ezInputsezInputsDocs

Resources

Privacy Policy

Last updated: May 26, 2026

1. Introduction

At ezInputs, we take your privacy seriously. This policy explains how we collect, use, and protect your data when you use our platform for form building, submission review, email campaigns, and workflow management.

2. Data Collection

We collect information that you provide directly to us, including:

  • Account information (name, email, organization)
  • Form data and submissions (including any data submitters provide)
  • Contact and audience lists you upload or build
  • Workflow configurations, review history, and audit logs
  • Email campaign content and delivery metadata (opens, clicks, bounces, unsubscribes)

3. How We Use Your Data

Your data is used solely to provide and improve the ezInputs service, including:

  • Authenticating your access to portals and admin panels
  • Processing form submissions and triggering workflow rules
  • Sending automated reminders, workflow notifications, and the email campaigns you author
  • Generating analytics on submissions, completion rates, and campaign performance for your tenant

4. AI Connectors (Claude, ChatGPT, Cursor, etc.)

ezInputs exposes a Model Context Protocol (MCP) server so AI assistants you authorize can read and edit your data on your behalf. When you connect a third-party AI client via the OAuth authorization flow at /oauth/authorize:

  • You explicitly approve which scopes (forms:read, forms:write, submissions:read, submissions:recommend, campaigns:read, campaigns:write, media:write) the connector receives on a one-time consent screen.
  • The connector can only access data within your tenant. Cross-tenant access is impossible — every MCP tool is filtered server-side by your tenant id.
  • AI providers (Anthropic, OpenAI, etc.) receive only the data you instruct them to read. We do not share your data with AI providers proactively. Data the AI fetches via MCP may be processed by the AI provider per their privacy policy.
  • Every MCP write is recorded in your tenant's audit log with the actor (OAuth client id + user) and timestamp. You can review the log at any time from the admin UI or via the get_audit_log tool.
  • You can revoke a connector's access at any time from Settings → Connected Apps. Revocation invalidates the connector's access and refresh tokens immediately.
  • Sensitive operations (account management, billing, user permissions, password changes) are NOT exposed through MCP.

5. Data Security

We implement enterprise-grade security measures to protect your information. All data is encrypted in transit (TLS) and at rest. Access tokens follow OAuth 2.0 best practices (short-lived access tokens, refresh-token rotation, PKCE). Destructive operations carry confirmation gates and auto-snapshots where applicable so changes can be undone.

6. Data Retention

Submission and form data is retained for the lifetime of your account. Auto-snapshots taken before destructive campaign edits are retained for 30 days. You can delete forms and submissions at any time from the admin UI; deletions are irreversible.

7. Third-Party Services

ezInputs uses the following processors to deliver the service:

  • MongoDB Atlas — primary database (data at rest)
  • Vercel — application hosting
  • Cloudflare R2 — media storage (uploaded images)
  • Resend — transactional and campaign email delivery
  • Microsoft / Google — optional SSO providers when configured

8. Your Rights

You can request a copy of your data, ask us to delete your tenant, or revoke any connector at any time. Contact support@ezinputs.com.

9. Contact Us

If you have any questions about this Privacy Policy, please contact our support team at support@ezinputs.com.