means any third party engaged by Formo that processes Personal Data on behalf of the Customer.
Data Protection Laws means all applicable laws relating to data protection and privacy, including: (a) the General Data Protection Regulation (EU) 2016/679 ("GDPR"); (b) the UK Data Protection Act 2018 and the UK GDPR; (c) the Swiss Federal Act on Data Protection; (d) the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"); and (e) any other applicable data protection legislation.
Standard Contractual Clauses means: (a) for transfers from the EEA, the standard contractual clauses approved by Commission Implementing Decision (EU) 2021/914; (b) for transfers from the UK, the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner; and (c) for transfers from Switzerland, the EU SCCs with modifications required under Swiss law.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed.
Scope and Applicability
This DPA applies when Formo processes Personal Data on behalf of the Customer in connection with the provision of the Services. This DPA is subject to the terms of the Agreement and reflects the parties' agreement about the processing of Personal Data.
3. Customer Responsibilities
The Customer is responsible for ensuring that the processing of Personal Data complies with all applicable data protection laws and regulations.
The Customer must provide clear instructions to Formo for the processing of Personal Data as required by applicable law.
4. Formo's Obligations
Formo will only process Personal Data on behalf of the Customer in accordance with the Customer's documented instructions, including those set forth in the Agreement and this DPA.
Formo will ensure that all personnel authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Formo will implement and maintain appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, alteration, or disclosure.
5. Sub-processors
5.1 General Authorization
The Customer provides Formo with general written authorization to engage the Sub-processors listed in Annex III to process Personal Data on behalf of the Customer.
5.2 Sub-processor Obligations
Formo shall enter into a written contract with each Sub-processor imposing data protection obligations equivalent to those set forth in this DPA. Where a Sub-processor fails to fulfill its data protection obligations, Formo shall remain fully liable to the Customer for the performance of that Sub-processor's obligations.
5.2 Notification of Changes
Formo may update the list of Sub-processors from time to time, providing the Customer with notice of such update at least fourteen (14) days in advance. Notice will be provided via email to the Customer's registered account email address or by updating the Sub-processors list at formo.so/subprocessors.
5.3 Notification of Changes
Formo may update the list of Sub-processors from time to time. Formo will provide the Customer with at least fourteen (14) days' prior written notice before engaging any new Sub-processor or making material changes to existing Sub-processors. Notice will be provided via email to the Customer's registered account email address or by updating the Sub-processors list at formo.so/dpa.
5.4 Objection Rights
If the Customer objects to a new Sub-processor on reasonable data protection grounds, the Customer shall notify Formo in writing within fourteen (14) days after receipt of the updated Sub-processors list.
If the Customer objects, Formo shall use reasonable efforts to:
(a) cancel its plans to use the Sub-processor with regard to Customer Personal Data; or
(b) offer an alternative to provide the Services without such Sub-processor; or
(c) take corrective steps requested by the Customer to address the objection.
If none of the above options are reasonably available and the objection has not been resolved within thirty (30) days after Formo's receipt of the Customer's objection, the Customer may terminate the affected Services without penalty upon written notice to Formo.
6. Data Subject Rights
Formo will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws (e.g., rights to access, rectification, erasure, and data portability).
7. Security Breach Management
In the event of a Personal Data breach, Formo will notify the Customer without undue delay after becoming aware of the breach. Formo will provide sufficient information to assist the Customer in meeting any obligations to report or inform data subjects of the breach.
8. Data Transfers
8.1 Transfer Mechanisms
Formo will ensure that Personal Data is not transferred outside the European Economic Area (EEA), United Kingdom, or Switzerland unless adequate protections are in place, including:
(a) an adequacy decision by the relevant authority;
(b) the EU-U.S. Data Privacy Framework (or UK or Swiss extensions thereof);
(c) Standard Contractual Clauses approved by the European Commission; or
(d) another approved transfer mechanism under applicable Data Protection Laws.
8.2 Standard Contractual Clauses
To the extent that Formo processes Personal Data originating from the EEA, UK, or Switzerland in a country that does not have an adequate level of data protection, the parties agree that the Standard Contractual Clauses shall apply:
For EEA transfers: the clauses approved by Commission Implementing Decision (EU) 2021/914
For UK transfers: the International Data Transfer Addendum issued by the UK Information Commissioner
For Swiss transfers: the EU SCCs with modifications required by Swiss law
For the purposes of the Standard Contractual Clauses:
The Customer is the "data exporter" and Formo is the "data importer"
Module Two (Controller to Processor) shall apply
For Clause 9 (Use of sub-processors), Option 2 (general written authorization) shall apply, with the time period for prior notice as set forth in Section 5.3 of this DPA
9. AI Features
If AI-powered features are enabled as part of the Services (such as form suggestions, analytics insights, or similar functionality), such features may process Personal Data using third-party AI models via Sub-processors listed in Annex III.
Formo does not use any Customer Personal Data to train, fine-tune, or develop AI models for its own purposes. Formo does not permit its Sub-processors to use Customer Personal Data to train their AI models.
