Explore all the solutions you can create with Paperform: surveys, quizzes, tests, payment forms, scheduling forms, and a whole lot more.
See all solutionsConnect with over 2,000 popular apps and software to improve productivity and automate workflows
See all integrationsExplore all the solutions you can create with Paperform: surveys, quizzes, tests, payment forms, scheduling forms, and a whole lot more.
See all solutionsConnect with over 2,000 popular apps and software to improve productivity and automate workflows
See all integrationsLast Updated: 10 July 2025
This Privacy Policy (“Privacy Policy”) describes the types of information Paperform and any of its subsidiaries and affiliates (“Paperform”, “we”, “us”, or “our”) collect, use, share and transfer about you when you visit or use our website located at https://paperform.co/ (the "Website") and all related services, features, and content offered by Paperform (including, custom forms built by our customers through our Website), or when you otherwise contact or interact with us (collectively, “Services”). The terms “you” and “your” refers to you, the user. If you are using the Services on behalf of a business, association, or other entity, “you” or “your” will also refer to such business, association, or other entity, unless the context clearly dictates otherwise. You agree that you are authorized to consent to these terms on behalf of such business, association, or other entity, and we can rely on this. This Privacy Policy also explains how Paperform may use and share your Personal Information (as defined in Section 1), as well as the choices available to you.
By using/continuing to use the Services, you acknowledge you have read and understand and agree to the collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy, and you agree to our General Terms and Conditions of Use which are incorporated by reference. If you do not agree, please do not access or use the Services.
Important Notice
Individuals who answer or respond to forms or content (“Respondents”) created by a user of the Services (the “Customer”) may divulge personal information or data to Paperform (which is the data processor) on behalf of a Customer (which is the data controller). When Paperform is acting as a processor for a Customer, all processing of Respondents' personal information divulged when answering or responding to forms will be subject to the Customer's own privacy policy. If you are a Respondent, please contact the Customer directly if you have any questions about the form created by the Customer or the Customer's privacy policy.
However, while Paperform processes personal information of Respondents on behalf of the Customer, we may still gather certain types of information on Respondents in order to provide our Services, which will be subject to this Privacy Policy. For example: (a) the information Respondent enters into a form, before the Respondent completes or submits the form in order to prevent the inadvertent loss of Respondent's response; and (b) Respondent's e-mail address if the Customer provides it to us to send the Respondent an invitation to complete a form by e-mail.
Eligibility to Use the Services
To use the Services you must be, and represent and warrant that you are, at least the age of majority in your state, province or jurisdiction of residence and competent to agree to these terms; or if you are under the age of majority in your state, province or jurisdiction of residence, you represent and warrant that your parent or legal guardian has reviewed this Privacy Policy with you and accepts them on your behalf; parents or legal guardians are responsible for the activities of their minor dependents while using the Services.
General Terms and Conditions of Use
If you choose to access or use the Services, your access and use, and any dispute over privacy is subject to this Privacy Policy and our General Terms and Conditions of Use, including, but not limited to, limitations on damages and resolution of disputes.
Generally, we collect four (4) types of information about you: (A) information and content you give us directly; (B) information we obtain automatically when you use our Services; (C) demographic information; and (D) information we get about you from other sources. When we talk about “Personal Information” in this Privacy Policy, we are talking about any information collected in accordance with this section. Please see below for more information on each category.
We may collect demographic, statistical, or other aggregate information that is about you, but individually does not identify you. Some of this information may be derived from Personal Information, but it is not Personal Information and cannot be tied back to you. Examples of such aggregate information include gender, age, and race.
We may receive information about you from other sources and add it to our information, including from third-party services and organizations who have the right to provide us with such information. We protect this information according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. These sources may include: online and offline data providers, from which we obtain demographic, interest-based, and online advertising related data; publicly-available sources such as open government databases or social networks; and service providers who provide us with information, and updates to that information, based on their relationship with you. By gathering additional information about you, we can correct inaccurate information, enhance the security of your transactions, and give you product or service recommendations and special offers that are more likely to interest you.
