Legal

Privacy Policy

Last updated: May 17, 2026

1. Introduction

MoreValid ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have regarding your information.

This policy applies to information we collect when you use our website at morevalid.com and all associated services (collectively, "the Service"). It does not govern the personal data collected by your MoreValid-powered forms from your own leads - you, as the form owner, are the data controller for that data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and a hashed (bcrypt-encrypted) version of your password. We never store your password in plain text.

2.2 Billing Information

Subscription payments are handled by Dodo Payments. We do not store your credit card number or full payment details on our servers. We do store your Dodo Payments customer ID and subscription ID to manage your billing relationship.

2.3 Form Configuration Data

We store the forms you create, including field configurations, quality rules (junk keywords, allowed domains, country targets), webhook URLs, pixel codes, and AI scoring settings. This data is necessary to operate the Service.

2.4 Lead Submission Data

When a visitor submits a form on your website, MoreValid receives and stores the submitted field values, the submitter's IP address, user agent (browser/device), referrer URL, country (detected via network geolocation), UTM parameters, and advertising click IDs (gclid, fbclid). This data is stored in your account and is used to power your lead dashboard, analytics, and CRM integrations.

2.5 Usage and Analytics Data

We collect standard server logs and usage data to operate and improve the Service. This includes pages visited, API calls made, and error logs. This data is not linked to your account for marketing purposes.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and deliver the Service you have signed up for.
  • Process subscription payments and manage billing through Dodo Payments.
  • Evaluate lead quality using our rule-based scoring engine and AI intent analysis (powered by OpenAI).
  • Send transactional emails, including OTP verification codes and account notifications, via Resend.
  • Generate daily AI-powered insight reports for your forms using aggregated submission data.
  • Forward lead data to your configured CRM or webhook endpoints.
  • Monitor and improve the reliability, security, and performance of the Service.
  • Respond to your support requests.

We do not sell your data or your leads' data to any third party. We do not use your form data or your leads' data for advertising purposes.

4. Third-Party Services

The Service relies on the following sub-processors and third-party services to function:

  • Neon (neon.tech) - PostgreSQL cloud database hosting. All account and lead data is stored here.
  • Vercel (vercel.com) - Application hosting, serverless functions, and global edge network. Vercel processes request data including IP addresses.
  • OpenAI (openai.com) - AI lead intent classification. When AI scoring is enabled on a form, lead submission data (excluding personally identifiable fields unless they are part of the form) is sent to OpenAI for analysis. No data is retained by OpenAI beyond their standard API processing terms.
  • Resend (resend.com) - Transactional email delivery. Used to send OTP codes and account notifications.
  • Dodo Payments (dodopayments.com) - Subscription billing and payment processing.
  • hCaptcha (hcaptcha.com) - Bot protection used during account registration.

Each of these providers maintains their own privacy policy and data processing agreements. We select sub-processors that meet appropriate security standards.

5. Cookies and Tracking

MoreValid uses the following cookies and local storage on morevalid.com:

  • token - A secure, httpOnly session cookie that keeps you logged in to your account. It expires after 24 hours.
  • mv_clickid (localStorage) - Stores affiliate click IDs from our referral programme for up to 30 days to enable partner attribution.

The embedded form script (embed.js) placed on your website does not set any cookies on your visitors. It uses session-local variables only.

Our website also loads third-party scripts for analytics and advertising (Google Ads, Meta Pixel, Impact affiliate tracking). These scripts may set their own cookies in accordance with their respective privacy policies.

6. Data Security

We take data security seriously. All data is transmitted over HTTPS. Passwords are hashed using bcrypt. OTP codes are hashed and expire within 10 minutes. Your database credentials and API keys are stored as environment variables and are never committed to source code.

Our database is hosted on Neon, which is a SOC 2 Type 2 compliant provider with encryption at rest. Our application is hosted on Vercel, which operates on a hardened cloud infrastructure.

No system is 100% secure. In the event of a data breach that affects your account, we will notify you as required by applicable law.

7. Data Retention

We retain your account information and form data for as long as your account is active. When you delete a form, all associated submissions, lead scores, webhook logs, and insights are permanently deleted. When you delete your account, all data associated with your account is deleted.

Inactive OTP codes are automatically purged after they expire (10 minutes). Webhook delivery logs are retained indefinitely unless you delete the associated form.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated data.
  • Portability: Request your lead data in a machine-readable format (CSV export is available from your dashboard).
  • Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated by email to registered account holders.

11. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

You may also use our support page to send us a message directly.