What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows EU citizens and residents to have access and control over their personal data.

If your business is based in the European Union (EU), or you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) affects you.

Is TypeflowAI GDPR Compliant?

TypeflowAI is based in Delaware (EEUU) and adheres to GDPR regulations for EU customers. This is how we comply:

  • Transparency: Our privacy policy gives you all information about what data we collect, data retention and transfers, and outlines your data protection rights.
  • Encryption: All data processed through TypeflowAI forms is securely encrypted.
  • Data accessibility: you have full control of the information you collect, store and manage with TypeflowAI.
  • Data Processing Agreement (DPA): If you’d like to sign a DPA please email us at

Who is responsible of form data?

TypeflowAI is the provider of a form service, and not the owner of the collected form responses. The creator of the form (i.e. you) is responsible for the data they collect and is thereby the data controller of the respondent data.

This means that if you collect personal data from EU citizens it is your responsibility to assure their rights defined under the GDPR framework.

TypeflowAI is the data processor and stores information on behalf of the form creator. As long as your account is active you have full control over the data you collect, and the time period for which you store the data.

You are able to delete or export form responses from your account if it would be required to do so. All form data which has been deleted by you is permanently deleted from our back-ups within 90 days.

How can I make my TypeflowAI form GDPR compliant?

You (the form creator) are the data controller of the personal data you collect from your respondents. Your TypeflowAI form is not automatically GDPR compliant. When you collect personal data (name, email address, etc.) you should make sure that you comply with GDPR.

In short, you have to inform the respondents what data you store for how long, get their consent, and show them a way to request and delete their data you have stored. Here is a little guide (no legal advice)

How does TypeflowAI use personal data?

TypeflowAI acts as a data controller in the relationship between TypeflowAI and our users (everyone using the service under with an account). You give us personal data like registration information in order to use our service. TypeflowAI does not sell personal data to third parties or use it for marketing purposes or for serving advertisements.

We only share the minimum of your information neccessary with our service providers who help us operate our business, in which case those third parties are also complying with the GDPR law. You find a list of sub processors in our privacy policy.