Privacy Policy

Last Updated: November 26, 2025

1. Introduction

A11y Form Validator ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Webflow Designer Extension and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, full name, Webflow user ID, and authentication credentials
  • Site Information: Webflow site IDs, site names, domain information, and workspace IDs
  • Form Configuration Data: Validation settings, custom messages, file upload rules, and styling configurations
  • Payment Information: Billing information processed securely through Stripe (payment data is stored by Stripe, not by us)

2.2 Automatically Collected Information

  • Usage Analytics: Form validation events, extension usage patterns, feature utilization, and error logs
  • Technical Data: IP addresses, browser type, device information, timestamps, and session information

2.3 Third-Party Data

We access data from your Webflow account through OAuth, including site information, form structures, page data, and workspace information.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our form validation services
  • Account Management: To create and manage your account, process subscriptions, and handle billing
  • Communication: To send you service-related notifications, updates, and support communications
  • Analytics: To analyze usage patterns, improve our services, and develop new features
  • Security: To detect, prevent, and address technical issues, fraud, or security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using Supabase (database and authentication), Stripe (payment processing, PCI DSS compliant), and Netlify (application hosting with industry-standard security measures).

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Secure authentication and authorization
  • Regular security audits and updates
  • Access controls and monitoring
  • Data backup and recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service: Supabase, Stripe, Netlify, and Webflow. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to court orders, government requests, enforcement of our Terms of Service, or protection of our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Correction

  • Access your personal data through your account settings
  • Update your profile information at any time
  • Request a copy of your data

6.2 Data Deletion

  • Delete your account and associated data through your account settings
  • Request deletion of specific data by contacting us
  • Note: Some data may be retained for legal or legitimate business purposes

6.3 Email Preferences

Manage your email notification preferences in your account settings. You can opt out of marketing communications (service-related emails may still be sent).

6.4 Data Portability

Request an export of your data in a machine-readable format.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, analyze usage patterns, and improve our Service. You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

10. Data Retention

We retain your personal information for as long as necessary to provide our Service to you, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information, except where retention is required by law.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification (for significant changes). Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

A11y Form Validator
Website: https://www.a11yformvalidator.com

15. Data Controller Information

Data Controller: Graceful Web Studio
Service: A11y Form Validator