formli AI logo formli AI

/ Legal

Privacy Policy

Zuletzt aktualisiert: 9. April 2026

1. Data Controller & Contact Information

⚠️ Machine Translation Disclaimer: Diese Datenschutzerklärung wurde maschinell aus dem Englischen übersetzt. Im Falle von Unstimmigkeiten ist die englische Originalversion maßgeblich.

This Privacy Policy explains how formli AI (https://formli.ai) collects, uses, stores, and protects your personal data. We are committed to complying with all applicable data protection laws.

formli AI is an AI-powered PDF form-filling tool. You upload a PDF form, and our AI assistant guides you through completing it via an interactive chat. The completed PDF is then generated for you to download.

Data Controller: The Managing Director of formli AI

Contact: support@formli.ai

Website: https://formli.ai

This policy is drafted in clear, plain language for your easy understanding. If you have any questions, please contact us at the email address above.

2. What Data We Collect

2.1 Document Data

When you upload a PDF form, we process the document content to identify form fields and assist you in filling them out. Uploaded documents may contain personal data such as names, addresses, dates of birth, tax identification numbers, or other sensitive information depending on the form type.

2.2 Chat and Interaction Data

During a form-filling session, we process your chat messages, the questions asked by the AI, and the form field values you enter. This data is necessary to provide the service.

2.3 Account and Payment Data

Payment information (credit card numbers, billing addresses) is collected and processed by our payment provider Stripe. We do not store your full payment card details on our servers. Stripe provides us with transaction identifiers and limited billing information necessary for record-keeping.

2.4 Technical Data

Our servers automatically collect technical information when you visit our website, including your IP address, browser type and version, operating system, referring URL, and pages visited. This data is recorded in server logs.

2.5 Analytics Data

With your explicit consent, we use Google Analytics 4 (GA4) to collect anonymized usage data such as page views, session duration, and general geographic location. Analytics data is only collected after you provide consent via our cookie banner.

2.6 Learning System Data

We store anonymized patterns and aggregated form-field data in our EU-based database (Neon PostgreSQL, hosted in Frankfurt, Germany) to improve the accuracy and reliability of our service. Where possible, this data is anonymized before storage.

3. How We Use Your Data

Every processing activity has a specific legal basis. The following table links each purpose to its legal basis:

Purpose Legal Basis
Core service delivery (AI-assisted form filling) Contract performance
AI processing of uploaded documents Contract performance
Payment processing via Stripe Contract performance
Website analytics (Google Analytics 4) Your consent
Security monitoring and fraud prevention Our legitimate interest
Service improvement (learning system) Our legitimate interest
Tax record retention Legal obligation

Where we rely on legitimate interest, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time.

4. AI Processing & Data Retention

formli AI uses artificial intelligence to provide its core service. Transparency about how AI processes your data is central to our approach.

4.1 What the AI Does

When you upload a PDF form, its content is sent to our AI providers for analysis. The AI reads the document content, identifies form fields, generates questions to guide you, and suggests values for form entries based on your responses. Two AI providers are used:

4.2 Your Data Is Never Used for AI Training

Your form data, chat messages, and uploaded documents are never used to train or improve AI models — by us or by our AI providers. This is a firm commitment, not an opt-out setting.

Specifically:

• Anthropic (Claude): API data is explicitly excluded from model training. Inputs and outputs are automatically deleted after 7 days. This is fundamentally different from the consumer version of Claude (claude.ai), where training opt-ins exist.

• Google (Gemini): Paid API data is excluded from model training under Google's API terms.

• formli AI: We do not use your personal form data to train any models. Our learning system only stores anonymized, aggregated patterns (e.g., "field X causes confusion 30% of the time") — never your actual answers.

4.3 Human Review Required

The AI assists you — it does not make decisions for you. All AI-generated suggestions are presented to you for review and approval before being applied to the document. You control what goes into the final PDF.

4.4 No Automated Decision-Making

formli AI does not make automated decisions with legal or similarly significant effects. The AI is a tool that generates suggestions; you make all final decisions about form content.

4.5 AI Provider Data Retention

Anthropic retains API input and output data for up to 7 days for safety and abuse monitoring purposes, then automatically deletes it. Your data is never stored longer than this short monitoring window. Google retains paid API data for up to 55 days for abuse monitoring, then deletes it.

4.6 EU AI Act Compliance

We are committed to transparency in our use of AI in accordance with the EU AI Act (Regulation 2024/1689). formli AI is classified as a limited-risk AI system, and we provide this transparency information to meet our disclosure obligations.

