Privacy Policy
Last updated: April 12, 2026
OnBackend ("we", "us", "our") operates the website onbackend.com (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use our Service.
By using OnBackend, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information we collect
1.1 Account information
When you create an account, we collect your email address and name. We use passwordless authentication (magic links), so we do not collect or store passwords.
1.2 Form submission data
When visitors submit forms that use your OnBackend API key, we collect and store the data contained in those form submissions on your behalf. This data is determined by the fields you include in your HTML forms and may include names, email addresses, phone numbers, messages, and any other fields you choose to add. We store this data so you can view, manage, and export it from your dashboard.
1.3 Technical information
We collect IP addresses of form submitters for rate limiting and spam protection purposes. Our hosting provider (Vercel) may automatically collect technical information such as browser type, operating system, and request metadata. This information is used solely for operational purposes.
2. How we use your information
We use the information we collect to:
- Authenticate you and provide access to your account
- Store and display form submissions in your dashboard
- Send email notifications when forms are submitted
- Enforce rate limits and prevent spam and abuse
- Improve and maintain the Service
3. Third-party services
3.1 Supabase
We use Supabase for authentication and database storage. Your account information and form submission data are stored in Supabase's infrastructure. Supabase's handling of data is governed by their own privacy policy.
3.2 SendGrid
We use SendGrid to send email notifications (magic links and form submission alerts). Your email address and submission data included in notifications are processed by SendGrid in accordance with their privacy policy.
3.3 Upstash
We use Upstash Redis for rate limiting. Rate limit counters are stored temporarily and contain only identifiers (IP addresses, form IDs) — not submission content.
3.4 Vercel
The Service is hosted on Vercel. Vercel may collect technical data such as IP addresses and request metadata as part of its hosting infrastructure.
4. Cookies and tracking
OnBackend uses HTTP-only session cookies for authentication purposes. These cookies are essential for the Service to function and cannot be opted out of while using the Service. We do not use advertising cookies, third-party tracking pixels, or retargeting services.
5. Data retention
Account information is retained as long as your account is active. Form submission data is retained for 90 days, after which it may be automatically deleted. You can delete individual submissions or entire forms (and all associated data) at any time from your dashboard.
6. Data security
We take reasonable measures to protect your information. All data is transmitted over HTTPS. API keys are stored as SHA-256 hashes — we cannot recover your API key after creation. Database access is controlled through Row Level Security (RLS) policies ensuring users can only access their own data.
7. Your rights
You can access, update, or delete your account information from the dashboard settings page. You can delete form submissions individually or in bulk. To delete your account entirely, please contact us at hello@onbackend.com.
If you are located in the EEA, UK, or another jurisdiction with data protection rights, you may have additional rights under applicable law, including the right to lodge a complaint with your local data protection authority.
8. Children's privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children.
9. International data transfers
The Service and its infrastructure may be located in the United States. By using the Service, you consent to the transfer and processing of your data in the United States or other countries where our service providers operate.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Your continued use of the Service constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy, contact us at hello@onbackend.com.