Y
YourForm

Privacy Policy

Last Updated: February 16, 2026

This Privacy Policy describes how YourForm ("we", "us", or "our") manages your information. YourForm is built on a privacy-first, conduit-based architecture. Unlike traditional form builders, we empower you to maintain 100% ownership of your data within your own Google Workspace. This policy outlines our commitment to transparency and data safety.

1. Data Accessed

YourForm follows the Principle of Least Privilege, requesting only the specific Google OAuth scopes necessary for operation:

A. Google User Data (Accessed via API)

  • Identity Data: We access your name and email address to create your account and prevent unauthorized access.
  • Google Sheets Access: We require read/write access to your spreadsheets. This is used to create a master configuration file (`YourForm_DB`) and to append respondent submissions to individual sheets you designate.
  • Google Drive Access: We request access to files created by or shared with YourForm. This is used strictly to facilitate file uploads from your form respondents directly into your private Google Drive folders.

B. Metadata Stored on Our Infrastructure

  • Encrypted Tokens: Your Google OAuth refresh tokens are stored using AES-256-GCM authenticated encryption. These act as encrypted "keys" to facilitate automated data synchronization.
  • Account Metadata: Basic profile info (Email/Avatar) used for session management in your dashboard.

2. OAuth Authorization Scopes

We request the following Google OAuth scopes to frame the functionality of our Service:

ScopePurpose
.../auth/userinfo.profileAccount identification and display.
.../auth/userinfo.emailPrimary account identifier and communication.
.../auth/drive.fileAbility to organize and retrieve the specific files created by YourForm.

3. Data Usage

To provide high-performance form rendering and reliable submission delivery, we operate two distinct processing flows:

A. The "Conduit" Submission Pipeline (In-Memory)

When a respondent submits a form, the data reaches our secure server environment. We temporarily reside the payload in volatile memory for the sole purpose of routing it to your designated Google Sheet.

  • Zero Persistence: Submissions are never written to our persistent database.
  • Instant Purge: Once the Google Sheets API confirms a successful write, the submission data is immediately purged from our server's memory.

B. The "Registry" Public Hosting (Cached)

To enable your form's public URL (e.g., yourform.live/f/[id]), we store a Form Definition in our secure database upon publishing.

  • Components Stored: Form Title, metadata, and the structure of your questions (schema).
  • Purpose: This cache enables sub-second loading times for your respondents and ensures your form stays available even if Google's API experiences temporary latency.
  • Full User Control: Unpublishing a form immediately and permanently removes this definition from our public registry.

C. User-Directed Transfers (Webhooks & Integrations)

YourForm allows you to connect your forms directly to third-party platforms to automate your workflow. This includes:

  • Webhooks: Sending raw response data to any custom URL or automation service like Zapier or Make.com.
  • Native Integrations: Direct delivery of form notifications and data to Slack, Microsoft Teams, Discord, and Telegram.

How it works: For these integrations, we transmit specific response data to the destination you authorize. We do not store these messages after delivery is attempted. Your use of these integrations is subject to the respective privacy policies of those third-party platforms.

D. Audio Processing & Voice Interactions

For forms utilizing our "Audio Form" feature, we process voice data to enable interactive conversations:

  • User-Provided Infrastructure: Users must connect their own ElevenLabs API keys. YourForm does not provide a centralized audio service.
  • Real-Time Processing: Voice data is transmitted directly to ElevenLabs using your credentials. We do not record or store audio files on our servers.
  • Biometric Privacy: Voice data is used strictly as an interface for form completion and never for biometric profiling or identification.

AI Policy Update: YourForm does not use any Google user data (including cached form definitions, webhook/integration payloads, or transient responses) to train or improve any AI or machine learning models.

4. Mandatory Compliance Disclosure

"YourForm’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements."

5. Data Sharing

YourForm does not sell, trade, or share your Google user data with third parties.

We do not transmit your data to external analytics trackers, advertising networks, or third-party CRM platforms. Apart from user-initiated webhooks, native integrations (Slack, Microsoft Teams, Discord, and Telegram), and audio processing as described above, the only data movement occurs between YourForm's authorized environment and your own Google Workspace account.

Legal Exceptions: We may disclose information only when required by law, such as a subpoena or court order, or to protect our legal rights and the safety of our users.

6. Data Storage & Protection

  • Encryption at Rest: All sensitive credentials (tokens, API keys) are stored in our secure database using AES-256-GCM encryption.
  • Encryption in Transit: 100% of data traffic between your browser, our servers, and Google APIs is encrypted using Industry-standard TLS/SSL (HTTPS).
  • Decentralized Ownership: Since form responses are stored in your Google Account, you retain full control over your organization's data retention policies.

7. Data Retention & Deletion

You have full control over your data lifecycle:

  • Manual Deletion: Deleting a form via YourForm will attempt to delete the associated spreadsheet and files in your Google account.
  • Revocation: You can disconnect YourForm at any time via Google Security Settings.
  • Complete Account Purge: To permanently remove all account metadata and encrypted tokens from our infrastructure, please email hi@aamchora.space with the subject "Account Deletion Request". We process all deletion requests within 48 hours.

8. Cookies & Local Storage

YourForm uses essential cookies and local storage to maintain your active session and preferences. We do not use tracking cookies or third-party advertising pixels. The data stored is strictly functional and necessary for the operation of your dashboard.

9. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information immediately.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We recommend reviewing this policy periodically for any updates.

11. Contact Information

For any privacy-related questions, contact us at:

Email: hi@aamchora.space

Official Website: https://yourform.live