Privacy policy
Last updated · 22 June 2026
This privacy policy explains how Zentive Systems Ltd ("we", "us", "our") collects, uses, and protects personal data when you use Formvoy — our form-building platform at formvoy.com and app.formvoy.com (the "Service"). It sits alongside our Terms of Service; where the two conflict, the Terms of Service take precedence.
01 · Introduction
Formvoy is operated by Zentive Systems Ltd, a company registered in England and Wales with its registered office at 3700 Parkway, Whiteley, Fareham, PO15 7AW, United Kingdom. We are committed to handling your personal data lawfully, transparently, and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to people who hold a Formvoy account, and to people who submit one of our customers' forms. It describes the two distinct roles we play with data, which we explain in the next section.
02 · Definitions
- Personal Data — any information that identifies, or can be used to identify, a living individual.
- Usage Data — information collected automatically as you use the Service, such as pages viewed and time spent.
- Cookies — small files placed on your device that record information about your visit.
- Customer Data — the content you create and store in Formvoy, including the contacts you add, the forms and templates you build, and the answers people submit to your forms.
- Data Controller — the party that decides why and how personal data is processed.
- Data Processor — a party that processes personal data on a controller's behalf.
Our two roles. We act as a Data Controller for the account and usage information we collect directly from you (for example, your name, email, and how you use the Service). We act as a Data Processor for your Customer Data: when you upload contacts or collect form submissions, you are the controller of that data and we process it only to provide the Service to you and on your instructions.
03 · Information we collect
Information you provide directly
- Account details — your name, email address, company name, and password.
- Contact details — phone number and postal address, where you choose to provide them.
- Billing information — your plan and payment details. Card payments are processed by our payment provider (Stripe); we do not store full card numbers ourselves.
Customer Data you store in Formvoy
- Contacts and lists you add — which may include names, email addresses, phone numbers, company names, tags, and any custom fields you create.
- Forms and templates you build, and their branding and settings.
- Submissions — the answers people give when they complete your forms.
Information from form respondents
When someone submits one of your forms — whether via a private tracked send or a public link or embed — we process the answers they provide on your behalf, together with limited technical data (such as IP address and a timestamp). We use this to deliver the submission to you, to track delivery and opens for tracked sends, and to protect forms from spam and abuse using measures such as honeypot fields, rate limiting, and bot-timing checks.
Information collected automatically
- Usage Data — IP address, browser and device type, operating system, pages visited, time spent, and referring URLs.
- Device identifiers and similar technical information needed to keep you signed in and to keep the Service secure.
04 · How we use your information
- To provide, maintain, and secure the Service and your account.
- To send the forms and reminders you create, either through our platform mail relay or through your own SMTP server where you have configured one.
- To process payments and manage your subscription.
- To communicate with you — service notifications, submission alerts, product updates, and support.
- To analyse usage so we can improve, troubleshoot, and develop the Service.
- To operate the integrations you choose to enable, such as Zapier and webhooks.
- To comply with our legal obligations.
05 · Legal basis for processing
Under the UK GDPR, we rely on the following lawful bases:
- Contract — where processing is necessary to provide the Service you have signed up for.
- Legitimate interests — to run, secure, and improve our business, balanced against your rights and freedoms.
- Consent — for specific purposes where we ask for it, such as certain non-essential cookies. You can withdraw consent at any time.
- Legal obligation — where we are required to process data to comply with the law.
07 · International data transfers
Where personal data is transferred outside the UK or European Economic Area, we put appropriate safeguards in place — such as Standard Contractual Clauses — or we transfer only to jurisdictions recognised as providing an adequate level of protection.
08 · Data retention
We keep personal data only for as long as necessary for the purposes set out in this policy and to meet our legal obligations.
Your Customer Data remains available to you while your account is active. When you delete it, or close your account, we delete or anonymise the associated personal data within 30 days, except where we are required to retain it by law. Residual copies in routine encrypted backups are purged on our standard rolling backup cycle.
10 · Data security
We protect your data with industry-standard measures, including encryption in transit using TLS, strict access controls, and strong tenant isolation so that each workspace's data is kept separate from every other. We take regular encrypted backups.
No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to affect you, we will notify you and the relevant authority as required by law.
11 · Your rights
Under the UK GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased in certain circumstances.
- Restrict or object to our processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent where we rely on it.
To exercise these rights, email dpo@zentive.com. We will respond within one month. If you are a contact or a form respondent and your data was provided to a Formvoy customer, please contact that customer (the data controller) in the first instance; we will support them as their processor.
If you are unhappy with how we have handled your data, you can lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
12 · Children's privacy
The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16, and we will delete such data if we discover we have collected it.
13 · Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review it periodically.
14 · Contact us
For any questions about this policy or your personal data, contact our Data Protection Officer:
- Email — dpo@zentive.com
- Post — Zentive Systems Ltd, 3700 Parkway, Whiteley, Fareham, PO15 7AW, United Kingdom
For general Formvoy questions, email hello@formvoy.com.