We may use the information we collect about you in a variety of ways, to provide our Services, for administrative purposes, and to market and advertise our Services and products.
We may use your Personal Information to:
We may use your Personal Information to:
We may use your Personal Information to:
We may share or disclose aggregated or anonymized information about our users to third parties for a variety of business purposes without any restrictions, including to provide our Services and/or to protect us or others. We may share or disclose information in the event of a major business transaction such as a merger, sale, or asset transfer. The following circumstances describe in additional detail the ways we may share or disclose your Personal Information that we collect or that you provide under this Privacy Policy:
If we become involved in a merger, acquisition, financing due diligence, divestiture, restructuring, reorganization, bankruptcy, dissolution, sale, or transfer of some or all of our assets (whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding), or transition of Services to another provider, your Personal Information may be sold or transferred to business entities or people involved in such process. Legal basis: Art. 6(1)f GDPR (legitimate interest).
Personal Information that you post on or through the public areas of the Services (e.g., chat rooms, bulletin boards, and discussion groups) are generally accessible to, and may be collected and used by, others which may result in unsolicited messages or other contact from others. Users of the Services are encouraged to exercise caution when providing personal information about themselves in public or interactive areas.
You have certain choices and rights with respect to your privacy. For example, you may be able to opt out of receiving marketing messages from us, make choices regarding cookies, and exercise other privacy rights under applicable law.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
In accordance with applicable law, you may have the right to:
If you would like to exercise any of these rights, you may send us an email at legal@paperform.co to request access to, correction of or removal of any Personal Information that you have provided to us. We will process such requests in accordance with applicable law. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
The following are additional Consumer Privacy Rights:
Please note: Your exercise of these rights may be subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). As a result, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.
If you are dissatisfied with the refusal of Paperform to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Information” section above, you may request reconsideration by Paperform, by sending a written request for reconsideration to the mailing address found in the “Contact Information” section below. Within sixty (60) days of Paperform’s receipt of such written request for reconsideration, Paperform shall inform you in writing (at the address indicated in your initial written request) of any action taken or not taken in response to your request for reconsideration, including a written explanation of the reasons for the decision. In addition, if your request for reconsideration is denied, you have the right to appeal to the applicable supervisory authority in your jurisdiction of residence (see subsection (D) below and the state-specific privacy notices for more information).
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.
A number of states require us to provide residents of those states with additional information and rights. Please scroll below to see a list of those states and the state-specific disclosures.
We are especially committed to protecting the privacy of children. The Services are directed at a general audience and are not directed to nor are the Services intended for any individuals under the age of eighteen (18), European Union individuals under the age of sixteen (16) or United States individuals under the age of thirteen (13) (each individually a "Child" or collectively "Children"). If we learn we have inadvertently collected or received Personal Information from a Child, we will use reasonable efforts to immediately remove such information, unless we have a legal obligation to keep it. If you are a parent or legal guardian and believe we might have any Personal Information from or about a Child, please contact us via the information found in the “Contact Information” section below.
We have implemented safeguards reasonably designed to secure your Personal Information. Such safeguards include the implementation of various technical, physical, administrative and organizational security measures intended to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information is also dependent on you. If we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
While we have employed security technologies and procedures to assist safeguarding your Personal Information, no system or network can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
Paperform is domiciled in the United States and therefore, if you provide Personal Information through the Services, you acknowledge and agree that your Personal Information may be accessed by staff or other persons in, transferred to, and/or stored at, countries located outside your current location to the offices and servers of Paperform and the other third parties referenced in this Privacy Policy located in the United States, Australia, Singapore, or other countries in which data protection laws may be different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of such laws, where applicable.
Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not been approved by the European Commission (see the full list here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), we will establish legal grounds justifying such transfer, such as EU Commission-approved standard contractual clauses, or other legal grounds permitted by applicable legal requirements.
