Privacy Policy

Forma Health Ltd ("Forma", "we", "us", "our") operates the Forma mobile application and the website at formaapp.health. We provide an AI-powered personal health coaching service that delivers personalised daily instructions for hydration, nutrition, exercise, sleep, and cycle health. If you have questions about this policy, contact us at privacy@formaapp.health.

We collect information you give us directly and information generated by your use of Forma. Account information: your name, email address, and password when you create an account. Health and personal information: age, biological sex, height, weight, wake and sleep times, dietary restrictions and food preferences, exercise habits, injury and health conditions you voluntarily share during onboarding, menstrual cycle data (if you opt in), and any other information you share in conversation with the Forma coach. Usage data: which instructions you complete, skip, or swap; your ratings and feedback on instructions; your in-app activity and session data. Device and technical data: device type, operating system, push notification tokens, and crash logs. Apple Health and Calendar data (if you grant permission): sleep data, step count, heart rate, HRV, active energy, and calendar busy/free blocks. This data is read locally on your device and sent to our servers solely to personalise your instructions. We do not sell or share it with third parties.

We use your information to: — Provide, operate, and improve the Forma service, including generating personalised daily health instructions. — Personalise your coaching over time by building a model of your preferences, patterns, and progress. — Send push notifications at times relevant to your daily instructions. — Process payments and manage your subscription through our billing partners. — Respond to your questions and provide customer support. — Detect and prevent fraud, abuse, and security incidents. — Comply with our legal obligations. We do not use your health data for advertising. We do not sell your personal data to any third party.

The instructions and coaching content you receive are generated by AI models, including models provided by Anthropic. Your anonymised conversation data and health context may be processed by these models to produce your personalised output. Anthropic's data handling practices are governed by their own privacy policy. Forma's AI coach is not a licensed medical professional. Nothing in the service constitutes medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider for medical concerns.

We share your information only as described below. Service providers: We share data with companies that help us operate Forma, including Supabase (database and authentication), Anthropic (AI model inference), OneSignal (push notifications), Stripe and RevenueCat (payments and subscriptions), and Vercel (website hosting). These providers are contractually bound to use your data only to provide services to us. Legal requirements: We may disclose information if required by law, regulation, or valid legal process. Business transfers: If Forma is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy. We do not share your health data with advertisers, data brokers, or any party for marketing purposes.

Your data is stored in secure cloud infrastructure. We use encryption in transit (TLS) and at rest. Access to your data is restricted to authorised personnel and service systems only. Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at privacy@formaapp.health.

We retain your account and health data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial purposes (such as records of completed transactions, which we retain for up to 7 years as required by law). Anonymised and aggregated data that cannot identify you may be retained indefinitely for service improvement purposes.

Depending on your location, you may have the following rights regarding your personal data: Access: request a copy of the personal data we hold about you. Correction: request correction of inaccurate or incomplete data. Deletion: request deletion of your personal data (subject to legal retention requirements). Portability: receive your data in a structured, machine-readable format. Objection: object to certain types of processing, including profiling. Withdrawal of consent: withdraw consent at any time where processing is based on consent. To exercise any of these rights, email us at privacy@formaapp.health. We will respond within 30 days.

Forma is not directed at children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, contact us at privacy@formaapp.health and we will delete it promptly.

Forma delivers personalised health instructions via push notifications. You can disable notifications at any time in your device settings. Note that disabling notifications will prevent you from receiving your daily health instructions.

Forma may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the app at least 14 days before the changes take effect. Your continued use of Forma after the effective date constitutes acceptance of the updated policy.

Forma Health Ltd privacy@formaapp.health For data protection enquiries, you may also contact your local data protection authority.