1. Who we are
FormMate UK ("we", "us", "our") operates the website formmate.co.uk. We provide step-by-step guides to help newcomers navigate UK administrative processes. Our contact email is support.formmate@gmail.com.
We are the data controller for personal data collected through this website. This policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
2. What data we collect
We collect the following personal data:
- Email address — when you create an account
- Username — chosen by you during account setup
- Password — stored securely as a hashed value (we cannot read your password)
- Payment information — processed directly by Stripe; we do not store card details on our servers
- Subscription status — whether you have an active Premium subscription
- Usage data — pages visited, actions taken (via Google Analytics, anonymised)
- Session data — a secure cookie to keep you logged in
3. How we use your data
We use your data to:
- Create and manage your account
- Process subscription payments via Stripe
- Provide access to Premium features
- Send account-related emails (e.g. account setup links)
- Respond to support enquiries
- Improve the website using anonymised analytics
We do not sell your data to third parties, use it for advertising, or share it with anyone other than the service providers listed below.
4. Legal basis for processing
- Contract performance — processing your account and subscription
- Legitimate interests — improving the website and preventing fraud
- Consent — analytics cookies (you may opt out at any time)
5. Third-party services
We use the following third-party services that may process your data:
- Stripe — payment processing (Stripe Privacy Policy)
- Resend — transactional email delivery
- Railway — cloud hosting for our backend servers
- Netlify — static website hosting
- Google Analytics — anonymised website usage analytics (Google Privacy Policy)
- Google Gemini — AI chatbot responses (Premium only); messages are processed by Google's API
6. Cookies
We use the following cookies:
- fm_session — essential session cookie to keep you logged in (30 days)
- fm_theme — remembers your light/dark mode preference
- Google Analytics — anonymised usage tracking (you can opt out via browser settings or Google's opt-out tool)
7. Data retention
We retain your account data for as long as your account is active. If you delete your account, all personal data is permanently removed from our systems within 30 days. Payment records may be retained by Stripe for up to 7 years for legal and financial compliance.
8. Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — delete your account and data (available in-app via account settings)
- Portability — receive your data in a portable format
- Object — object to certain processing activities
- Withdraw consent — opt out of analytics at any time
To exercise any of these rights, email us at support.formmate@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
9. Data security
We take data security seriously. Passwords are hashed using PBKDF2 with a random salt and are never stored in plain text. All data is transmitted over HTTPS. Access to our database is restricted and monitored.
10. Children
FormMate UK is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Changes to this policy
We may update this privacy policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact us
If you have any questions about this privacy policy or how we handle your data, please contact us at support.formmate@gmail.com.