← Back to home

GDPR Compliance

Last updated: July 2, 2025

Introduction

At Epic Forms ("we", "our", "us"), we are committed to protecting and respecting your privacy. This GDPR Compliance Statement explains our practices concerning the personal data we collect from you, or that you provide to us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

The EU General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. The GDPR strengthens the rights of individuals with regard to personal data and seeks to unify data protection laws across Europe, regardless of where that data is processed.

Legal Basis for Processing Personal Data

We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the platform. If you registered with us, you will have been asked to check a tick box indicating your agreement to provide this data in order to access our services. This consent provides us with the legal basis we require under the GDPR to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your data, you cannot use our platform.

Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: includes first name, last name, username or similar identifier, and title.
  • Contact Data: includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data: includes bank account and payment card details (though we do not store full credit card information).
  • Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our platform.
  • Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data: includes information about how you use our website, products, and services.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where you have provided your consent.

We have set out below a description of the ways we plan to use your personal data:

  • To register you as a new customer
  • To process and deliver your service including managing payments, fees, and charges
  • To manage our relationship with you including notifying you about changes to our terms or privacy policy
  • To administer and protect our business and this platform
  • To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences
  • To make suggestions and recommendations to you about goods or services that may be of interest to you

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Rights

Under the GDPR, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at dpo@epicformbuilder.com.

You have the right to:

  • Access your personal data: You have the right to ask us for copies of your personal information.
  • Rectify your personal data: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Erase your personal data: You have the right to ask us to erase your personal information in certain circumstances.
  • Restrict processing of your personal data: You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Object to processing of your personal data: You have the right to object to the processing of your personal data in certain circumstances.
  • Data portability: You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
  • Withdraw your consent: If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

International Transfers

We share your personal data within our group of companies, which involves transferring your data outside the European Economic Area (EEA). We also work with providers in non-EEA countries.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at:

dpo@epicformbuilder.com

Complaints

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

Changes to This GDPR Compliance Statement

We reserve the right to update this GDPR Compliance Statement at any time, and we will provide you with a new GDPR Compliance Statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

Cookie Policy

Our platform uses cookies to distinguish you from other users of our platform. This helps us to provide you with a good experience when you browse our platform and also allows us to improve our platform. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy at: Cookie Policy.

Contact Us

If you have any questions about this GDPR Compliance Statement or our data practices, please contact us at:

Epic Forms

123 Tech Avenue

San Francisco, CA 94107

United States

dpo@epicformbuilder.com