Skip to main content

Data Flow

This diagram shows how data flows from the user’s browser through the Formo SDK to our infrastructure. What the SDK sends: event type, anonymous session ID, wallet address, chain ID, user agent, browser type, timezone, language, page URL, UTM parameters, screen and viewport dimensions (screen_width, screen_height, screen_density, viewport_width, viewport_height), referral parameters (ref, referral, refcode), and custom event properties. What the SDK does NOT send: IP addresses, third-party cookies, local storage data, device fingerprints, or social profiles. What happens server-side: The server receives the IP address via standard HTTP headers (this is true for any HTTP request to any server, including GA4 and Umami). Formo uses the IP address only to compute a daily-rotating session hash for session counting, then discards it. The raw IP address is never stored in logs or databases. Separately, the network edge resolves the IP to a country code (see Country) and passes only that code to Formo; the IP itself never reaches our servers for this purpose.

What We Do NOT Collect

Data typeCollected?
IP addressesNo - discarded after session hashing
Device fingerprints (Canvas, WebGL)No
Third-party cookiesNo
Email addressesNo
Phone numbersNo
Social profiles (Twitter, Discord)No
Passwords or credentialsNo
Local storage or IndexedDB contentsNo
Cross-site tracking identifiersNo

NO IP Addresses

We do NOT store IP addresses.
Every HTTP request to any server (including GA4, Umami, and Plausible) includes the sender’s IP address as part of the protocol. Our server uses the IP address only to compute the daily session hash above, then discards it. The raw IP address is never written to logs, databases, or anywhere on disk.

NO Fingerprinting

We do NOT use device or browser fingerprinting.
We identify visitors with a first-party anonymous ID (a random identifier stored in a first-party cookie) rather than by fingerprinting the device or browser. The overview Visitors metric counts unique first-party anonymous IDs. For sessions, we additionally derive a daily-rotating identifier on the server from standard HTTP headers: 
hash(daily_salt + website_domain + ip_address + user_agent)
This session hash is a one-way function - it cannot be reversed to recover the original IP address or user-agent, and the salt rotates every 24 hours.

NO Third-party Cookies

We do NOT read nor set any third-party cookies.
We care about the privacy of your visitors. Cookies are something that can track visitors across multiple websites and domains. We do not store, use, retrieve, nor extract third-party cookies from visitor’s devices. We do use first-party cookies to support cross-subdomain tracking. This is necessary to see when visitors go from your site (formo.so) to your app (app.formo.so).

No PII

We do NOT collect personally identifiable information.
Wallet addresses are pseudo-anonymous identifiers - similar to session IDs. They are not inherently linked to a person’s real-world identity. However, we recognize that under certain privacy frameworks (including GDPR), wallet addresses that can be linked to an individual may be considered personal data. How Formo handles this:
  • The SDK collects wallet addresses as analytics identifiers, not for personal identification
  • We do not collect social profiles (Twitter, Discord, email) through the SDK
  • If the Formo dashboard displays ENS names or social handles, this data is resolved from public data sources (e.g. ENS registry, Farcaster) - not collected by the SDK from your users
  • We do not correlate wallet addresses with off-chain personal data, through probabilistic matching or any other means.
Public blockchain data (wallet addresses, ENS names, onchain social profiles) is already visible to anyone via block explorers like Etherscan. Formo does not create new data linkages, it surfaces data that is publicly available.

User Agent

We collect and store the user agent and browser type.
The SDK sends the full user-agent string (navigator.userAgent) and a browser type (e.g. chrome, firefox, safari). Both are stored. User agents are standard browser identifiers that websites use to understand which browsers and devices visitors are using. They are not unique enough to identify individuals on their own.

Screen Dimensions

We collect and store screen and viewport dimensions.
We collect device screen and browser viewport dimensions to understand how visitors view your site:
  • screen_width - Width of the device screen in pixels
  • screen_height - Height of the device screen in pixels
  • screen_density - Pixel density of the device screen (devicePixelRatio)
  • viewport_width - Width of the browser viewport in pixels
  • viewport_height - Height of the browser viewport in pixels

Timezone

We collect and store the timezone of each visitor.

