WordFields is built on a simple principle - your data is yours. This policy explains what personal information we collect, how we use it, and the rights you have over it. We have written it in plain language because we believe you should actually be able to read and understand it.
Identity and access
When you sign up for WordFields, we ask for your name and email address. This is used to personalize your account, send you invoices and essential service communications, and allow you to sign in. We will never sell your personal information to third parties, and we will never use your name or company in marketing materials without your explicit permission.
Your data stays yours
When your team generates a document or uses a snippet in WordFields, the variable content you enter, like names, dates, amounts, client details, contract clauses, is not stored on our servers unless explicitly configured by the template owner. Documents are generated and downloaded directly to your device. What you create from a template belongs to you and stays with you.
What we do store is the structure of your workspace, your templates, snippets, and account information, because that is the product. We do not store what you fill into them.
We also store activity records: who created which document, when, the document title, and any notes a template owner has configured the template to collect at generation time. This activity log is visible only inside your workspace.
Billing
When you pay for WordFields, your credit card details are passed directly to Stripe, our payment processor. Your card details never pass through our servers. We store a record of the payment transaction, including the last four digits of your card number, for invoicing and billing support. We store your billing address to calculate applicable taxes and to print on your invoices. Stripe is certified to PCI DSS Level 1, the highest level of payment security certification.
Third-party services
We use a small number of trusted third-party services to operate WordFields:
| Service | Purpose |
|---|---|
| Microsoft Azure | Hosting and infrastructure (EU) |
| Stripe | Payment processing |
| Mailgun | Transactional email (account notifications, invitations) |
We do not use advertising networks, data brokers, or any third-party service that would have access to your workspace content.
When we share your information
We share your information only in the following circumstances:
- To provide products or services you have requested, with your permission
- To investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our terms of service
- If we are acquired by or merged with another company — we will notify you well before any information about you is transferred and becomes subject to a different privacy policy
Law enforcement
WordFields will not hand your data over to law enforcement unless a court order requires it. We reject requests from law enforcement when they seek data without a court order. Unless we are legally prevented from doing so, we will always inform you when such requests are made.
Security and encryption
All data transmitted between your browser and WordFields is encrypted using TLS. We host all data on Microsoft Azure within the European Union, using Azure best practices including key vaults, access controls, and audit logging. We go to significant lengths to secure your data at rest and in transit.
For a full explanation of our security practices, see our Security page.
Cookies
We use cookies to operate the service and improve your experience. We do not use cookies for advertising or cross-site tracking.
Location of data
WordFields is operated in Slovenia, European Union. All data is stored on Microsoft Azure servers within the EU. If you are located outside the European Union, any information you provide will be transferred to and stored in the EU. By using WordFields, you consent to this transfer.
Deleted data
When you cancel your account, nothing is retained on our servers past 30 days. Anything you delete while your account is active is also purged within 30 days.
Your rights under GDPR
We comply with the General Data Protection Regulation (GDPR). Your rights include:
- Right of Access — the right to access the personal information we hold about you
- Right to Correction — the right to request correction of inaccurate data
- Right to Erasure — the right to request deletion of your personal information, subject to applicable law
- Right to Complain — the right to make a complaint with the appropriate supervisory authority
- Right to Restrict Processing — the right to request restriction of how your information is used
- Right to Object — the right to object to how your information is processed in certain situations
- Right to Portability — the right to receive your personal information in a portable format
- Right to not be subject to Automated Decision-Making — the right to object to decisions made solely by automated processes that have a significant effect on you
Many of these rights can be exercised by signing in and updating your account directly. For assistance, contact us at [email protected].
Changes to this policy
If we make material changes to this policy, we will notify you by email and update the date at the top of this page. We will never make changes that reduce your privacy rights without explicit notice.
Contact
For privacy-related questions, contact us at [email protected] or use our contact form.
Last updated: May 2026