Privacy Policy

1. Controller and processor roles

For account and billing information, we act as the data controller. For the data your organization collects through forms it builds on the Service (including form answers and submitter details), the customer workspace is the controller and we act as a processor on its behalf. If you submitted a form to an organization that uses Formio, contact that organization to exercise your rights over that data.

2. Information we collect

• Account data: email address and a password (stored only as a salted hash, never in plain text).
• Workspace data: workspace, location, and form configuration you create.
• Form submissions: the answers submitted through your forms, plus, for audit-trail integrity, the submitter's IP address and browser user agent at the time of submission.
• Operational records: a timestamped audit log of actions taken in a workspace.

Form answers are free-form and may contain sensitive information, including information about children, depending on how a customer configures its forms. Customers are responsible for what they collect and for having a lawful basis to collect it.

3. How we use information

We use personal information to provide and operate the Service, authenticate users, maintain a tamper-evident audit trail, communicate about your account, detect and prevent abuse, and comply with legal obligations. We do not use form submission content to train machine-learning models.

4. Cookies and tracking

The Service uses only strictly necessary browser storage to keep you signed in (Supabase authentication token under the key sb-<ref>-auth-token and your active workspace under formio.activeWorkspaceId). We do not use third-party advertising or analytics trackers, and we do not sell or share personal information for cross-context behavioral advertising. Because there is no such data flow, a Global Privacy Control (GPC) signal has nothing in the Service to opt out of; we still note the receipt of GPC in our records.

5. Sub-processors

We share information with vendors that operate the Service for us:

• Supabase - database, authentication, and storage (United States).
• Cloudflare - application hosting and content delivery (United States).
• Resend - transactional email delivery (planned; will be confirmed here before the first email is sent through it).
• Stripe - payment processing (planned; will be confirmed here before billing is activated).

6. International transfers

Data is processed in the United States. For transfers from the EU, UK, or Switzerland, we rely on Standard Contractual Clauses or an equivalent safeguard. Request a copy from privacy@mesquitedev.com.

7. Retention

We keep account data for the life of the account and for a limited period afterward as needed for legal and security purposes. Form submissions and audit records are retained for as long as the customer workspace keeps them. Submission records are designed to be immutable; corrections are recorded as tracked amendments rather than overwrites.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights for account data, email privacy@mesquitedev.com. EU, UK, and EEA residents may also lodge a complaint with their local supervisory authority.

9. Security

We use technical and organizational measures appropriate to the data, including encryption in transit and at rest, row-level access controls that isolate each workspace's data, and an append-only audit log. No system is perfectly secure, and we do not guarantee absolute security. If a personal-data breach affects you, we will notify you and the relevant supervisory authority without undue delay, and within 72 hours of becoming aware where required by law.

10. Children

The Service is intended for use by organizations and their staff, not by children. We do not knowingly collect personal information directly from children under 13. Customers may collect information about minors through their own forms; that processing is the customer's responsibility as controller.

11. Visitation add-on data

For customers using the optional visitation add-on, additional categories of data are processed: case identifiers and court order summaries; party names and roles (including minor children); court-ordered restrictions; scheduled and actual visit times; supervisor identity; check-in/out timestamps; optional latitude/longitude (only when the supervising user has granted GPS consent and may withdraw at any time); factual observation summaries; and incident records. Each finalized session and incident receives a SHA-256 content hash that is chained per case, producing a tamper-evident record. We do not use this data to train models, share it with third-party analytics, or use it for advertising. Records are retained per the customer's configured retention period (default seven years).

12. Changes and contact

We may update this policy; the "Last updated" date reflects the latest change. Questions or requests: privacy@mesquitedev.com, Mesquite Dev LLC, c/o registered agent, Arizona (postal address available on request to privacy@mesquitedev.com).