AI-related Sub-processors are only engaged when AI features are actively enabled by the Customer.
10. Audits
The Customer has the right to audit Formo's compliance with the terms of this DPA, including inspecting facilities, systems, and records used to process Personal Data.
11. Termination and Deletion of Data
Upon termination of the Agreement, Formo will, at the Customer's choice, return or delete all Personal Data processed on behalf of the Customer, unless required by applicable law to retain the data.
Governing Law
This DPA shall be governed by and construed in accordance with the laws governing the Agreement.
13. Contact Information
For any questions regarding this DPA or Formo's data processing activities, please contact us at [email protected]
Annex I: Details of Processing
A. Subject Matter and Duration
Subject matter: Processing of Personal Data in connection with providing the Formo web3 analytics and form building services.
Duration: Processing will continue for the duration of the Agreement between Customer and Formo.
B. Nature and Purpose of Processing
Formo processes Personal Data to provide the Services, including:
Collecting and storing form responses submitted by end users
Tracking anonymized user sessions and analytics events
Processing wallet addresses and on-chain activity data
Providing analytics dashboards and insights to Customers
Sending transactional communications
C. Categories of Data Subjects
Customer's end users (website and application visitors)
Form respondents
Wallet holders interacting with Customer's applications
D. Categories of Personal Data
Privacy-Preserving Identifiers:
Daily rotating hashed identifier derived from: IP address + User Agent + daily salt + website domain
Note: Raw IP addresses are never stored
Analytics Data
Product Usage (Page Views, In-App Behavior)
Device & Browser Information:
User agent (browser identifier)
Screen dimensions (width, height, pixel density)
Viewport dimensions (width, height)
Timezone
Language
Location Data:
Country (derived from timezone, not IP address)
Traffic & Attribution Data:
Page URLs visited
Referrer URLs
UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term)
Referral parameters (referral, ref, refcode)
Blockchain / Wallet Data:
Wallet address (when connected)
Wallet provider type (EIP6963 rdns identifier)
Chain ID (connected blockchain network)
Wallet connection status
Signature and transaction metadata (confirmation status, transaction hashes)
Form Data:
Any data submitted by end users through Customer's forms (content determined by Customer)
E. Data NOT Collected
Formo employs privacy-preserving practices and does NOT collect:
Third-party cookies
Device or browser fingerprints
Raw IP addresses (used only transiently for hashing, never stored)
Cross-domain tracking identifiers
Persistent device fingerprints
F. Sensitive Data
The Services are not intended to process sensitive or special category data (as defined in GDPR Article 9). Customer is responsible for ensuring that sensitive data is not collected through forms without appropriate legal basis and explicit consent.
Annex II: Technical and Organizational Security Measures
See https://formo.so/security for current technical and organizational security measures.
Formo implements appropriate technical and organizational measures to protect Personal Data, including:
Privacy by Design
No collection of raw IP addresses
No device fingerprinting
No third-party cookies
Daily rotating hashed identifiers for session tracking
Country derived from timezone rather than IP geolocation
Access Controls
Role-based access control for all systems
Multi-factor authentication required for team members
Regular access reviews and prompt deprovisioning
Encryption
Data encrypted in transit using TLS 1.2+
Data encrypted at rest using AES-256
Infrastructure Security
Cloud infrastructure hosted on SOC 2 certified providers
Network segmentation and firewall protection
DDoS protection via Cloudflare
Monitoring and Incident Response
Continuous security monitoring and alerting
Documented incident response procedures
Regular security assessments
Data Handling
Data minimization practices
Automated data retention and deletion policies
Secure data disposal procedures
Annex III: List of Sub-processors
This section lists the third-party subprocessors that Formo engages to process personal data on behalf of our customers.
Subprocessor Legal Entity Purpose Location
───────────────────────────────────────────────────────
Amazon Web Services Amazon Web Services, Inc. Cloud infrastructure and hosting USA
Supabase Supabase, Inc. Database and authentication USA
Vercel Vercel Inc. Frontend hosting and edge functions USA
Tinybird Tinybird Inc. Real-time analytics and event processing USA / EU
Upstash Upstash, Inc. Redis caching and rate limiting USA
Cloudflare Cloudflare, Inc. DNS, CDN, and DDoS protection USA
Sentry Functional Software, Inc. Error monitoring USA
Resend Plus Five Five, Inc. Transactional email delivery USA
Paddle Paddle.com Market Limited Payment processing (Merchant of Record) UK
Crisp Crisp IM SAS Customer support chat France (EU)
Trigger.dev Trigger.dev Ltd Background job processing UK
OpenRouter OpenRouter, Inc. AI/LLM API for AI-powered features USA
Changes to Subprocessors
Formo will provide at least 14 days' prior written notice before engaging any new subprocessor. Customers may object to any new subprocessor by contacting us at [email protected] within 14 days of receiving notice.
If the objection cannot be resolved within 30 days, the customer may terminate the affected services without penalty.
Contact
Email: [email protected]
DPA: https://formo.so/dpa
