No Database No Backend Pure Email Forwarding GDPR Compliant

Privacy Policy

Last updated: June 6, 2026

🔒 We do not store your form submissions. Read below for full details.

1. Our Commitment to Privacy

At FormSubmit, we believe that privacy is a fundamental right. Our service is built on a zero‑data‑storage principle. Unlike traditional contact form plugins or backend services, we never store, log, or retain any form submissions on our servers.

2. What Data Do We Process?

When someone submits a form on your website, the form data is transmitted directly through our secure system and forwarded instantly to your email address. We process this data only for the purpose of delivering it to you.

  • Form fields submitted by your users (name, email, message, etc.)
  • Sender's IP address (temporarily for rate limiting and security, not stored permanently)
  • Timestamp of the submission

3. Data Storage – We Store Nothing

We do not store your form submissions. Once the email is successfully forwarded to you, all form data is discarded. There is no database, no file storage, no long‑term logging. We use Cloudflare Workers to process requests in real time, and nothing persists beyond the request lifecycle.

form submission → Cloudflare Workers → email forwarding → data discarded (no storage)

4. Email Aliasing – Protecting Your Privacy

To protect your email address from being exposed in HTML source code, we generate a unique alias ID (e.g., 1t6u9a5bsj) that you embed in your form. Your real email address is never shown on your website, protecting you from spam bots and data scrapers.

5. GDPR and CCPA Compliance

Because we do not store any personal data, complying with data protection regulations like GDPR and CCPA becomes automatic. There is no user data to export, delete, or breach. Our zero‑storage architecture makes us one of the most privacy‑friendly form handling services available.

  • Right to access – We have no stored data to access
  • Right to be forgotten – We have no data to delete
  • Data portability – Not applicable (no storage)
  • Breach notification – No data to breach

6. Email Provider (Resend)

We use Resend (resend.com) as our email delivery partner to forward form submissions to your inbox. Resend is GDPR compliant and follows strict security practices. You can review their privacy policy at resend.com/privacy.

7. Rate Limiting and Security

To prevent abuse, we implement rate limiting based on IP address. IP addresses are temporarily tracked in memory only for rate limiting purposes and are not stored permanently. Rate limit data expires automatically after a short period.

8. Cookies and Tracking

We do not use cookies for tracking. Our service does not set any tracking cookies, and we do not use Google Analytics or similar tracking tools on our core service pages. Our marketing website may use basic analytics to understand traffic patterns.

9. Third‑Party Services

We use the following third‑party services:

10. Data Retention

We do not retain any form submission data. Log files may contain temporary request metadata but are rotated regularly and not used for identifying individuals. Rate limit data expires within minutes.

11. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children. Since we don't store any data, we never retain children's information.

12. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available at this URL. Continued use of our service constitutes acceptance of any changes.

13. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

FormSubmit is proudly built on Cloudflare Workers. Zero database. Zero storage. Pure privacy.