Privacy policy
Last updated
Fronts Form ("Fronts Form", "we", "us", "our") is a product operated by SIA HARVID, a company registered in the Republic of Latvia, registration number 40203718287, registered address Briežu iela 9-89, Rīga, LV-1034, Latvia ("SIA HARVID").
This Privacy Policy explains how we collect, use and protect personal data when you visit our website, create an account, or use the Fronts Form platform (the "Service"). We act as the data controller for the personal data described here, except for data we process on behalf of our sellers (see "Data we process on behalf of sellers" below).
We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Latvian law.
Who we are / contact
Data controller: SIA HARVID, Briežu iela 9-89, Rīga, LV-1034, Latvia. For any privacy questions or to exercise your rights, contact us at [email protected].
Who this policy applies to
- Website visitors — people browsing our public website.
- Sellers (account holders) — furniture makers and businesses who register and subscribe to use the Service. Accounts are individual accounts; company details are added at the project level where certain features require them.
- Buyers — end customers who purchase from a seller through the Service. For buyer data we generally act as a processor on the seller's behalf (see below).
Personal data we collect
Account and seller data (we are controller):
- Identity and contact: email address, first name, last name.
- Account details: country and account profile information.
- Company details (such as company name) that you add within a project where certain features require them.
- Subscription and billing references: Stripe customer ID, subscription ID, subscription status and plan. We do not store your full card details — card payments are handled by Stripe.
- Account security data: if you enable two-factor authentication, we store the data needed to operate it (your authenticator (TOTP) configuration and recovery codes), along with related security settings.
Communications data:
- Messages, email correspondence and any attachments you send through or to the Service.
- Newsletter / waitlist sign-ups (your email address and the type of sign-up).
- Support requests and their content.
Technical and usage data:
- IP address, device and browser information, and log data.
- Cookies and similar technologies (see "Cookies" below).
- Anti-spam signals (e.g. Google reCAPTCHA) when you submit certain forms.
Data we process on behalf of sellers (we are processor)
When a seller uses the Service to sell to their buyers, we process buyer-related data on the seller's instructions. This may include buyer name, email, phone, company name, VAT number, shipping and billing addresses, order details and invoices. For this data the seller is the data controller and is responsible for its lawful collection and use, including the seller's obligations toward their buyers. If you are a buyer, please contact the relevant seller to exercise your rights; we will assist that seller as required.
Why we use your data and our legal bases
- To provide the Service and perform our contract with you (GDPR Art. 6(1)(b)) — creating and managing your account, providing platform features, processing your subscription.
- Legitimate interests (Art. 6(1)(f)) — securing and improving the Service, preventing fraud and abuse, and communicating about your account.
- Consent (Art. 6(1)(a)) — marketing emails and non-essential cookies; you can withdraw consent at any time.
- Legal obligations (Art. 6(1)(c)) — accounting, tax and other statutory requirements.
Cookies
We use cookies and similar technologies for essential functionality, analytics and marketing. Consent is managed through Cookiebot. For full details and to manage your choices, see our Cookie Policy.
Service providers and sub-processors
We share personal data with trusted providers who process it on our behalf, under appropriate data-processing agreements:
- Stripe — payment processing and subscription billing.
- Mailgun (EU region) — transactional and notification emails; data hosted in the EU.
- DigitalOcean — hosting infrastructure and file/media storage (DigitalOcean Spaces).
- Google (Tag Manager / Analytics) — website analytics, subject to your consent.
- Cookiebot — cookie-consent management.
- Google reCAPTCHA — spam and abuse protection on forms.
We do not sell your personal data.
International transfers
Where a provider processes data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
How long we keep your data
We keep personal data only as long as necessary for the purposes described above: for the duration of your account plus a reasonable period afterwards, and longer where required by law (e.g. accounting and tax records). Newsletter data is kept until you unsubscribe.
Your rights
Under the GDPR you have the right to: access your data; have it corrected or erased; restrict or object to processing; data portability; and to withdraw consent at any time. To exercise any of these, contact [email protected].
You also have the right to lodge a complaint with the Latvian supervisory authority, the Data State Inspectorate (Datu valsts inspekcija), or with the supervisory authority in your country of residence.
Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. No method of transmission or storage is completely secure, but we work to protect your information and to address incidents promptly.
Changes to this policy
We may update this Privacy Policy from time to time. The "last updated" date shown on this page reflects the latest version. Material changes will be communicated where appropriate.
Contact
Questions about this policy or your personal data? Email [email protected].