Formpli

Privacy Policy

Last updated: January 30, 2026

1. Overview

Formpli ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cosmetic ingredient compliance screening service (the "Service").

Data Controller: Formpli operates as the data controller for personal data collected through the Service.

2. Information We Collect

2.1 Account Information

  • Email address (required for account creation)
  • Name (optional, or provided via Google OAuth)
  • Password (hashed, for email/password accounts)
  • Profile information from Google (if using Google Sign-In)

2.2 Service Usage Data

  • Ingredient lists and product names submitted for compliance checks
  • Analysis history and saved reports
  • Client and project information (for Pro users)
  • Uploaded documents (COA, SDS, formulation files)

2.3 Payment Information

  • Payment processing is handled by Stripe
  • We do not store credit card numbers on our servers
  • We receive transaction confirmations and subscription status from Stripe

2.4 Automatically Collected Data

  • IP address and browser information
  • Device type and operating system
  • Pages visited and features used (via Vercel Analytics)
  • Cookies for authentication and session management

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide the Service you signed up for
  • Legitimate Interest: To improve the Service, prevent fraud, and ensure security
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws

4. How We Use Your Information

  • To provide and operate the compliance screening service
  • To authenticate your identity and manage your account
  • To maintain your analysis history and generate reports
  • To process payments and manage subscriptions
  • To send service-related communications
  • To improve the Service and fix issues
  • To respond to your inquiries and support requests

5. Third-Party Service Providers

We share data with the following service providers who help us operate the Service:

ProviderPurposeData Shared
SupabaseDatabase & File StorageAll account and service data
VercelHosting & AnalyticsIP address, page views, performance data
StripePayment ProcessingEmail, payment method, billing address
GoogleOAuth AuthenticationOAuth tokens (if using Google Sign-In)

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Data Retention

  • Account data: Retained while your account is active
  • Analysis history: Free tier: 30 days; Pro tier: retained indefinitely
  • Uploaded documents: Retained while associated product exists
  • Payment records: Retained for 7 years (tax/legal requirements)
  • Server logs: Automatically deleted after 30 days

You may request deletion of your data at any time (see Your Rights below).

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

Right to Data Portability

Receive your data in a machine-readable format (JSON/CSV).

Right to Restrict Processing

Request limitation of processing in certain circumstances.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at hello@formpli.io. We will respond within 30 days.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected about you.

Right to Delete

Request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale

Opt out of the sale or sharing of your personal information. Note: We do not sell or share your personal information.

Right to Non-Discrimination

Exercise your privacy rights without receiving discriminatory treatment.

Right to Correct

Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information

Limit the use of sensitive personal information to purposes necessary to provide the Service.

To exercise these rights, contact us at hello@formpli.io or use the account deletion feature in your account Settings. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted via HTTPS/TLS encryption
  • Passwords hashed using bcrypt
  • Database access restricted and encrypted at rest
  • Regular security audits and updates
  • Access controls and authentication for all team members

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Verification that recipients maintain appropriate data protection standards

11. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management
  • Analytics cookies: Help us understand how visitors use the Service (Vercel Analytics)

You can manage cookie preferences through our cookie consent banner or your browser settings.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: hello@formpli.io

Subject Line: Privacy Request - [Your Request Type]

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

View Terms of Service →