Join now

Terms and Conditions

Last updated: 01 January 2025

1. Introduction

These Terms and Conditions (T&Cs) constitute an agreement between Formlio (we, us, or our) and you, the user of our platform, collectively referred to as the Parties and individually as a Party.

By using Formlio's platform, website, or services (collectively referred to as the Platform), you agree to these T&Cs. If you do not accept these T&Cs, you must immediately cease using the Platform.

These T&Cs apply to all Users, including companies, agencies, and individual users. We may amend these T&Cs periodically. Changes will take effect upon their publication on the Platform and notification by email or via a notification on the Platform. Continued use of the Platform constitutes acceptance of the revised T&Cs.

2. Our Services

Formlio provides a web platform enabling Users to create, customise, and send interactive documents and proposals in the form of private web pages.

While we strive to provide uninterrupted access to the Platform, we may perform scheduled or emergency maintenance. Advance notice will be provided where possible.

Certain features may depend on third-party services. Formlio is not responsible for interruptions or issues arising from these services.

Formlio reserves the right to modify or discontinue any feature of the Platform at any time without notice or liability. These changes may include enhancements, updates, or the removal of features that are no longer supported.

3. Your Account

You must create an account (Account) to access the Platform. When registering, you agree to provide accurate, complete, and up-to-date information.

You are responsible for the security of your email account, as it is used to authenticate access to the Platform. You must immediately inform us of any unauthorised access to your email account or any suspected security breach that may compromise access to the Platform.

You are responsible for all activities conducted under your Account, including those of authorised users associated with your agency, company, or organisation.

You must ensure that your authorised users comply with these T&Cs.

4. GDPR Compliance and Data Protection

Our Commitment to the GDPR

Formlio complies with the General Data Protection Regulation (GDPR) and other applicable European data protection laws, ensuring lawful, transparent, and secure processing of Personal Data.

We commit to:

  • Processing Personal Data transparently, lawfully, and for specified legitimate purposes.
  • Enabling Users to exercise their GDPR rights, including access, rectification, erasure, and data portability.
  • Ensuring the confidentiality and security of all Personal Data processed via the Platform.

Data We Collect

We may collect and process the following categories of data:

Personal Data: Name, email address, job title, and other contact details.

Usage Data: Analytics on the use of the Platform, including interactions with proposals and other features.

Financial Data: Payment information necessary for subscription services.

Content Data: Images, videos, fonts, logos, and other content uploaded by Users to the Platform.

Detailed information on the types of data collected and their purposes is available in our Privacy Policy.

Your Rights under the GDPR

As a data subject, you have rights under the GDPR, including the right of access, rectification, erasure, restriction of processing, objection, and data portability. For detailed explanations of these rights, please refer to our Privacy Policy.

To exercise these rights, you may contact us at contact@formlio.com. We will respond to your request within the legal timeframe, typically within 30 days.

In the event of a Personal Data breach, Formlio will inform affected Users in accordance with GDPR requirements.

5. Obligations and Commitments of Users

You agree not to upload, share, or store sensitive data on the Platform (e.g., medical data or data concerning minors) unless it is strictly necessary and in compliance with the GDPR and applicable laws.

You warrant that any content you upload respects the rights of third parties (e.g., copyrights, privacy rights) and does not contain Personal Data of third parties without their prior consent.

You agree to comply with all applicable laws and regulations relating to data protection when using the Platform.

6. Tracking of Proposals

Purpose of Document Tracking

The tracking features analyse engagement with proposals. The data collected includes:

  • When the proposal is opened.
  • Sections viewed.
  • Time spent on each section.
  • When and with whom the proposal is shared by the recipient.

These features ensure:

Security: To control access to proposals by intended recipients and authorised collaborators. Shared proposals are also tracked to maintain security.

Engagement Tracking: To provide the sender with information on the recipient's interaction with the proposals.

Accountability: To maintain a verifiable record of accesses and actions on proposals.

Requirement for Registration

To ensure the security and confidentiality of proposals, recipients must:

  • Provide their email address and authenticate their identity through a secure process.
  • Accept these T&Cs during the authentication process.

