Privacy Policy
Effective date: May 15, 2026 · Last updated: May 15, 2026
This Privacy Policy applies specifically to the Form to CMS product operated at formtocms.app and describes how we handle your Webflow workspace data and form submission data. The AVSaaS company-wide Privacy Policy also applies and governs any areas not specifically addressed here.
1. What Data Form to CMS Accesses from Webflow
Form to CMS connects to your Webflow workspace using OAuth. Specifically, Form to CMS reads: your CMS collection schemas (field names and types) and writes: new CMS collection items created from form submissions. It does not read existing CMS item content, read site publishing settings, modify existing CMS items, or access any Webflow data outside of CMS collections.
2. Form Submission Data
When a visitor submits a form on your site, Form to CMS receives the form field data (as submitted by your visitor), processes it according to your field mapping configuration, and writes it to your Webflow CMS collection. Form submission payloads are logged (field names, submission status, timestamps) for your submission log. We do not retain the full field data values beyond 30 days; log entries (status, timestamps, ingress mode) are retained for 90 days on a rolling basis.
3. Image Uploads
If a form field has the "image" coercion type, Form to CMS receives the uploaded file, uploads it to Webflow's asset pipeline on your behalf, and stores the resulting Webflow asset reference. The original file is not retained by Form to CMS after the upload to Webflow completes. The Webflow asset is then under your Webflow workspace's own retention and deletion policies.
4. Webflow OAuth Permissions
Form to CMS requests the minimum OAuth scopes required to create CMS items and read collection schemas. We will never request scopes beyond what is required for the routing function. If Webflow changes their API in a way that requires additional scopes, we will request your explicit re-authorization and explain exactly why each new scope is needed.
5. Webhook Secrets
Each form you create generates a one-time HMAC webhook secret. This secret is shown once at creation and is not stored in recoverable plaintext. The secret is used to verify inbound submission signatures. If you lose the secret, you create a new form to generate a new one.
6. Retention and Deletion
Submission log entries (status, timestamps, ingress mode) are retained for 90 days on a rolling basis. When you disconnect your Webflow workspace or cancel your account, your submission logs are retained for 30 days and then deleted. Field mapping configurations are deleted immediately on account cancellation. Existing CMS items that Form to CMS wrote to Webflow are not deleted — they remain in your Webflow CMS and are subject to your Webflow account's retention policies.
7. Contact
Data privacy questions for Form to CMS: [email protected]