Skip to main content
AwesomeFor.ms

Privacy Policy

Last updated: 2026-04-09

Introduction

AwesomeFor.ms ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our service at awesomefor.ms.

This policy applies to all visitors and users of AwesomeFor.ms.

Data controller

The data controller is Antonin CLAUZIER, operating under the trade name clauzier.dev.

Email: contact[at]awesomefor.ms

Conformément à l'article 37 du RGPD, AwesomeFor.ms n'est pas tenu de désigner un Délégué à la Protection des Données (DPD). Pour toute question relative à la protection de vos données, vous pouvez nous contacter à l'adresse email ci-dessus.

Data collected

Account data

  • Email address (required for authentication)
  • Display name (optional)
  • Passkey credentials (securely stored for passwordless login)
  • Language and theme preferences

Form data

  • The forms you create (structure, fields, settings)
  • Responses submitted to your forms

Payment data

  • The last four digits of your credit card (for display purposes only)
  • Your card expiration date
  • A secure card token (stored by Stancer, our payment provider)

We never store your full credit card number. Payment processing is entirely delegated to Stancer.

Technical data

  • IP address (for rate limiting and security)
  • Browser type and version (via server logs)

Analytics

We use Rybbit, a privacy-friendly, cookie-free analytics tool. It does not collect personal data and does not track users across sites. No consent banner is required.

Cookies

We only use strictly necessary cookies:

Nom Finalité Durée Type
laravel_session Authentification et session utilisateur Session (supprimé à la fermeture du navigateur) Strictement nécessaire
locale Mémorise la langue choisie 1 an Strictement nécessaire
theme_dark Mémorise le choix mode clair/sombre 1 an Strictement nécessaire
XSRF-TOKEN Protection contre les attaques CSRF Session Strictement nécessaire

We do not use any advertising, tracking, or third-party cookies.

Use of data

  • To provide and maintain the Service
  • To authenticate you securely (magic links and passkeys)
  • To send you transactional emails (login links, confirmations, quota notifications, payment reminders)
  • To improve the Service based on aggregated and anonymized usage data

We do not sell, rent, or share your personal data with third parties for commercial purposes.

Legal basis for processing

In accordance with the GDPR (Article 6), we process your personal data on the following legal bases:

  • Performance of contract (Article 6.1.b) — to provide the Service, manage your account, process form responses, and manage your subscription and payments.
  • Legitimate interest (Article 6.1.f) — to ensure Service security, prevent abuse, and improve the Service.
  • Legal obligation (Article 6.1.c) — retention of billing data in accordance with the French Commercial Code.
  • Consent (Article 6.1.a) — where applicable (e.g., future optional communications).

Sub-processors

We use the following sub-processors for the operation of the Service:

  • Hetzner Online GmbH (Germany) — hosting the Service and data on a dedicated server located in Germany (EU).
  • Stancer (France) — credit card payment processing. PCI DSS certified.
  • Mistral AI (France) — AI-powered form generation.
  • Forward Email (United States) — sending transactional emails (notifications, login links, reminders).
  • Rybbit (Germany, self-hosted on Hetzner) — privacy-friendly analytics (no personal data collected).

Some data is transferred outside the European Union (Forward Email, United States). These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs), in accordance with Article 46 of the GDPR.

Hosting and security

Your data is hosted by Hetzner Online GmbH on a dedicated server located in Germany (EU). We use encryption in transit (TLS/HTTPS) and automatic daily backups with 7-day retention.

Error monitoring is handled by a self-hosted GlitchTip instance — no data leaves our infrastructure for this purpose.

Data retention

Your account data is retained as long as your account is active. Form data and responses are retained until you delete them.

After subscription cancellation, your data remains accessible in read-only mode for 30 days, then is permanently deleted.

When you delete your account, all associated data is permanently deleted within 30 days.

Specific retention periods

  • Billing data: 10 years (legal obligation, French Commercial Code art. L123-22)
  • Technical logs (IP addresses): 12 months
  • Backups: 7 days after deletion of source data

Your rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to erasure of your data
  • Right to data portability in a structured format
  • Right to object to or restrict the processing of your data
  • Right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés — www.cnil.fr), the French data protection authority, under Article 77 of the GDPR
  • Right to withdraw your consent at any time, where processing is based on consent (Article 7.3 of the GDPR), without affecting the lawfulness of processing carried out before the withdrawal

To exercise any of these rights, contact us at the address below. We commit to responding to your request within one month, in accordance with Article 12.3 of the GDPR.

Violation de données

En cas de violation de données personnelles, nous nous engageons à notifier la CNIL dans un délai de 72 heures conformément à l'article 33 du RGPD, et à informer les personnes concernées lorsque la violation présente un risque élevé pour leurs droits et libertés (article 34 du RGPD).

Contact

For any questions regarding the protection of your data:

Email: contact[at]awesomefor.ms