At MakeForms, we are committed to ensuring the protection and privacy of our users’ personal data. To this end, we are fully compliant with the General Data Protection Regulation (GDPR), the EU regulation that sets a high bar for data protection and privacy. Here are the key aspects of our GDPR compliance:

What is GDPR?

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The regulation came into effect on May 25, 2018, and imposes strict rules on organizations that collect, store, and process personal data, with the aim of protecting the privacy and rights of individuals.

Why is GDPR Compliance Important?

GDPR compliance is important for several reasons:

1. Protects the privacy of users:

GDPR helps to ensure that individuals have control over their personal data and are aware of how it is being collected, processed, and stored.

2.Builds trust with users:

By being GDPR compliant, we demonstrate our commitment to protecting the personal data of our users, which helps to build trust with them.

3. Avoids penalties:

Non-compliance with GDPR can result in significant penalties, including fines of up to €20 million or 4% of annual global turnover, whichever is greater.

Our GDPR Compliance

At MakeForms, we take GDPR compliance seriously, and we are committed to protecting our users’ personal data. Here are the key aspects of our GDPR compliance:


Data Storage

Our servers are hosted in the EU to ensure that all the data we collect is stored within the EU. Additionally, all our data subprocessors, including Vultr, AWS, and MongoDB, are GDPR-compliant and use EU-based servers to store data.


GDPR Representative

We have appointed an EU-based GDPR representative to ensure compliance with GDPR regulations and to act as a point of contact for our users.


GDPR Assessment

We have completed a thorough GDPR assessment to ensure compliance with all GDPR requirements. Our users can request the assessment report to review the measures we have taken to protect their personal data by filling this form.

Data Protection Addendum (DPA)

We offer a Data Protection Addendum (DPA) to our users who need to establish GDPR compliance for their businesses.Our DPA is a legally binding agreement that outlines the specific measures we have taken to protect our users’ personal data and ensure compliance with GDPR regulations. It also includes provisions for data processing, data retention, and data security.

By signing our DPA, our users can establish that they are using a GDPR compliant form builder tool, which can be showcased to their auditors and customers as proof of their commitment to data protection.

If you need a DPA for your business, please contact us at, and we would be happy to provide you with more information and assistance.

MakeForms is compliant with

ISO 27001 : 2013

MakeForms is compliant with ISO 27001:2013, a globally recognized standard for information security management.

Get more info →


MakeForms is proud to be SOC 2 compliant, meeting the highest standards for data protection and security set by the American Institute of Certified Public Accountants (AICPA)

Get more info →


MakeForms is fully compliant with the General Data Protection Regulation (GDPR), the EU regulation that sets a high bar for data protection and privacy.

Get more info →


MakeForms is compliant with HIPAA, a federal law in the United States that provides data privacy and security provisions for safeguarding medical information

Get more info →


MakeForms is committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada

Get more info →


MakeForms takes all necessary steps to ensure that our platform is fully compliant with the California Consumer Privacy Act (CCPA).

Get more info →


MakeForms is committed to complying with all relevant regulations, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018

Get more info →

Austalian DPA

MakeForms is compliant with Australian DPA which sets out rules for the collection, use, disclosure, and storage of personal information, and provides individuals with certain rights in relation to their personal information.

Get more info →