Privacy Policy

Last updated: 18 May 2026

AutomateForm ("we", "us", or "our") is operated by ASIT Solutions. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at automateform.com (the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and organisation name. Your password is hashed using bcrypt and is never stored in plain text.

1.2 Form Submission Data

AutomateForm stores form submissions, collection records, and associated metadata that you or your users submit through the platform. Sensitive field values are encrypted at rest using AES-256-GCM encryption.

1.3 Usage & Analytics Data

We collect anonymised usage metrics such as page views and feature usage through Vercel Analytics. This data is aggregated and cannot be used to personally identify you.

1.4 Cookies

We use essential cookies for authentication and session management. For more details, see our Cookie Policy.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Authenticate your identity and manage your session.
• Process subscription payments via Razorpay.
• Send transactional emails (e.g. password resets, OTP verification, billing alerts).
• Enforce usage limits based on your subscription plan.
• Respond to support requests.

3. Data Sharing

We do not sell your data to third parties. We share data only with the following service providers, strictly for operating the platform:

• Razorpay - for processing subscription payments. Razorpay receives your email and organisation name during checkout.
• Vercel - for hosting and anonymised analytics.
• MongoDB Atlas - for database hosting. Data is encrypted at rest and in transit.
• SMTP provider - for sending transactional emails (password resets, OTPs, billing notifications).

4. Data Isolation & Security

All data is isolated per tenant workspace. One tenant's data is never accessible to another. We employ the following security measures:

• AES-256-GCM encryption for sensitive field values.
• Bcrypt password hashing with a cost factor of 12.
• JWT-based session tokens with secure, HTTP-only cookies.
• API key authentication with hashed storage.
• Rate limiting on all public and authenticated endpoints.
• Webhook signature verification (HMAC-SHA256).

5. Data Retention

Your data is retained for as long as your account is active. You may export or delete your data at any time from the dashboard. If you cancel your subscription, your data is preserved and remains accessible. If you wish to permanently delete your account and all associated data, contact us at the email below.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Export your data (submissions, collections) in JSON or CSV format.
• Request deletion of your account and associated data.
• Withdraw consent for non-essential cookies at any time.

7. Children's Privacy

AutomateForm is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a dashboard notification. Continued use of the Service after changes constitutes acceptance.

9. Contact

If you have questions about this privacy policy or your data, reach out at business@asit-solutions.in.