5. Who We Share Your Data With

We share your data only with the service providers necessary to operate formli AI. We do not sell your personal data. Each provider listed below acts in a specific capacity:

Anthropic (Claude API)

  • Role: Data processor
  • Data received: Document content, chat messages, form field values
  • Purpose: AI-powered document analysis and form-filling assistance
  • Location: United States
  • Privacy policy: anthropic.com/privacy

Google (Gemini API)

  • Role: Data processor (paid API tier)
  • Data received: Document page images for field label detection
  • Purpose: AI vision for form field identification
  • Location: United States
  • Privacy policy: policies.google.com/privacy

Stripe

  • Role: Data processor (payment processing) and independent data controller (fraud prevention)
  • Data received: Payment card details, billing address, transaction amounts
  • Purpose: Secure payment processing
  • Location: United States / Ireland (EU entity: Stripe Payments Europe, Ltd.)
  • Privacy policy: stripe.com/privacy

Google Analytics (GA4)

  • Role: Data processor
  • Data received: Anonymized usage data (page views, session duration, general location)
  • Purpose: Website analytics and service improvement
  • Location: United States
  • Note: Only activated after explicit cookie consent. IP anonymization is enabled.
  • Privacy policy: policies.google.com/privacy

Netlify

  • Role: Data processor
  • Data received: HTTP request data (IP addresses, request headers) for hosting
  • Purpose: Website hosting and serverless function execution
  • Location: United States (CDN with global edge nodes)
  • Privacy policy: netlify.com/privacy

Neon (PostgreSQL Database)

  • Role: Data processor
  • Data received: Learning system data, anonymized form-field patterns
  • Purpose: Persistent storage for service improvement data
  • Location: Frankfurt, Germany (EU — no third-country transfer)
  • Privacy policy: neon.tech/privacy-policy

Hugging Face

  • Role: Data processor
  • Data received: Uploaded PDF page images for field detection
  • Purpose: CommonForms field detection service
  • Location: United States
  • Privacy policy: huggingface.co/privacy

6. International Data Transfers

Some of our service providers are based in the United States, which means your data may be transferred outside the European Economic Area (EEA). We ensure that all such transfers are protected by appropriate safeguards as required by applicable law:

Provider Adequacy Status Transfer Mechanism
Anthropic No EU Standard Contractual Clauses (SCCs)
Google (Gemini + GA4) Yes EU-US Data Privacy Framework + SCCs
Stripe Yes EU-US Data Privacy Framework + SCCs
Netlify Yes EU-US Data Privacy Framework + SCCs
Hugging Face No EU Standard Contractual Clauses (SCCs)
Neon N/A No third-country transfer (Frankfurt, Germany)

We continuously monitor legal developments regarding international data transfers, including the status of the EU-US Data Privacy Framework, and will update our transfer mechanisms as necessary.

7. How Long We Keep Your Data

We retain data only for as long as necessary for the purposes described in this policy. Specific retention periods:

Data Type Retention Period
Uploaded PDF documents Duration of session only (RAM-based, not permanently stored)
Chat messages and form field values Duration of session only
Learning system data Retained indefinitely in anonymized form
Anthropic API data Up to 7 days (then automatically deleted by Anthropic)
Google API data Up to 55 days (then deleted by Google)
Server logs 90 days
Payment records 7 years (German tax law — AO §147)
Analytics data (GA4) 14 months (GA4 default)

8. Cookies & Similar Technologies

8.1 Essential Cookies

We use strictly necessary session cookies to operate the Service. These cookies are required for the website to function and cannot be switched off. They do not require your consent.

8.2 Analytics Cookies (Consent Required)

Google Analytics 4 sets cookies to collect anonymized usage data. These cookies are only activated after you provide explicit opt-in consent via our cookie banner.

8.3 Managing Your Cookie Preferences

You can withdraw your consent for analytics cookies at any time by clearing your browser cookies or using the cookie settings on our website. You can also install the Google Analytics Opt-out Browser Add-on to prevent Google Analytics from collecting data across all websites.

Most browsers allow you to manage cookies through their settings. Note that disabling essential cookies may prevent the Service from functioning correctly.

9. Your Rights

You have the following rights regarding your personal data:

  • Right of access — You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to receive a copy of that data along with information about how it is processed.
  • Right to rectification — You have the right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to erasure — You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
  • Right to restriction of processing — You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability — You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object — You have the right to object to processing based on our legitimate interest at any time.
  • Right to withdraw consent — Where processing is based on your consent, you may withdraw your consent at any time.
  • Right to lodge a complaint — You have the right to lodge a complaint with a data protection supervisory authority.

To exercise any of these rights, contact us at support@formli.ai.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • Security headers — We use Helmet.js to set HTTP security headers including HTTP Strict Transport Security (HSTS) and Content Security Policy (CSP).
  • No permanent document storage — Uploaded PDFs are processed in memory during your session and are not written to permanent storage.
  • Rate limiting — AI endpoints are rate-limited to prevent abuse and protect service availability.
  • CORS restrictions — Cross-origin resource sharing is restricted to allowed origins only.
  • Access controls — Internal access to systems and data is restricted on a need-to-know basis and subject to monitoring.

11. Children's Data

formli AI is not intended for use by persons under 16 years of age. We do not knowingly collect or process personal data from children under 16.

If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to promptly delete that data. If you believe a child under 16 has used our service, please contact us at support@formli.ai.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that significantly affect how we process your personal data, we will provide prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact & Legal Recourse

13.1 Contact Us

For all privacy-related questions, requests, or complaints, please contact us at:

Email: support@formli.ai

13.2 Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.

For users in Germany: You may contact the data protection authority (Landesdatenschutzbeauftragte) of the federal state in which we are registered, or the authority responsible for your place of residence.

For users in other EU/EEA member states: You may contact the data protection authority in your country of habitual residence, place of work, or the place of the alleged infringement.

A list of EU data protection authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en