Authentication is carried out using a Magic Link sent to the recipient's email, combined with a two-factor authentication (2FA) process for enhanced security. This ensures that only the intended recipient can access the proposal.

Consent is obtained through a clear affirmative action when recipients authenticate their identity and accept these T&Cs. This consent is recorded and securely stored as part of our compliance measures. For recipients of proposals, consent is obtained when they access the proposal via the secure link and accept the tracking practices described in section 6.

Tracking Practices

By accepting the T&Cs during registration, recipients consent to the following tracking practices:

  • Analysis of proposal openings.
  • Identification of sections viewed within the proposal.
  • Measurement of time spent on specific sections.
  • Tracking of proposal shares with others and analysis of their engagement.

Tracking data is accessible only to the sender (e.g., the agency, company, or individual sending the proposal) and is securely stored.

GDPR Compliance

  • The sender of the proposal is the Data Controller, responsible for ensuring GDPR compliance regarding the recipient's data.
  • Formlio acts as the Processor, providing secure tools to facilitate compliance and the operational needs of the sender.
  • A Data Processing Agreement (DPA) is integrated into these T&Cs in Annex A, defining the respective obligations of the User (Data Controller) and Formlio (Processor) concerning the processing of Personal Data in accordance with the GDPR.

7. Sub-processors and Third-Party Services

We collaborate with trusted third-party providers (Sub-processors) to deliver services such as payment processing, hosting, analytics, and support.

We ensure that:

  • All Sub-processors comply with the GDPR and adhere to equivalent data protection standards.
  • Data Processing Agreements (DPAs) are in place to govern their processing of Personal Data.

Formlio cannot be held responsible for the acts or omissions of Sub-processors that are beyond our reasonable control. We disclaim any liability for the actions of these third parties when they are independent of our will. For a detailed list of our Sub-processors, please refer to our Privacy Policy.

International Data Transfers:

  • Formlio does not transfer Personal Data to countries outside the European Economic Area (EEA).
  • Should this change, we commit to fully complying with the GDPR, implementing appropriate safeguards such as standard contractual clauses, and notifying Users in accordance with legal requirements.
  • Users will be informed of any changes concerning international data transfers.

8. Payments and Subscriptions

Formlio operates on a subscription model. Details of subscription levels, fees, and billing periods are available on the Formlio website or can be discussed directly with our sales team.

Payments must be made via approved methods (e.g., credit card, Stripe). Non-payment may result in the suspension or termination of your Account.

Subscriptions automatically renew at the end of each billing cycle unless cancelled at least five (5) days before the renewal date.

Refunds are generally not available. However, we will comply with applicable consumer protection laws regarding refunds for defective services.

Force Majeure

Formlio shall not be held liable for delays or failures in performing its obligations resulting from circumstances beyond its reasonable control, including but not limited to: natural disasters, pandemics, armed conflicts, cyberattacks, third-party service outages, strikes, or any other force majeure event.

9. Intellectual Property

Ownership of the Platform

All intellectual property relating to the Platform, including but not limited to software, source code, designs, user interfaces, and databases, remains the exclusive property of Formlio.

User Content

By uploading content to the Platform (e.g., images, videos, logos), you retain ownership of your content but grant Formlio a limited, non-exclusive licence to use it solely for the operation and improvement of the Platform.

Warranties

You represent and warrant that you own or have the necessary rights to any content you upload.

Mutual Use of Logos

Use of Formlio's Logo: You are authorised to use our name and logo in your marketing materials, presentations, and on your website, solely to indicate that you use our services.

Use of the User's Logo: You grant us permission to use your name and logo in our marketing materials, presentations, and on our website, solely to identify you as one of our clients.

Conditions of Use: Each party agrees to use the other's logo in accordance with any branding guidelines provided, if applicable. Neither party shall use the other's name or logo in a manner that could suggest unauthorised endorsement or association.

Revocation of Permission: Either party may revoke this permission at any time by notifying the other in writing. Upon receipt of such notification, the other party shall cease using the name and logo within a reasonable timeframe.

