Privacy Policy

Effective Date: June 8, 2025

This Privacy Policy explains how CMA Forms (forms.thecma.xyz) collects, uses, and protects your information. We are committed to maintaining your trust and safeguarding your privacy.

1. Information We Collect

• Authentication Information: When you sign in with Google, we receive your name, email address, and profile photo through Google’s OAuth 2.0 service.
• Email/Password Users: If you sign in without Google, we collect your email and securely manage your password using Firebase Authentication's hashing mechanisms.
• Form Responses: Your submitted form responses are securely stored in Firebase Firestore, ensuring privacy and reliability.
• Metadata: We may log basic analytics such as submission timestamps, approximate IP-based location (country level), and device type to improve security and detect spam or abuse.

2. Cookies and Session Storage

CMA Forms does not set or use cookies for analytics or marketing purposes. However, third-party services such as Firebase Authentication and Google Sign-In may set essential cookies as part of their authentication and session management processes. These cookies are required for secure login and to maintain your session, and are not used for advertising or tracking.

3. How We Use Your Information

• To authenticate users and manage sessions securely.
• To display and manage forms and their responses for form creators.
• To enable optional email notifications related to your forms.
• To monitor and prevent abuse, fraud, and security threats.
• To allow you to build forms using FormBuilderJS and manage responses using Tabulator tables.
• To send emails using Resend mail services.

4. Data Storage and Security

• We use Firebase Authentication and Firestore, hosted on Google Cloud Platform, to securely store and manage data.
• Your passwords are never stored in plaintext; Firebase handles secure hashing and authentication.
• No financial or sensitive payment data is collected or stored.
• Server-side logic, such as automated email sending and data processing, is handled using Firebase Functions.

5. Data Sharing and Export

We do not share your personal data with third parties.

Form creators can export their form responses locally in formats such as CSV, XLSX, or PDF using integrated tools like Tabulator and SheetJS.

All data processing and exports are handled locally in your browser or securely on our servers; no analytics or data is sent to external analytics services.

6. Your Rights

You can request deletion of your account or any form data at any time by contacting us at chrismaje63@gmail.com. We will process such requests promptly.

7. Third-Party Services & Libraries Used

• Google Sign-In (OAuth 2.0) for authentication
• Firebase Authentication & Firestore (Google Cloud) for user and data management
• Firebase Functions for backend logic (such as email sending, data processing, and automation)
• Tabulator for interactive tables and data management
• FormBuilderJS for form creation and editing
• SheetJS for local data export (spreadsheets)
• jsPDF for local PDF export
• Resend mail for transactional email delivery

8. Updates to This Policy

We may update this policy as the platform evolves. Major changes will be communicated, and continued use after updates indicates acceptance.

Contact

If you have questions or concerns, please email us at chrismaje63@gmail.com.
Or use our Contact Us Form.