Skip to content
FFormhook

Data Processing Agreement

Last updated: 2026-05-08

1. Parties and subject matter

This Data Processing Agreement (“DPA”) governs the processing of personal data by Formhook (“Processor”), operated by astropixels.rs, on behalf of the form owner (“Controller”) who creates an account and uses Formhook to receive form submissions. It supplements our Terms of Service and Privacy Policy. Creating and using a Formhook account constitutes acceptance of this DPA; no separate signature is required.

2. Duration

This DPA applies for as long as the Controller's Formhook account is active and for any post-termination period during which Processor still holds Controller data (see clause 12).

3. Nature and purpose of processing

The Processor processes personal data on behalf of the Controller in order to:

  • receive form submissions sent to the Controller's endpoints;
  • store those submissions and surface them in the Controller's dashboard;
  • send operational email to the Controller (account verification, password reset, quota alerts);
  • deliver web push notifications to the Controller's opted-in devices when new submissions arrive.

4. Categories of data subjects

The data subjects are the people who fill out the Controller's forms (typically site visitors, customers, prospects, applicants — whoever the Controller's form is aimed at).

5. Categories of personal data

The Processor processes:

  • whatever fields the Controller has chosen to ask for in their form (commonly name, email address, message, but the Controller decides);
  • technical metadata of the submission: IP address, User-Agent string, Origin header, timestamp.

The Controller is responsible for not collecting special-category data (Art. 9 GDPR) through Formhook unless they have a lawful basis to do so and have informed submitters appropriately.

6. Sub-processors

The current sub-processors and what they receive are listed in our Privacy Policy. The Processor will notify the Controller of any change to the sub-processor list by dashboard banner or email at least 14 days before the change takes effect. If the Controller objects to a new sub-processor, they may terminate their account and export their data per clauses 8 and 12 below.

7. Confidentiality and security measures

The Processor maintains the following technical and organisational measures:

  • TLS for all data in transit;
  • Argon2id password hashing for account credentials;
  • nightly Postgres backups encrypted with age, retained 14 days;
  • administrative access limited to operators who have signed onto the Processor's confidentiality terms;
  • least-privilege application database role; service-role credentials are not exposed to the browser.

8. Assistance with data subject rights

Most rights under GDPR Articles 15–22 (access, rectification, erasure, portability, restriction) can be satisfied by the Controller directly through the dashboard:

  • Access / portability — Account → Export your data downloads a JSON file containing all of the Controller's data we hold.
  • Erasure — Account → Delete account permanently removes the Controller's account and all its forms and submissions; per-form deletion is also available in form settings.
  • Rectification — submissions and form configuration can be edited by the Controller in their dashboard.

For unusual requests (e.g. responding to an end-user's data subject request that the Controller cannot self-serve) email info@formhook.app.

9. Personal data breach notification

The Processor will notify the Controller without undue delay (target: within 72 hours of becoming aware) of any personal data breach affecting the Controller's data, providing the information GDPR Art. 33(3) requires (nature of the breach, categories and approximate number of data subjects affected, likely consequences, mitigation measures).

10. International transfers

The primary processing location is Germany (Hetzner). Cloudflare's edge handles data only in transit. Resend processes outbound email in its EU sending region. We have no current intent to transfer Controller data outside the EU/EEA. Should that ever change, we will update this clause and the sub-processor list and rely on Standard Contractual Clauses or another GDPR Chapter V safeguard.

11. Audit rights

The Controller may request, no more than once per calendar year and at reasonable notice, written information demonstrating the Processor's compliance with this DPA. On-site audits are out of scope at the current scale of the service.

12. Termination, return, and deletion

On termination of the Controller's account, the Controller may export their data within 30 days using the Account → Export feature. After 60 days from termination, all Controller data is deleted from the live database. Encrypted backups containing earlier snapshots roll off automatically within the 14-day backup-retention window described in our Privacy Policy.

13. Liability and order of precedence

The liability terms in our Terms of Service apply to processing under this DPA. In case of a conflict, this DPA governs questions of personal data processing; the Terms govern everything else.

14. Changes

We may update this DPA. Material changes will be flagged in the dashboard or by email at least 14 days before they take effect.