This policy applies to all individuals and organizations using DForms, whether under a personal, professional, or enterprise account. It governs all interactions with the service, regardless of geographic location.

Data Controller / Processor Role:

For personal accounts, NCOG Limited acts as the Data Controller.

For enterprise accounts, NCOG Limited acts as a Data Processoron behalf of the organization administering the account, following their lawful instructions.

Applicable Laws:

While this policy is governed by the laws of the State of Florida, United States, mandatory local data protection laws(such as GDPR, CCPA, or equivalent) will also apply and shall not be overridden by this choice of law.

We collect only the information necessary to provide our services securely and efficiently.

You provide us with:

• Basic account details: name, email, and authentication credentials.
• Organization details, if you’re part of a managed team.
• Form content you create (questions, logic, options).
• Responses submitted to your forms.

We collect automatically:

• Device and connection data (browser, OS, IP address, time zone).
• Service usage logs (e.g., login times, created or submitted forms).
• Wallet identifiers or public keys (if blockchain services are enabled).

Sensitive Data Responsibility:

We do not collect sensitive personal data unless necessary for specific services and with your explicit consent. If you use DForms to collect sensitive data (such as health, financial, or political information), you are solely responsible for obtaining lawful consent and complying with applicable privacy regulations.

We do not:

• Use invasive trackers or profiling technologies.
• Collect unnecessary personal information.

We use your data only to deliver the services you signed up for — no profiling, no data resale, no unauthorized tracking.

Specifically, we use your data to:

• Provide and maintain DForms functionality.
• Authenticate and secure your account.
• Process and store form responses.
• Respond to support requests and inquiries.
• Communicate system updates or policy changes.
• Enforce our Terms of Service and comply with legal obligations.

Your data is never used for advertising or sold to third parties.

DForms is built on a privacy-first architecture. Form responses and content are encrypted using modern cryptographic standards.

Depending on the feature or form type, your data may be:

• Stored in decentralized nodes with no central point of failure.
• Synced securely through encrypted channels.
• Distributed across redundant servers for availability and recovery.

We have implemented administrative, physical, and technical safeguards to protect your data from unauthorized access, alteration, or disclosure.

We use minimal cookies to maintain session integrity and remember your preferences.

Cookies are only used for:

• Authentication (e.g., remembering you are logged in).
• Feature optimization (e.g., interface settings).
• Security (e.g., preventing CSRF attacks).

We do not use third-party advertising or behavioral tracking cookies.

Note: Disabling cookies may affect the functionality and user experience of DForms.

Depending on your location and applicable laws (e.g., GDPR, CCPA), you have the right to:

• Access the data we hold about you.
• Update or correct inaccurate information.
• Delete your account and personal data.
• Export your data in a portable format.
• Object to data processing or restrict it in certain cases.

You can make these requests by contacting us at [email protected].

We only share your data under these circumstances:

Service Providers:

We may work with infrastructure and security vendors to deliver DForms. They are contractually bound to protect your data, act only on our instructions, and maintain confidentiality.

Legal Obligations:

If legally required, we may disclose limited information to law enforcement or regulatory agencies, but never decrypted content unless legally compelled and technically possible.

Enterprise Accounts:

If your account is managed by an organization, the administrator may have access to your forms and usage, subject to your organization’s internal policies.

Third-Party Integrations:

If you connect DForms to third-party services, their data handling is governed by their own privacy policies. We are not liable for any security breaches or data loss originating from third-party systems.

We will never share personal information for marketing purposes.

DForms operates globally, and your information may be stored or processed in countries other than your own.

Where data is transferred internationally, we rely on lawful transfer mechanisms including:

• Standard Contractual Clauses.
• Adequacy decisions by regulatory authorities.
• Binding Corporate Rules.
• Other equivalent safeguards recognized by applicable law.

We retain your personal data and form content for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, or enforce agreements.

Inactive accounts may be deleted after a defined retention period, with prior notice to the registered email address.

You can request deletion of your data at any time. Once deleted, data is removed from active systems and purged from backups in accordance with our secure deletion protocols.

If we become aware of a data breach affecting your personal data, we will notify you without undue delay and in compliance with applicable laws, providing details on the nature of the breach, potential consequences, and steps taken to address it.

DForms is not intended for use by children under the age of 13 or the legal age of digital consent in your country.

We do not knowingly collect personal data from children. Accounts found to be used by underage individuals will be terminated immediately, and all associated data will be deleted.

If you believe a child has provided us with personal data, please contact us immediately at [email protected] .

We may update this Privacy Policy periodically to reflect changes to our practices or for legal, regulatory, or operational reasons.

Major changes will be communicated via email or within the platform. Your continued use of DForms after updates means you accept the revised policy.

This policy is governed by the laws of the State of Florida, United States, without regard to conflict of law principles.

Where applicable, mandatory local data protection laws will also apply alongside this policy.

Any dispute related to privacy matters shall first be attempted to be resolved through informal negotiation. If unresolved, it will be settled by binding arbitration under the rules of a recognized arbitration body, unless applicable law requires otherwise.

For any questions, concerns, or support needs regarding these Terms:

Email: [email protected]