10. User Conduct

You agree to use the Platform responsibly and must not:

  • Upload content that is illegal, harmful, or infringes upon the rights of others.
  • Share Personal Data of third parties without their consent.
  • Reverse engineer, alter, or misuse the Platform.
  • Use the Platform for any fraudulent or illegal activity.

Formlio reserves the right to suspend or terminate Accounts in the event of violation of these T&Cs.

11. Limitations of Liability

To the maximum extent permitted by law, Formlio:

  • Excludes all liability for indirect or consequential damages, including loss of profits, revenue, customers, or business opportunities.
  • Limits its liability to the total amount paid by you for the services during the twelve (12) months preceding the event giving rise to the liability.

We are not responsible for:

  • Data loss resulting from third-party services.
  • Interruptions caused by scheduled maintenance, disruptions of third-party services, or unforeseen circumstances beyond our control.
  • Loss of customers, contracts, or business opportunities due to technical issues, bugs, or malfunctions of the Platform.

12. Termination

You may terminate your subscription by giving notice via your Account settings. Termination will take effect at the end of the current billing cycle.

Formlio reserves the right to terminate or suspend Accounts for non-compliance with these T&Cs or non-payment of subscription fees.

Upon termination, we may delete your data within thirty (30) days, unless retention is required by law. You may request earlier deletion by contacting us at contact@formlio.com.

13. Confidentiality

Use of the Platform is subject to our Privacy Policy, which describes how we collect, store, and process Personal Data. By using the Platform, you agree to the terms outlined in our Privacy Policy.

14. Dispute Resolution and Governing Law

These T&Cs are governed by French law and the General Data Protection Regulation (GDPR).

Any dispute relating to these T&Cs shall be subject to the exclusive jurisdiction of the competent courts of Paris, France.

In the event of a dispute, the Parties agree to attempt an amicable resolution through mediation before initiating legal proceedings.

15. International Users

The Platform is accessible to Users worldwide. If you access the Platform from a country other than France, you are responsible for complying with applicable local laws.

By using the Platform, you agree that these T&Cs and any relationship between you and Formlio are governed by French law, without prejudice to mandatory provisions of local law that may apply.

16. Definitions

Platform: Refers to Formlio's services for the creation and management of proposals.

Users: Refers to individuals, companies, or organisations that use the Formlio Platform to create and send proposals. Users are typically agencies, freelancers, or companies using Formlio to interact with their clients or prospects.

Recipients: Refers to individuals or entities who receive proposals created and sent by Users via the Formlio Platform. Recipients may include the User's clients, collaborators, or any other authorised party to whom the User grants access to a proposal.

Magic Link: A secure, time-limited email link used for authentication.

Personal Data: Any information that can identify an individual, such as name, email address, job title, or other contact details. This includes all data collected via the Platform in the context of proposal engagement, such as tracking interactions.

Tracking of Interactive Documents: The process of collecting and analysing data on Recipients' engagement with interactive documents sent via the Platform, including but not limited to information on document openings, sections viewed, time spent on each section, and any shares with third parties.

Data Controller: Refers to the User who creates and sends proposals via the Formlio Platform. The Data Controller determines the purposes and means of processing Personal Data in the context of the proposal and ensures compliance with data protection laws.

Processor: Refers to Formlio, which provides the tools and infrastructure to process Personal Data on behalf of the Data Controller (the User). Formlio operates in compliance with the GDPR and other applicable laws.

Sub-processors: Third-party providers engaged by Formlio to process Personal Data on behalf of the Platform (e.g., hosting providers, payment processors). All Sub-processors are GDPR-compliant and operate under strict data processing agreements.

17. Contact

For any questions or concerns regarding these T&Cs, please contact us at contact@formlio.com.

By accepting these Terms and Conditions, you acknowledge that you have read, understood, and agreed to them in their entirety, including the Data Processing Agreement (DPA) in Annex A below.

Annex A: Data Processing Agreement (DPA)

Between:

  • The Data Controller: The User of the Formlio Platform, as defined in these T&Cs.