We keep your information for the length of time needed to carry out the purpose outlined in this Privacy Policy and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations. Where we retain data, we do so in accordance with our record retention policies and any limitation periods and records retention obligations that are imposed by applicable law.
We reserve the right to update this Privacy Policy from time to time in order to reflect, changes to our practices or for other operational, legal, or regulatory reasons. When we do update this Privacy Policy, we will post the updates and changes on our website. We may elect to notify you of material changes by mail, email, posting of modified Privacy Policy, or some other similar manner. However, it is your responsibility to check our website regularly for changes to this Privacy Policy. Your continued use of or access to the Services following the posting of any changes to this Privacy Policy constitutes acceptance of those changes.
Our Services may offer links to websites or applications that are not run by us but by third parties. These third-party services, websites or applications are not controlled by us, and may have privacy policies that differ from our own. We encourage our users to read the privacy policies and terms and conditions of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk.
If you have any questions, comments and/or complaints about our privacy practices, please feel free to contact us at:
Address: Post Office Box 4
Summer Hill, NSW 2130
Australia
Email: legal@paperform.co
Phone: +61424619055
For Data Subjects in the EU:
We appointed GDPR-Rep.eu as representative according to Art 27 GDPR. If you want to make use of your GDPR data privacy rights, please visit: https://prighter.com/q/16726919268
Contact GDPR-Rep.eu:
GDPR-Rep.eu
Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
c/o Paperform Pty. Ltd.
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence:
GDPR-REP ID: 16726919268
We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
California law requires us to disclose certain information related to our privacy practices. This California Privacy Notice (the “CA Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). While Paperform is not currently a covered business under the California Consumer Privacy Act of 2018 (CCPA), and California Privacy Rights Act of 2020 (CPRA) (together, the “CCPA”), we value privacy and strive to be transparent with our customers. As such, we have provided additional details below about the information we collect, how we disclose it, and how you can exercise your privacy rights under the CCPA, in the event it applies to our activities in the future. Any terms defined under the CCPA have the same meaning when used in this CA Notice. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy. As used in this CA Notice only, “personal information” has the meaning set forth in the CCPA.
To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement applicable to California residents.
The CCPA provides California residents with the right to know what categories of personal information covered businesses have collected about them and whether such businesses have disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
Category of Personal Information and Examples | Category of Third Parties Personal Information is Disclosed to for a Business Purpose |
Identifiers | |
A real name, Internet Protocol address, email address, or other similar identifiers. | • Service providers • Advertising partners |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. | • Service providers • Advertising partners |
Commercial information | |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | • Service providers • Advertising partners |
Internet or other similar network activity | |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | • Service providers |
Geolocation data | |
Physical location or movements. | • Service providers |
Sensory data | |
Audio, electronic, visual, thermal, olfactory, or similar information. | • Service providers |
Professional or employment-related information | |
Current or past job history or performance evaluations. | • Service providers |
Inferences drawn from other Personal Information. | |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | • Service providers |
Category of Sensitive Personal Information and Examples | Category of Third Parties Sensitive Personal Information is Disclosed to for a Business Purpose |
Precise Geolocation Data Any data that is derived from a device, and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by regulations. |
• Service providers |
We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected. The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in "Personal Information We Collect" and "How We Use Your Information" above, respectively.
We may share any of the information listed above with service providers, which are companies that we engage for business purposes to conduct activities on our behalf. Service providers are restricted from using personal information for any purpose that is not related to our engagement.
