Introduction

Welcome to NetPad ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our form builder and data management platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

• Register for an account (email address, display name)
• Create or join an organization
• Connect to MongoDB databases (encrypted connection strings)
• Submit responses to forms
• Contact us for support

Information Collected Automatically

When you access our service, we may automatically collect:

• Device information (browser type, operating system)
• IP address (for security and rate limiting)
• Usage data (pages visited, features used)
• Cookies and similar tracking technologies

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our services
• Authenticate your identity and manage your account
• Process and store your form data securely
• Send you service-related communications
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve our service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/SSL
• Database connection strings are encrypted using AES-256-GCM
• Passwords are never stored; we use passwordless authentication
• Session data is secured with HTTP-only, secure cookies
• Regular security audits and vulnerability assessments

Your MongoDB connection strings are stored in our secure Connection Vault with organization-level isolation. Each organization's data is stored in a separate database namespace for maximum security.

Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

With Your Consent

We may share your information when you have given us explicit consent to do so.

Service Providers

We may share information with third-party service providers who perform services on our behalf, such as email delivery, hosting, and analytics (if you have consented to analytics cookies).

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

Your Privacy Rights

Depending on your location, you may have the following rights:

For All Users

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and data
• Export your data in a portable format
• Withdraw consent for optional data processing
• Opt out of marketing communications

For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, visit your Privacy Settings or contact us at the email below.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences at any time.

For detailed information about the cookies we use and your choices, please see our Cookie Policy.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Form submission data is retained according to your organization's data retention policy, which can be configured in your organization settings.

Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. We ensure appropriate safeguards are in place for such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice (such as email notification).

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: