Ethical Tech

The Best GDPR-Compliant Form Builders for 2026: An Ethical Tech Review

I went looking for a form builder I could trust with GDPR-sensitive Cyber Essentials data. Six contenders, one clear winner (Tally), one near-miss disqualified after a US acquisition, and several almost-rans. Here is the sovereignty-first review.

23 May 2026 · 13 min read · By Sophie Kazandjian

The Best GDPR-Compliant Form Builders for 2026: An Ethical Tech Review

If you collect personal data through online forms, your form builder is processing that data on someone's behalf. Yours, if you signed up. Your clients', if you are collecting on theirs. The market is dominated by US-headquartered tools, which is fine until your work depends on EU sovereignty as a stated position. I went looking for a form builder I could trust with GDPR-sensitive Cyber Essentials data. Six contenders made the shortlist. Here is the review.

Why this is harder than it should be

Most form builder comparison articles list "EU-friendly" tools without distinguishing the categories that actually shape data sovereignty. A Romanian company hosting on AWS Frankfurt and now answering to a Californian parent is not the same as a Belgian company on EU-only infrastructure under EU ownership, even if both call themselves European. The CLOUD Act, which allows US authorities to compel American companies to hand over data regardless of where it physically sits, applies to the parent corporate entity, not the data centre.

Several of the tools I evaluated have been quietly acquired by US companies in the last eighteen months and have not updated their marketing materials to reflect the change.

The brief

The work in front of me was a Cyber Essentials certification project for a client running a small consultancy on a Bring Your Own Device basis. Associates work across four countries on a mix of personal laptops, work phones, and the occasional iPad. Cyber Essentials assesses every device that touches organisational data, so the project needed two forms: a per-device team check-in covering version numbers, encryption status, password lengths, and a dozen other technical details, plus an organisational scoping form covering policies, third-party access, and infrastructure.

Twenty to thirty minutes per form. Twenty-plus questions each. Branching logic on device type. File uploads. The data going through them included device serial numbers, software versions, security postures, and home network details, sensitive enough that picking the right builder weighed about as heavily as writing the right questions.

The criteria

I scored each tool against six things. EU jurisdiction at minimum (Belgium, Germany, France, Netherlands; not Romanian-with-US-parent). EU-only data residency, ideally without AWS dependency. A signed Data Processing Agreement, not a marketing footer that says "GDPR-friendly." Multi-page conditional logic, because real organisational forms are not single-screen contact widgets. File uploads. And enough polish that the form represents the practice professionally to whoever fills it in.

Save-and-resume across devices was a tiebreaker rather than a requirement. Most builders do it through emailed continuation links. The properly sovereign options skip it for privacy reasons, since the feature requires storing an email and a link token on a server.

The contenders

ToolJurisdiction & hostingWhat it does wellWhere it falls short
TallyBelgium (Ghent) EU servers, no AWS dependency, bootstrapped Belgian company, GDPR-native Page-level conditional logic, free for unlimited forms, DPA built into ToS, custom CSS and custom domains on Pro Save-and-resume is browser-local only, no cross-device continuation, no HIPAA BAA
123FormBuilderRomania, US-owned since 2024 Timișoara office, AWS Frankfurt EU residency on request, parent Kiteworks (San Mateo, California), CLOUD Act exposure Save-and-continue via emailed link, ISO 27001 and ISO 9001 certified, HIPAA-ready, mature builder, deep integrations Parent company US-owned since September 2024, AWS infrastructure throughout
FormbricksGermany (Frankfurt) German company, EU cloud or self-hosted via Docker, open-source under AGPLv3 Strongest data sovereignty option, fully open source, in-app and link surveys, generous free tier Built for in-app micro-surveys rather than long assessment forms, less polished for client-facing intake
SeaTable FormsGermany German company, EU-hosted, open source, GDPR compliant Integrates with the SeaTable database, fully sovereign, clean data flow into your records No save-and-resume on long forms, no progress bar, limited helper-text formatting, conditional logic less flexible
TypeformSpain origin, US-tied ownership Headquartered in Barcelona, but corporate structure includes US entities and US-resident leadership Conversational one-question-at-a-time flow, polished UX, mature integrations Poorly suited to dense organisational assessment forms, expensive, EU sovereignty story has thinned
JotformUSA (San Francisco) US-headquartered, EU data residency optional on higher plans, GDPR-compliant Most mature feature set on the market, HIPAA-ready, signed DPA, extensive integrations US jurisdiction, CLOUD Act exposure regardless of EU residency setting

Tally, the winner

Tally is a Belgian company, headquartered in Ghent, registered as Tally BV. Servers are EU-hosted with no AWS dependency. Bootstrapped and profitable, run by the two co-founders who started it. The Data Processing Agreement is built into the Terms of Service, which means you do not have to chase a separate document for clients who need one. No cookie tracking by default, no third-party analytics on forms.

The block editor uses slash commands the way Notion does, so the question types you need (short text, long text, multiple choice, file upload, email, name, address, signature) insert cleanly. Conditional logic works at the block and the page level, the latter having landed earlier this year and made dense forms manageable. File uploads handle PDFs, Word documents, and ODT files. Cover images per page work for editorial polish. The free plan covers unlimited forms and submissions. Pro, at around twenty-nine euros a month, adds custom CSS, custom domains, branding removal, and partial submission tracking.

One feature earns its place faster than the rest: link preview customisation. Set a title, description, and preview image for each form, and every link shared on social media, in messaging apps, or via email shows your branding instead of a generic Tally card. The same Open Graph fields that control how a web page appears when shared, applied to forms.

Tally's Share tab showing the Link Preview customisation panel for a Cyber Essentials Team Check-In form, with title, description and preview image fields
Tally's link preview panel. The same Open Graph fields that control how a web page renders when shared, exposed for forms.

There is one functional gap: save-and-resume. Tally caches answers in the respondent's browser locally rather than via an emailed continuation link. Someone who starts the form on a work laptop and tries to continue on a phone the next day will lose their progress. For most use cases, where the form takes twenty to thirty minutes and one sitting is realistic, this is acceptable, particularly if the intro text manages the expectation. 123FormBuilder's emailed continuation links still win for teams that actually work across devices mid-task.

123FormBuilder, the one that almost was

This was the tool I chose first. It won on features. A mature multi-page builder. Save-and-continue via emailed link, the only tool on the list that survives a device switch. Conditional logic that handles dozens of branches. File uploads up to one gigabyte. ISO 27001 certified, HIPAA-ready, signed DPA, EU-only data residency on AWS Frankfurt on request. Headquartered in Timișoara, regulated under EU law, GDPR-native. Compared with the US-based incumbents, it seemed like the obvious EU-sovereign choice.

Then I went back to refresh my memory on the parent company's structure and discovered the change I had not registered when I first signed up. In September 2024, 123FormBuilder was acquired by Kiteworks, a Silicon Valley company headquartered in San Mateo, California. The Timișoara office still operates. AWS Frankfurt residency is still available on request. Same Romanian CEO, same product name. But the parent company is US-owned, which brings the platform under US legal jurisdiction including the CLOUD Act.

For a generic SaaS product, this might be tolerable. A practice whose published positioning explicitly calls out US ownership as a reason to leave WhatsApp, leave Meta, and rethink AI tools cannot quietly recommend a form builder that has fallen under the same jurisdiction. Older comparison articles still describe 123FormBuilder as Romanian. The acquisition got modest press coverage at the time and the company has not led with it in marketing materials since. If you do not weight US jurisdiction heavily, it remains a strong choice. For sovereignty-first work, it is the runner-up that got disqualified late.

Formbricks, the open-source option

Formbricks is the strongest pure-sovereignty option on the list. German company, headquartered in the Frankfurt region, open-source under AGPLv3, with both an EU cloud and a self-hosted Docker deployment. For organisations with strict data residency mandates, self-hosting means data never leaves your infrastructure. SOC 2 Type II for the cloud tier. Generous free tier on the managed cloud.

The product is built for in-app micro-surveys and feedback prompts rather than long client-facing assessment forms. Triggering surveys based on user actions inside an app is what it does best. For the Cyber Essentials work, where the form is a standalone link sent to associates who are not inside any app, Formbricks felt more developer-oriented than the use case needed. Embedding short surveys in a product you build is where it belongs. For dense intake forms with twenty-plus questions across multiple pages, Tally fits the shape better.

SeaTable Forms, the integrated option I wish had been ready

I already use SeaTable for client database work. German-hosted, open source, as GDPR-compliant as anything on the list. The platform has built-in form functionality, which means I could have collected the Cyber Essentials data straight into the database where the rest of the client's records live, no extra tool involved. That would have been the cleanest answer.

SeaTable's forms cannot do the work yet. No save-and-resume on long forms. No progress bar. Limited formatting on helper text. Conditional logic exists but is not as flexible as Tally's. Add a page break and the form's polish drops below the threshold I would put my name behind for client work. I have raised it with the SeaTable team and will revisit annually. If the forms module catches up, the pragmatic move is to consolidate, because running fewer tools is its own ethical position.

The US-tied options ruled out

For completeness. Typeform is widely described as Spanish, headquartered in Barcelona, but the corporate structure includes US entities and US-resident leadership, and recent investor activity has tilted the company's centre of gravity westward. The conversational one-question-at-a-time format suits short surveys; it is poorly suited to dense organisational assessment forms where respondents need to see the shape of what they are agreeing to.

Jotform is the most mature form builder on the market by a clear margin, with HIPAA readiness, extensive integrations, and optional EU data residency on Enterprise plans. It is also US-headquartered, which means CLOUD Act exposure applies regardless of where the data physically sits. If you do not weight jurisdiction heavily, it is a reasonable choice. For sovereignty-first work, the parent company question settles it before the feature comparison starts.

Tally in practice: building the Cyber Essentials forms

The organisational scoping form lives at forms.sophiesbureau.com. Custom CSS pulls the site's Cormorant Garamond headings and editorial colour palette through to the form interface, so respondents are not bounced between a polished marketing site and a generic-looking form.

Cyber Essentials Organisational Discovery pre-assessment scoping form built in Tally, with custom Cormorant Garamond branding, a banner image of ancient columns, and a GDPR Agreement checkbox
The scoping form on forms.sophiesbureau.com. Tally's custom CSS support lets the form pick up the site's typography and palette.

Two practical notes from the build. Both slowed me down enough to deserve a mention.

Custom CSS to match the site took longer than expected. Tally lets you inject custom styles on the Pro plan, but its forms render question text inside nested styled-component spans that fight specificity at every turn. I spent over an hour trying to get Cormorant Garamond on the headings and DM Sans on the body. Multiple attempts, hard refreshes, font URL swaps, none held. Eventually I switched to Claude in Chrome and let it inspect the live DOM, rewrite the selectors against the actual rendered classes, and test changes in place. Fifteen minutes later, the headings were in Cormorant. This is the use case where agentic AI earns its place. Chat-based AI working from documentation cannot see the rendered output or test selector specificity against the real DOM. Agentic browsing can.

Setting up a custom domain hit SSL error 525 on the first attempt. The fix needed three things. Cloudflare's SSL/TLS mode set to Full rather than Flexible. The CNAME proxy switched off so Tally could handle its own certificate. And the domain claimed inside Tally's interface before any of the rest would resolve. A two-minute fix once you know the sequence, but the error message gave no hint of the cause. Useful to know if you are setting up a custom subdomain on Cloudflare DNS.

The trade-offs

The single-device save limitation is the headline trade-off. If a respondent clears their browser data between sessions, their progress is gone. For most use cases this is fine, particularly with intro text that manages expectations. Audiences who routinely switch device mid-task get more from 123FormBuilder's emailed continuation links instead.

UK GDPR alignment needs a re-read annually for UK clients. Belgium is full EU, so EU GDPR is covered. Tally's DPA covers UK GDPR too as of this year. Brexit's regulatory drift may eventually create a gap, and you cannot assume today's coverage will hold indefinitely.

Sensitive data tiers vary. Tally is appropriate for client intake, waitlists, booking forms, and the technical security data I collect for Cyber Essentials. For HIPAA-regulated health data or PCI-DSS payment card data, you would need to verify your specific compliance requirements against current certification and likely need a Business Associate Agreement that Tally does not currently offer.

What I actually use

Long-form client intake and organisational assessment forms run on Tally Pro with a custom subdomain on Cloudflare DNS. Custom CSS to match the brand, page-level conditional logic, file uploads, EU residency. Short newsletter signups and waitlist forms run on Tally free, often embedded directly on the article or landing page. Internal data collection into the SeaTable database uses SeaTable's native forms for short structured intake under five fields, and Tally with a webhook to SeaTable for anything longer. If SeaTable's forms module catches up to Tally's polish in the next year or two, consolidating makes sense. Until then, the Belgium-hosted, EU-sovereign, properly polished option does work I cannot do cleanly anywhere else.

FAQs

Is 123FormBuilder still a good choice?
If you do not weight US jurisdiction heavily, yes. The product is well-built, the EU data residency option is real, and the email-link resume function has no European competitor. For practices whose work depends on EU sovereignty as a stated position, the Kiteworks acquisition is a meaningful change.
Why not Proton or Tutanota's form tools?
Neither offers a comparable form builder at the time of writing. Tuta has SecureConnect, an end-to-end encrypted single-message contact widget that routes submissions into your Tuta inbox, but it is not a multi-page assessment-form builder. Proton has nothing in this category yet, though Proton Forms is a frequent feature request. If either ships one, I'd re-evaluate immediately.
What if I need cross-device save and resume?
123FormBuilder, Formstack, and Jotform all offer emailed continuation links. If that feature is mission-critical, those are the tools to look at, while accepting the US jurisdiction trade-off where it applies.
Can Tally handle truly sensitive data like medical or financial records?
Tally is GDPR-compliant and SOC 2 Type II as of late 2025. For most personal data, including the technical security data I collect for Cyber Essentials, it is appropriate. HIPAA-regulated health data or PCI-DSS payment card data is a different category; you would need to verify your specific compliance requirements against current certification, and likely need a Business Associate Agreement that Tally does not currently offer.
Is Typeform really not EU sovereign?
Typeform was founded in Barcelona and the headquarters is still listed there, but the corporate structure includes US entities, the leadership team is largely US-resident, and the investor base has been heavily American since the 2022 funding round. Read the privacy policy and the corporate filings rather than the homepage copy.
How often should I re-evaluate this list?
Annually at minimum. The Kiteworks acquisition of 123FormBuilder happened mid-2024 and I missed it until late this year. Ownership changes do not always make press. Privacy policies and Data Processing Agreements should be re-read whenever a tool you depend on changes hands or raises a significant funding round.

The Cyber Essentials forms went live two weeks ago. First batch of submissions came back at an average of twenty-three minutes per respondent. One had a comment in the optional notes field: "didn't realise my OS was that out of date." That sentence is the whole point of the form working at all.

Written May 2026 by Sophie at Sophie's Bureau. The Kiteworks acquisition of 123FormBuilder was announced on 5 September 2024. Tally is a registered Belgian company, Tally BV, headquartered at August Van Lokerenstraat 71, 9050 Ghent.

Back to the Journal