California residents have the right to opt out of the "sale" or “sharing” of their personal information to third parties. The CCPA defines "sale" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for monetary or other valuable consideration (which may be considered “sales” under the CCPA even if no money is exchanged). The CCPA defines “sharing” to mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
Paperform may "sell or share" personal information. The categories of personal information we have "sold" and the categories of third parties we have "sold or shared" personal information to in the preceding twelve (12) months are listed below:
Category of Personal Information Sold or Shared by Paperform | Category of Third Parties Personal Information is Sold or Shared to |
Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers. |
• Service providers • Advertising partners |
Personal information categories listed in the California Customer
Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number. |
• Service providers |
Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
• Service providers |
Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement. |
• Service providers |
Inferences drawn from other personal information to create a profile
about a consumer Profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
• Service providers • Advertising partners |
Paperform’s business and commercial purposes for "selling" personal information can be found in "How We Use Your Information" above. Paperform does not have actual knowledge of any "sale" of personal information of minors under eighteen (18) years of age.
California residents have additional rights regarding their personal information. This section describes those additional rights and explains how to exercise those rights.
Nevada law requires us to provide all visitors, users, and others who reside in the State of Nevada ("you") certain additional privacy rights. This Nevada Privacy Notice (the “NV Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to you. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to sell or license that Personal Information, even if your Personal Information is not currently being sold. If you would like to exercise this right, please contact us via the information found in the “Contact Information” section.
Multi-State Privacy Notice
Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia may have additional rights under relevant privacy laws, including under the Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Delaware Personal Data Privacy Act (“DPDPA”), Iowa Consumer Data Protection Act (“ICDPA”), Minnesota Consumer Data Privacy Act (effective July 31, 2025) (“MNCDPA”), Montana Consumer Data Privacy Act (“MTCDPA”), Nebraska Data Privacy Act (“NDPA”), New Hampshire Consumer Data Privacy Act (“NHCDPA”), New Jersey Data Protection Act (“NJDPA”), Oregon Consumer Privacy Act (“OCPA”), Tennessee Information Protection Act (effective July 1, 2025) (“TIPA”), Texas Data Privacy and Security Act (“TDPSA”), Utah Consumer Privacy Act (“UCPA”), and Virginia Consumer Data Protection Act (“VCDPA”), as applicable. The following additional information is required to be provided by covered businesses under applicable state laws. This Multi-State Privacy Notice (the “Multi-State Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the States of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia ("consumers" or "you"). We adopt this notice to comply with relevant privacy law. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy.
To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement.
The CPA, CTPDA, DPDPA, ICDPA, MNCDPA, MTCDPA, NDPA, NHCDPA, NJDPA, OCPA, TIPA, TDPSA, UCPA and VCDPA require covered businesses to provide residents of their respective states with the right to know the categories of “personal data” (as defined under applicable law) covered businesses shared with / disclosed to third parties and the categories of third parties with whom such personal data has been shared / disclosed. Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia can find this information below:
Category of Personal Data Shared | Category of Third Parties Personal Data is Shared With / Disclosed to |
---|---|
Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers. |
• Service providers • Advertising partners |
Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
• Service providers • Advertising partners |
Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement. |
• Service providers |
Geolocation data Physical location or movements. |
• Service providers |
Professional or employment-related information Current or past job history or performance evaluations. |
• Service providers |
Inferences drawn from other Personal
Information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
• Service providers |
Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia have the right to opt-out of the “sale” of their personal data to third parties or the processing of their personal data for targeted advertising (see Section 4(B)(iv) above). For purposes of this paragraph the definition of “sale”, “sell” or “sold” has the meaning set forth in applicable privacy law. However, please note, in accordance with applicable privacy law certain specific exceptions to “sale” and/or “targeted advertising” may apply, including the disclosure of personal data to a processor that processes personal data on behalf of a controller. If a consumer wishes to exercise their right to opt-out of the sale of personal data or processing of personal data for targeted advertising, they may do so by following this link. The categories of personal data “sold” or processed for targeted advertising can be found below:
Category of Personal Data Sold to Third Parties or Processed for Targeted Advertising | Category of Third Parties Personal Data is Sold to or Processed by for Targeted Advertising |
---|---|
Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers. |
• Service providers • Advertising partners |
Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
• Service providers |
Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement. |
• Service providers |
Inferences drawn from other personal information to create a profile
about a consumer Profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
• Service providers • Advertising partners |