Back to home

Privacy Policy

Version 2026-05-22 · last updated 21 May 2026

FormInEU is committed to protecting your personal data. This policy explains how we collect, use, and protect your information in compliance with GDPR.

1. Who we are

FormInEU provides company registration services in Bulgaria and Cyprus. Contact us at +357 96 066334 or via WhatsApp.

2. Data we collect

  • Account data: email, password (stored as an argon2id hash — never in plaintext), first and last name, country, phone number
  • Identity documents: passport or ID scan photos and any short videos you upload to verify your application
  • Business information: preferred company name, business activity, jurisdiction (BG / CY)
  • Communications: messages via WhatsApp, email, or contact form
  • Technical data: IP address, browser type, session cookies. Used for security and audit. No advertising trackers.

3. How we use your data

  • To respond to enquiries and deliver services
  • To complete your company registration
  • To comply with AML and KYC legal obligations
  • To issue invoices and process payments
  • To secure your account (rate-limiting, session integrity, audit log)

4. Data security

Passwords are stored as argon2id hashes. Sessions are stored only as SHA-256 hashes server-side. Cookies are HttpOnly, Secure, and SameSite=Strict. Uploads are stored in a non-public directory and only ever served back through an authenticated streamer. We use HTTPS everywhere and a strict Content-Security-Policy.

5. Data sharing

We do not sell your personal data. We may share it with: the Bulgarian / Cypriot commercial registers and tax authorities, notaries and legal professionals, partner banks (where applicable to your package), and service providers strictly for delivering our services.

6. Data retention

We retain your application and uploaded documents for as long as legally required. By default, corporate records are kept for a minimum of five years. After this, applications in ARCHIVED or REJECTED status may be purged.

7. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, and port your personal data. You can update most of your data yourself in My account. To request deletion or a data export, contact us — we respond within 30 days.

8. Cookies

This website uses only essential technical cookies: a session cookie (fi_sess), a CSRF cookie (fi_csrf), and a short-lived flash cookie. No tracking, advertising, or analytics cookies are present.

9. Complaints

You may lodge a complaint with the Bulgarian Commission for Personal Data Protection at cpdp.bg or with the Cyprus Office of the Commissioner for Personal Data Protection.