Legal and trust center

Legal resources for teams running form-driven automation.

Review FormNode's customer-facing privacy, processing, subprocessor, and security resources before collecting workflow data from employees, customers, contractors, or external submitters.

Privacy Policy

How FormNode collects, uses, discloses, protects, and retains account, workflow, submission, billing, support, and attribution data.

Open resource

Terms of Service

The baseline service terms for using FormNode workspaces, forms, workflows, APIs, and billing features.

Open resource

Data Processing Agreement

Processor terms for customers using FormNode to collect, route, approve, and automate workflows that may contain personal data.

Open resource

Subprocessor Register

Customer-facing list of service providers that may process personal data for hosting, delivery, authentication, billing, support, and security.

Open resource

Current privacy posture

These pages summarize FormNode's current public posture. The binding terms for a customer are the applicable Terms, order form, executed DPA, and any data protection addendum incorporated into the customer agreement.

FormNode acts as processor for customer-controlled form submissions, approval context, portals, APIs, and workflow data, except where applicable law requires otherwise.

FormNode acts as controller for account administration, billing, support, security, legal compliance, and first-party product analytics.

Submission payloads are encrypted at rest and retained according to documented delivery and operational retention rules.

Workspace and organization scoping are production security boundaries across forms, submissions, approvals, dashboards, portals, APIs, and webhook dispatch.

These materials are not legal advice, do not certify compliance, and do not replace customer-specific legal review.