Privacy Policy

Last updated: 2025-01-15

EdgeSubmit ("we", "us", "our") operates the edgesubmit.com website and API service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you register for an account, we collect:

• Email address — used for account authentication, notifications, and form submission delivery
• Password — stored as a cryptographic hash, never in plain text

Form Submission Data

When end users submit forms through your API keys, we process and store:

• The form field names and values submitted
• The submitter's IP address (for spam detection and rate limiting)
• A timestamp of the submission
• The referring domain (origin header)

Usage & Analytics Data

We automatically collect limited technical data including:

• API request counts and response times
• Error rates and status codes
• Browser user-agent strings (for debugging)

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. Stripe may share with us your billing name, email, last four card digits, and subscription status.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the EdgeSubmit service
• Process and route form submissions to your configured destinations (email, webhooks, CRMs, Slack)
• Authenticate your identity and secure your account
• Process payments and manage your subscription
• Send essential service communications (password resets, security alerts, plan changes)
• Monitor for abuse, spam, and terms violations
• Improve and optimize the service

3. Data Storage & Security

EdgeSubmit runs on globally distributed edge infrastructure. Your data is:

• Encrypted in transit via TLS/HTTPS on all connections
• Stored on globally distributed, enterprise-grade infrastructure
• Protected by multiple layers of security including DDoS protection and network-level isolation
• Passwords are hashed using industry-standard cryptographic algorithms

4. Third-Party Services

We use the following third-party services that may process your data:

• Cloudflare — Infrastructure, hosting, DNS, and DDoS protection
• Cloudflare Turnstile — Bot and spam detection on registration forms
• Resend — Transactional email delivery for form submissions routed to email
• Stripe — Payment processing and subscription management

Each of these services operates under their own privacy policies. We recommend reviewing them if you have specific concerns.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• As you direct — When you configure integrations (webhooks, CRMs, Slack), form submission data is sent to those third-party endpoints as configured
• Service providers — With the third-party services listed above, solely to operate the service
• Legal requirements — If required by law, subpoena, or valid legal process
• Safety — To protect the rights, property, or safety of EdgeSubmit, our users, or the public

6. Data Retention

• Account data — Retained while your account is active. Upon deletion, we remove your data within 30 days
• Form submissions — Retained according to your plan limits (recent submissions are kept; older submissions may be automatically purged based on plan quotas)
• Server logs — Retained for up to 30 days for debugging and security purposes

7. Your Rights

Depending on your jurisdiction (including GDPR, CCPA, and similar regulations), you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your account and associated data
• Export — Request an export of your data in a portable format
• Objection — Object to certain types of processing

To exercise any of these rights, contact us at support@edgesubmit.com.

8. Cookies & Local Storage

EdgeSubmit uses minimal browser storage:

• es_token — Authentication token stored in localStorage for maintaining your login session
• es_user — Cached user profile in localStorage for UI rendering
• es_theme — Your theme preference (light/dark) stored in localStorage

We do not use third-party tracking cookies, analytics pixels, or advertising trackers.

9. Children's Privacy

EdgeSubmit is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

support@edgesubmit.com