Help Center menu

GDPR and privacy compliance

In this article

NodumForms is designed to help you comply with data protection regulations.

GDPR (European Union / UK)

As a form creator, you are the data controller for personal data collected through your forms. NodumForms acts as your data processor. This means:

  • You're responsible for having a lawful basis for collecting data
  • You should inform respondents about how their data will be used
  • You must respond to data subject requests (access, deletion, etc.)

NodumForms provides tools to help:

  • CSV export for data portability requests
  • Response deletion for erasure requests
  • Privacy-respecting features (IP hashing, no tracking on public forms)

CCPA (California)

NodumForms does not sell personal information. California residents can exercise their CCPA rights by contacting support@nodumforms.com.

Your responsibilities

When collecting personal data through NodumForms forms, you should:

  1. Include a link to your privacy policy
  2. Only collect data you actually need
  3. Have a lawful basis for collection (consent, legitimate interest, etc.)
  4. Respond to data subject requests promptly
  5. Keep your data up to date and delete it when no longer needed

See our full Privacy Policy for complete details.

Give feedback

Was this resource helpful?

|

Up next

File upload security

How uploaded files are handled, validated, and stored.

Read more
Previous: Data ownership and processing

FAQs

Data is stored in enterprise-grade cloud infrastructure in the EU region by default. Enterprise customers can request specific regional deployments — contact support@nodumforms.com.

Never. NodumForms does not train, fine-tune, or share any machine learning models with form response data.

We follow SOC 2 controls today and formal certification is in progress. Enterprise customers can request our current security questionnaire and DPA from support@nodumforms.com.