F Formfolio

Privacy Policy

Last updated: 15 June 2026

This policy explains what personal data Formfolio collects, why, and your rights under the GDPR. We built Formfolio to be private by default - most of what it does happens in your browser.

1. Controller

The data controller is Marty Corp s. r. o., Vysokoškolákov 8556/33B, 010 08 Žilina, Slovak Republic (Company ID: 57492778; Commercial Register of the City Court Bratislava III, Section Sro, Insert No. 197570/B). Contact: support@formfolio.co.

2. The privacy-first default

When you create a document on the free tier, everything you type - your details, your client’s details, line items, amounts - is processed entirely in your browser and is not transmitted to or stored by us. Adding a logo is a Pro feature; like everything else on the document, it stays in your browser unless you choose to save the document to your account (a Pro option - see §3).

3. What we collect

  • Account email. If you sign in, we store your email address and authentication sessions so we can recognise you and send magic-link sign-in emails.
  • Entitlements. Your plan/tier and the customer/subscription identifiers provided by our payment processor, so we know which features to unlock.
  • Pro cross-device profile. If you are on Pro and enable saving, your reusable “your details” profile (e.g. business name, address, bank details you choose to save) is stored on our servers so it syncs across your devices. You can clear it at any time.
  • Pro saved documents & address book. If you are on Pro and choose to save a document (invoice/quote), a client, or a sender profile to your account, that content is stored on our servers so you can reload and reissue it across devices. A saved document includes what you put on it - issuer and client details, line items, notes, amounts, any logo or e-signature image, and bank/payment details - plus your per-type numbering series. This is optional (only what you explicitly save) and you can delete saved items at any time.
  • Technical logs. Standard server logs (such as IP address and request metadata) generated for security and reliability. If something goes wrong, a third-party error-monitoring provider (Sentry) captures technical diagnostics - the error type, stack trace, page, and browser - configured to exclude your document content and personal data.

4. Payments

Payments are handled by Paddle.com Market Ltd, our Merchant of Record. Paddle.com Market Ltd collects and processes your billing and payment information as an independent controller for that purpose, under its own privacy policy. We receive only limited information (such as a customer identifier, subscription status, and country) needed to provision your plan. We never receive your full card number.

5. Email delivery

We use Resend (a US-based email provider) to deliver transactional emails (such as sign-in links), acting as a processor on our behalf. Your email address is shared with that provider only to send these messages; any transfer outside the EEA is covered by the safeguards described in §8.

6. Legal bases (GDPR)

  • Performance of a contract - to provide accounts, paid features, and saved profiles.
  • Legitimate interests - to keep the service secure and working (e.g. logs).
  • Legal obligation - to keep records required by law (handled largely by our Merchant of Record for tax).

7. Cookies

We use only a small number of essential cookies - to keep you signed in and to remember your interface-language choice so the site loads in the right language. We do not use advertising or third-party tracking cookies, and the service does not show ads.

8. Sharing and international transfers

We share data only with the processors needed to run the service (payment, email, hosting, and error-monitoring providers) and where required by law. Some providers may process data outside the EEA; where that happens it is covered by appropriate safeguards such as the European Commission’s standard contractual clauses. Our error-monitoring provider is Sentry (Functional Software, Inc., USA); any transfer outside the EEA is covered by those clauses, and transmitted reports are stripped of request bodies, cookies, headers and IP addresses, so they exclude your document content and personal data.

9. Retention

We keep account and entitlement data for as long as your account exists and as needed for our legitimate and legal purposes, then delete or anonymise it. You can ask us to delete your account data at any time.

10. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. You may also lodge a complaint with your local supervisory authority. To exercise any right, email support@formfolio.co.

11. Children

The service is not directed to children and is intended for use by adults running a business.

12. Changes

We may update this policy; the “last updated” date above reflects the current version. See also our Terms of Service.

Documents are generated in your browser - free-tier content never leaves your device. Documents are not legal advice; templates are a starting point you should review for your jurisdiction.