And

  • The Processor: Formlio, represented by Marianne Amaudric.

Preamble:

This Data Processing Agreement ("DPA") forms an integral part of Formlio's T&Cs. It sets out the terms under which the Processor agrees to process Personal Data on behalf of the Data Controller, in accordance with Article 28 of the GDPR.

1. Purpose of the Agreement

The Processor is authorised to process the Personal Data necessary to provide the Platform services, as defined in the T&Cs.

2. Duration of the Agreement

This DPA is valid for the duration of the Data Controller's use of Formlio's services.

3. Nature and Purpose of Processing

The processing of Personal Data aims to enable the Data Controller to create, customise, and send interactive proposals in the form of private web pages, and to analyse Recipient engagement with these proposals.

4. Types of Personal Data and Categories of Data Subjects

  • Types of Personal Data: Names, email addresses, job titles, contact details, and usage data related to engagement with proposals.
  • Categories of Data Subjects: Recipients of proposals sent by the Data Controller.

5. Obligations of the Processor

The Processor undertakes to:

a) Process Personal Data only on documented instructions from the Data Controller, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by Union or Member State law.

b) Ensure the confidentiality of the processed Personal Data.

c) Implement appropriate security measures in accordance with Article 32 of the GDPR.

d) Not engage another processor (Sub-processor) without prior specific or general written authorisation from the Data Controller. Sub-processors already used are listed in the Privacy Policy.

e) Assist the Data Controller in ensuring compliance with obligations regarding security, notification of Personal Data breaches, data protection impact assessments, and prior consultation.

f) Notify the Data Controller without undue delay after becoming aware of a Personal Data breach.

g) Assist the Data Controller in responding to requests to exercise data subjects' rights (right of access, rectification, erasure, etc.).

h) Delete or return all Personal Data to the Data Controller at the end of the service provision, and destroy existing copies unless Union or Member State law requires storage of the Personal Data.

i) Make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.

6. Obligations of the Data Controller

The Data Controller undertakes to:

a) Provide the Processor with the Personal Data necessary for processing.

b) Document in writing any instruction concerning the processing of Personal Data by the Processor.

c) Ensure, before and throughout the processing, compliance with the GDPR obligations on the Processor's part.

d) Supervise the processing, including conducting audits and inspections of the Processor.

7. Subsequent Sub-processing

The Processor is authorised to engage the Sub-processors listed in the Privacy Policy. The Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Data Controller the opportunity to object to such changes.

8. Transfers of Data Outside the EEA

The Processor may transfer Personal Data outside the European Economic Area (EEA) in the course of providing the services, including when using third-party services as described in the Privacy Policy. The Processor undertakes to:

a) Comply with the GDPR provisions relating to international data transfers, ensuring that Personal Data benefits from an adequate level of protection.

b) Implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission.
  • Additional technical and organisational measures to ensure the protection of Personal Data, including encryption and data minimisation.

c) Inform the Data Controller of planned transfers outside the EEA, including the recipient countries and the safeguards in place, in accordance with legal requirements.

d) Assist the Data Controller in meeting obligations related to international data transfers, including by providing the necessary information to demonstrate compliance.

9. Data Security

The Processor implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

10. Confidentiality

The Processor ensures that persons authorised to process Personal Data are committed to confidentiality or are under an appropriate statutory obligation of confidentiality.

11. Notification of Data Breaches

In the event of a Personal Data breach, the Processor shall notify the Data Controller without undue delay after becoming aware of the breach.

12. Termination of the Agreement

At the end of the provision of services relating to processing, the Processor undertakes, at the Data Controller's choice, to delete all Personal Data or return it to the Data Controller, and to delete existing copies unless Union or Member State law requires storage of the Personal Data.

13. Governing Law and Jurisdiction

This DPA is governed by French law. Any dispute relating to its interpretation or execution shall be subject to the exclusive jurisdiction of the competent courts of Paris, France.

By accepting these T&Cs, you also agree to the terms of the Data Processing Agreement (DPA) set out in Annex A.