Skip to main content
AwesomeFor.ms

Privacy Policy

Last updated: 2026-04-09

Introduction

AwesomeFor.ms ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our service at awesomefor.ms.

This policy applies to all visitors and users of AwesomeFor.ms.

Data controller

The data controller is Antonin CLAUZIER, operating under the trade name clauzier.dev.

Email: contact[at]awesomefor.ms

In accordance with Article 37 of the GDPR, AwesomeFor.ms is not required to appoint a Data Protection Officer (DPO). For any questions regarding the protection of your data, you can contact us at the email address above.

Data collected

Account data

  • Email address (required for authentication)
  • Display name (optional)
  • Passkey credentials (securely stored for passwordless login)
  • Language and theme preferences

Form data

  • The forms you create (structure, fields, settings)
  • Responses submitted to your forms

Payment data

  • The last four digits of your credit card (for display purposes only)
  • Your card expiration date
  • A secure card token (stored by Stancer, our payment provider)

We never store your full credit card number. Payment processing is entirely delegated to Stancer.

Technical data

  • IP address (for rate limiting and security)
  • Browser type and version (via server logs)

Analytics

We use Rybbit, a privacy-friendly, cookie-free analytics tool. It does not collect personal data and does not track users across sites. No consent banner is required.

Cookies

We only use strictly necessary cookies:

Name Purpose Duration Type
laravel_session Authentication and user session Session (deleted when the browser is closed) Strictly necessary
locale Remembers the chosen language 1 year Strictly necessary
theme_dark Remembers the light/dark mode choice 1 year Strictly necessary
XSRF-TOKEN Protection against CSRF attacks Session Strictly necessary

We do not use any advertising, tracking, or third-party cookies.

Use of data

  • To provide and maintain the Service
  • To authenticate you securely (magic links and passkeys)
  • To send you transactional emails (login links, confirmations, quota notifications, payment reminders)
  • To improve the Service based on aggregated and anonymized usage data

We do not sell, rent, or share your personal data with third parties for commercial purposes.

Legal basis for processing

In accordance with the GDPR (Article 6), we process your personal data on the following legal bases:

  • Performance of contract (Article 6.1.b) — to provide the Service, manage your account, process form responses, and manage your subscription and payments.
  • Legitimate interest (Article 6.1.f) — to ensure Service security, prevent abuse, and improve the Service.
  • Legal obligation (Article 6.1.c) — retention of billing data in accordance with the French Commercial Code.
  • Consent (Article 6.1.a) — where applicable (e.g., future optional communications).

Sub-processors

We use the following sub-processors for the operation of the Service:

  • OVHcloud SAS (France) — hosting of the Service and data in France (EU).
  • Stancer (France) — credit card payment processing. PCI DSS certified.
  • Mistral AI (France) — AI-powered form generation.
  • Forward Email (United States) — sending transactional emails (notifications, login links, reminders).
  • Rybbit (France, self-hosted on OVHcloud) — privacy-friendly analytics (no personal data collected).

Some data is transferred outside the European Union (Forward Email, United States). These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs), in accordance with Article 46 of the GDPR.

Hosting and security

Your data is hosted by OVHcloud SAS in France (EU).

Error monitoring is handled by a self-hosted GlitchTip instance — no data leaves our infrastructure for this purpose.

Data retention

Your account data is retained as long as your account is active. Form data and responses are retained until you delete them.

After subscription cancellation, your data remains accessible in read-only mode for 30 days, then is permanently deleted.

When you delete your account, all associated data is permanently deleted within 30 days.

Specific retention periods

  • Billing data: 10 years (legal obligation, French Commercial Code art. L123-22)
  • Technical logs (IP addresses): 12 months
  • Backups: 7 days after deletion of source data

Your rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to erasure of your data
  • Right to data portability in a structured format
  • Right to object to or restrict the processing of your data
  • Right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés — www.cnil.fr), the French data protection authority, under Article 77 of the GDPR
  • Right to withdraw your consent at any time, where processing is based on consent (Article 7.3 of the GDPR), without affecting the lawfulness of processing carried out before the withdrawal

To exercise any of these rights, contact us at the address below. We commit to responding to your request within one month, in accordance with Article 12.3 of the GDPR.

Data breach

In the event of a personal data breach, we undertake to notify the CNIL within 72 hours in accordance with Article 33 of the GDPR, and to inform the data subjects when the breach is likely to result in a high risk to their rights and freedoms (Article 34 of the GDPR).

Contact

For any questions regarding the protection of your data:

Email: contact[at]awesomefor.ms