propform.io is a German provider with servers in the EU. We are committed to data minimisation and aim to store as little customer data as possible on our servers.
Uploaded files are not temporarily stored on propform servers. They are forwarded directly to onOffice or as email attachments — we do not retain a copy. Once processing is complete, the files are deleted from our system.
By default, we store form submissions encrypted in our database so that you can track the submissions in your propform account and follow up on them if necessary.
If you do not wish this, you can disable it completely in your account settings under “Statistics” — in which case form data will only be routed to onOffice, leaving no trace in our database.
> 💡 Even in standard mode, we at propform have no access to the plain-text content of your submissions — encryption is carried out using your account key.
By default, we store the IP addresses of form requests so that you can track where your forms are being accessed from in your form statistics — and to detect spam requests.
If you do not want this, you can also completely disable it in the Account settings under “Statistics”.
We use fonts from the Google Fonts library — but all fonts are hosted on our servers, not on Google’s. When a visitor accesses your form, no connection is established with Google. This allows us to circumvent the GDPR issues associated with Google Fonts warnings.
By default, propform forms do not set any tracking cookies and therefore do not require a cookie consent banner.
> ⚠️ If you enable tracking (Google Tag Manager, Facebook Pixel, Etracker — see Tracking), you, as the form operator, are personally responsible for ensuring that visitors have given their consent. Read more in the Tracking chapter.
When activating propform.io via the onOffice Marketplace, the DPA is already included in the Marketplace Terms and Conditions.
If you use propform.io outside the Marketplace and require a separate DPA, please send us a quick email to hello@propform.io — we will send it to you.
> 📎 When registering an account outside the Marketplace, we will send you the current DPA as a PDF attachment with the confirmation email.
A current overview of the TOMs forms part of the T&C as an annex and will be sent on request. If your Data Protection Officer (or a compliance department at your client’s organisation) requires the TOMs separately, please get in touch at hello@propform.io.
Banks, cooperative banks, insurers and other regulated sectors often face additional requirements:
> 💡 Tip for banking clients: Send your specific compliance checklist to hello@propform.io — we’ll fill it in directly, so you don’t have to piece together the answers from standard documents.
If you want to automatically control the retention period for request data in accordance with Art. 17 GDPR, you can have a “Deletion Date” field set in onOffice upon submission — and a Process Manager job that deletes the data when the date is reached.
DSGVO_SaveUntilDSGVO_SaveUntil_calculate(DateAdd(now;6;months)) (for 6 months’ retention)DSGVO_SaveUntil < today → delete or anonymise the record_calculate(DateAdd(now;30;days)) — 30 days (e.g. for application data where no hire took place)_calculate(DateAdd(now;6;months)) — 6 months (standard for enquiries where no contract was concluded)_calculate(DateAdd(now;10;years)) — 10 years (statutory retention period for tax documents)> ⚠️ For “Write values” + Forced value mode: The date is overwritten on every submission — useful if the retention period is to restart with every new activity. If the date is only to be set once initially, use an _ifEmpty(DSGVO_SaveUntil;_calculate(DateAdd(now;6;months));DSGVO_SaveUntil) wrapper so that existing values are retained.
> 💡 This is a propform/onOffice setup suggestion, not legal advice. Clarify specific retention periods with your data protection officer / lawyer.
Email us at hello@propform.io. We respond to data protection enquiries within 24 hours on weekdays.