Country

We collect and store country of each visitor.
We resolve visitor country server-side at the network edge, the same approach used by analytics tools like Google Analytics, Plausible, and OpenPanel. The edge performs an IP lookup and passes only the resolved ISO 3166-1 alpha-2 country code (for example, US, GB, DE) to Formo. The raw IP address never reaches our servers and is never stored. Country is the only geographic granularity we collect: we do not derive or store region or city. Where the edge cannot resolve a country, the value falls back to unknown.
Previously, country was inferred from the browser timezone (Intl.DateTimeFormat().resolvedOptions().timeZone) on the client side. Edge-based geolocation is more accurate because a single timezone can span multiple countries (for example, the UTC+7 band covers both Thailand and Vietnam). For events sent from a server-side SDK (server, api, or import channels), the location provided by the SDK is preserved, since the request IP belongs to your backend rather than the end user.

Language

We collect and store language of each visitor.
Devices are set to a certain language. We collect the language of the device being used by a visitor.

URL

We collect and store URLs.
We collect the URL to track page visits and referrers.

Referrer

We collect and store referrers.
Referrers answer the question “Where did this visitor come from?”. Browsers send the URL of the previous website as a referrer. We also check UTM-parameters. You can see a list of your site’s referrers in your dashboard.

UTM

We collect and store UTM parameters.
UTM parameters such as utm_source, utm_medium, and utm_campaign, are a way to track the source of a visitor. They are added to a URL to track where a visitor came from. We track these UTM codes:
  • utm_source (e.g.: google.com)
  • utm_medium (e.g.: search)
  • utm_campaign (e.g.: summer_sale)
  • utm_content (e.g.: summer_sale)
  • utm_term (e.g.: summer_sale)

Referral

We collect and store referral parameters.
Referral parameters such as referral and ref are a way to track who referred a visitor. They are added to a URL to track where a visitor came from. We track these UTM codes and assign it to each user:
  • referral
  • ref
  • refcode

Wallet Provider

We collect and store the crypto wallet type of visitors.
We collect the wallet type (EIP6963’s rdns identifier) to identify the wallet type of the visitor.

Wallet Address

We collect and store wallet addresses.
We collect the wallet address to identify a visitor.

Chain Id

We collect and store chain ids.
We collect the chain id to identify the connected chain of the visitor.

Wallet Connected

We collect and store wallet connected status.
We collect the wallet connected status to identify if a visitor has connected their wallet.

Wallet Metadata

We collect and store signature and transaction metadata.
We collect signature and transaction metadata such as statuses (success, failed, pending, etc.) and transaction hashes.

Form Data

Form data is determined by you, the Customer.
If you use Token Gated Forms, any data submitted by end users through your forms is collected and stored. The content of this data is determined entirely by the form fields you create. You are responsible for ensuring that sensitive data is not collected through forms without appropriate legal basis and explicit consent.

FAQ

The classification of wallet addresses under GDPR depends on context. Formo treats wallet addresses as pseudonymous identifiers - they are not linked to names, emails, or IP addresses in our system. We recommend consulting your legal counsel for guidance specific to your jurisdiction and use case.
Formo resolves the visitor’s country server-side at the network edge, which performs an IP lookup and passes only the resolved ISO 3166-1 alpha-2 country code to our servers. The raw IP address never reaches Formo and is never stored. We collect country only: never region or city. (Earlier versions inferred country from the browser timezone on the client side; edge geolocation replaced this because a single timezone can span multiple countries.)
Formo uses first-party cookies for anonymous visitor identification and cross-subdomain tracking (e.g., an anonymous-id cookie and session cookies). These are first-party cookies scoped to your domain only - Formo does not set any third-party cookies or cross-site tracking cookies. Because Formo does not use third-party cookies, most jurisdictions do not require a cookie consent banner, but consult your legal counsel for your specific case.