Skip to content

Data & Privacy

Data & Privacy

Section titled “Data & Privacy”

FormFlow is built to support your GDPR compliance obligations. This page explains how customer data is handled, what happens when customers request their data or deletion, and how you can manage data on their behalf.

What Data FormFlow Stores

Section titled “What Data FormFlow Stores”

For each form submission, FormFlow stores:

  • The customer’s email address
  • All field values the customer entered
  • The submission date and time
  • The sync status for each connected CRM

FormFlow does not store payment information, passwords, or Shopify session data.

Customer Data Requests

Section titled “Customer Data Requests”

If a customer requests a copy of their data (as required under GDPR), you can export their submissions from the Submissions page:

  1. Filter submissions by the customer’s email address
  2. Select their submissions
  3. Click Export selected to download a CSV

Customer Data Deletion

Section titled “Customer Data Deletion”

If a customer requests deletion of their data, FormFlow will delete all submissions and sync records associated with that customer’s email when notified through Shopify’s GDPR process.

You can also manually delete individual submissions from the Submissions page.

When the App is Uninstalled

Section titled “When the App is Uninstalled”

When you uninstall FormFlow from your Shopify store, all data associated with your store — including forms, submissions, CRM configurations, and export history — is permanently deleted within the timeframe required by Shopify.

Credential Security

Section titled “Credential Security”

CRM credentials (API keys, tokens, secrets) you enter in Settings are encrypted before being stored. They are never stored in plain text.