SyncForm Privacy Policy

Last updated: May 18, 2026 · Effective immediately for new installs.

SyncForm is a Google Workspace add-on that routes Google Forms responses to destinations you choose. We see only the forms you explicitly connect, and we never use submission data to train AI models, target advertising, or build user profiles.

1. Who we are

SyncForm is built and operated by Blossomn, a software studio in India. The Blossomn team is the data fiduciary for the personal data described below under India's Digital Personal Data Protection Act, 2023 (DPDP Act), and the data controller for users in jurisdictions where GDPR applies.

Email info@blossomn.com with any privacy question — a real person reads every message.

2. Google API Services User Data Policy — Limited Use disclosure

In plain English:

• We only access Google Forms data for the forms you explicitly install SyncForm on.
• We do not use Google user data to train generalised or third-party AI/ML models.
• We do not allow humans to read your form data, except (a) with your explicit consent during a support request, (b) where necessary for security purposes such as investigating abuse, or (c) to comply with applicable law.
• We do not transfer Google user data to third parties except to deliver or improve SyncForm's user-facing features (e.g., routing a submission to your chosen destination) and only as needed.
• We do not sell Google user data.

3. Google OAuth scopes we request

SyncForm requests only the scopes it needs to run. The current list:

• script.container.ui — render the add-on's side panel inside Google Forms.
• forms.currentonly — read the questions and submissions of the specific form the side panel is open in.
• script.scriptapp — install the form-submission trigger that fires your workflows.
• script.external_request — call out to your configured destinations (Slack, Notion, Discord, webhook, etc.).
• gmail.send — only when you enable the Email channel; lets SyncForm send the message you wrote, from your account, to the address you specified.
• userinfo.email — to associate your subscription with the right Google account.

We never request access to Drive, Calendar, Contacts, or other Forms in your account. You can revoke SyncForm at any time at myaccount.google.com/permissions — removal is immediate.

4. What data SyncForm processes

Account & subscription data

• Your Google account email and unique ID (so we know whose subscription is whose).
• Workspace domain (if applicable) for domain-wide installs.
• Plan, billing status, and the last 4 digits of your card (the full card never touches our servers — see Section 7).

Workflow configuration

• Which form, which destination, the message template you wrote, conditional rules, scheduling settings.
• OAuth tokens for the destinations you connected (Slack, Notion, Discord, Google Chat). Tokens are encrypted at rest.
• Webhook URLs and the auth credentials (bearer tokens, HMAC secrets) you provided.

Form submission payloads (in-flight only)

• When someone submits one of your forms, SyncForm receives the field values, renders your template, and dispatches the message.
• The full payload is held in memory only long enough to deliver it — typically under three seconds. We do not log raw field values to long-term storage.
• If a delivery fails, we keep the error response (without the payload) for 30 days so you can debug it from the side panel.

Delivery metadata

• Timestamp, destination, status (success / failure / retried), latency, and bytes sent — kept for 30 days for debugging and quota counting.
• For tracked emails (Pro plan, opt-in per workflow): open and click events with the email address that performed them, kept for 90 days.

Diagnostic data

• Side-panel error stack traces (with PII scrubbed at the SDK).
• Feature interactions — e.g., "user opened conditional editor" — without the contents of what they edited.
• Approximate IP-based country, app version, and browser model for capacity planning.

5. Why we process it (legal bases)

• Performance of the contract we have with you to operate SyncForm (routing, scheduling, tracking, billing).
• Legitimate interests in keeping the service secure (abuse detection, error logging).
• Consent where you've explicitly turned a feature on (e.g., open/click tracking on a specific workflow).
• Legal obligation for tax/accounting record retention and lawful disclosure requests.

6. Retention

• Submission payloads: in-memory only; purged after delivery (typically <3s).
• Delivery metadata & error logs: 30 days, then deleted.
• Open/click events: 90 days (when tracking is enabled).
• Workflow configs & OAuth tokens: kept until you delete the workflow or uninstall SyncForm.
• Account & billing records: retained for 7 years after account closure, as required by Indian tax law.
• Backups: rolling 30-day backups; deletion requests are honoured in the next backup cycle.

7. Subprocessors we share data with

We use a small set of vetted providers, each bound by a data-processing agreement. Current list:

• Amazon Web Services (ap-south-1, Mumbai) — hosting, storage, queueing.
• Cloudflare — DDoS protection, edge logs.
• Sentry — error reporting with PII scrubbed.
• Paddle.com Market Limited — Merchant of Record for subscriptions; handles card data, sales tax, and refunds. Paddle's privacy notice.
• Postmark — transactional email (receipts, security notices to you).
• Google Workspace Marketplace — distribution.
• Twilio — only when the SMS channel is enabled; receives the phone number and message text you configure.

When you configure a destination channel (Slack, Notion, Discord, Google Chat, your webhook URL), SyncForm transmits the rendered message to that destination. We don't control what those destinations do with it — that's governed by their own privacy policies.

We will update this list at least 30 days before adding a new subprocessor that processes personal data.

8. International transfers

Our primary infrastructure runs in AWS Mumbai (ap-south-1). Some subprocessors (Paddle, Sentry, Cloudflare, Twilio) process data in the US and the EU. Where personal data moves out of India or the EEA, we rely on the contractual safeguards each provider offers (Standard Contractual Clauses for EEA data; equivalent safeguards under DPDP rules for Indian data).

9. Security

All traffic uses TLS 1.2+. Stored OAuth tokens, webhook secrets, and configuration are encrypted at rest with AES-256. Production database and key-management access is gated by a hardware security key and full audit logging.

We run automated dependency scans and review every code change. If you discover a vulnerability, email info@blossomn.com with "Security" in the subject — we read these within one business day and operate a coordinated-disclosure policy.

If we ever experience a data breach affecting your personal data, we'll notify you and the Data Protection Board of India within 72 hours of becoming aware of it.

10. Your rights

Wherever you live, you can ask us to:

• Confirm what personal data we hold and get a copy of it.
• Correct anything that's wrong.
• Delete your SyncForm account and the associated data (uninstalling from Workspace Marketplace also triggers deletion).
• Export your data (JSON).
• Withdraw consent for any optional feature (e.g., turn off open/click tracking).
• Nominate another person to exercise these rights on your behalf in case of incapacity or death (DPDP Act §14).

Email info@blossomn.com. We respond within 7 business days and complete most requests within 30 days. If you believe we've mishandled your data, you may complain to the Data Protection Board of India or, for EU/UK residents, your local supervisory authority.

11. Cookies on this website

The SyncForm marketing site uses one first-party cookie for session continuity and a cookieless analytics tool that records page views and country without setting cookies or tracking individuals. There are no advertising cookies, no Facebook pixel, no Google Analytics, no remarketing tags.

12. Children

SyncForm isn't designed for or directed at children under 18. We don't knowingly create accounts for, or collect personal data from, children. Under India's DPDP Act, processing children's data requires verifiable parental consent, which we don't solicit. If you believe a child has signed up, email us and we'll delete the account promptly.

13. Changes

If we make a material change to this policy we'll email account holders and post a notice on this page at least 14 days before it takes effect. Smaller corrections (typo fixes, clarifications) will just bump the "Last updated" date above.

14. Contact

Grievance Officer: Blossomn Team · info@blossomn.com · Operated from India. We aim to acknowledge every privacy request within one business day.