Service providers used to operate FormNode.
FormNode uses the providers below to host, secure, authenticate, bill, and deliver the service. Core providers are required for the relevant service function; optional providers are used only when selected, enabled, or requested by a customer or user.
Last updated: May 15, 2026
Hosting, database, object storage, CDN, DNS, custom domains, Turnstile/bot protection, and edge security.
Account data, workspace data, form definitions, encrypted submissions, file/logo assets, request metadata, and security telemetry.
Required for hosting, delivery, and security of the FormNode service.
Processes through Cloudflare's global network. Transfer safeguards are governed by FormNode's agreement with Cloudflare and applicable Cloudflare data protection terms.
Merchant-of-record checkout, subscription, and payment workflow processing.
Customer billing identifiers, checkout and subscription status, and transaction metadata. FormNode does not store card numbers.
Required for paid checkout flows when Creem checkout is used.
Processing location and transfer safeguards are governed by Creem's service terms and data protection terms.
Transactional email delivery for magic links, notifications, approvals, and submission confirmations.
Recipient emails, message content, sender metadata, and delivery status.
Required for FormNode features that send transactional email.
Processing location and transfer safeguards are governed by SMTP2GO's service terms and data protection terms.
Optional OAuth/SSO identity provider.
User identity profile, email address, OAuth account identifiers, and optional tokens depending on the authentication configuration.
Only used when a customer or user chooses Microsoft sign-in.
Microsoft privacy and data protection terms apply to Microsoft sign-in processing.
Optional OAuth/SSO identity provider if enabled.
User identity profile, email address, OAuth account identifiers, and optional tokens depending on the authentication configuration.
Only used when a customer or user chooses Google sign-in.
Google privacy and data protection terms apply to Google sign-in processing.
Optional OAuth/SSO identity provider if enabled.
User identity profile, email address, OAuth account identifiers, and optional tokens depending on the authentication configuration.
Only used when a customer or user chooses GitHub sign-in.
GitHub privacy and data protection terms apply to GitHub sign-in processing.
Change Notice
FormNode will provide at least 30days' notice before authorizing a material new subprocessor for Customer Personal Data, unless a shorter timeline is required for security, availability, legal compliance, emergency replacement, or a customer-requested feature.
Objections
Customers may object on reasonable data-protection grounds by contacting support before the notice period ends. If an objection cannot be resolved, the customer may stop using the affected feature or terminate according to the applicable customer agreement.
Data Protection
FormNode requires subprocessors to process personal data only for the contracted purpose and to maintain confidentiality, security, deletion, assistance, and transfer protections appropriate to their processing role.