1. Introduction
Welcome to Forma ("we," "our," or "us"). This Privacy Policy explains how information is handled when you use the Forma mobile application (the "App").
Forma operates in two distinct modes:
- Offline Mode (Free/Premium Offline): All data stored locally on your device. No cloud storage or data transmission.
- Cloud Premium Mode (Subscription): Optional cloud sync via Supabase for cross-device access. Data encrypted and securely stored.
This policy describes what information we collect (or don't collect) in each mode, how we use it, and your rights regarding your data.
2. Information We Collect
2.1 Offline Mode (Free/Premium Offline)
When using Forma in Offline Mode:
- Local Storage Only: All data stored on your device
- No Data Transmission: Nothing sent to external servers
- No Account Required: No sign-in or authentication needed
- Complete Privacy: Your data never leaves your device
2.2 Cloud Premium Mode (Subscription)
When you subscribe to Cloud Premium and choose to use cloud sync, we collect and store:
Account Information:
- Authentication Data: Name, email address, and user ID from Apple Sign-In or Google Sign-In
- Subscription Data: Purchase history, subscription status, expiration dates
Construction Project Data (Synced to Cloud):
- Job Site Information: Names, addresses, descriptions, and status
- Photos: Images you upload for cloud sync (stored in Supabase cloud storage)
- Measurements: Construction measurements and notes
- Notes & Tasks: Written notes, checklists, and task details
- Financial Data: Contract amounts, invoices, and payment tracking
- Labor Records: Time sheets and labor tracking data
Technical Data:
- User ID: Unique identifier for your Supabase account
- Sync Metadata: Timestamps and sync status for data synchronization
2.3 Information We DON'T Collect
We do not collect:
- Location data (unless you manually enter an address)
- Device information beyond what's required for authentication
- Usage analytics or tracking data
- Advertising identifiers
- Data from third-party services (except authentication providers)
- Browsing history or app usage patterns
4. How Your Information Is Used
4.1 Offline Mode
All information you enter in Offline Mode is:
- Stored locally on your device using SQLite database and local storage
- Never transmitted to external servers or third parties
- Accessible only by you on your device
- Fully under your control, including deletion at any time
4.2 Cloud Premium Mode
When using Cloud Premium, your data is:
- Synced to Cloud: Stored on Supabase servers for cross-device access
- Encrypted in Transit: All data transmitted via HTTPS/TLS encryption
- Row-Level Security: Database configured so you can only access your own data
- Used for Sync: Data synchronized across your devices when you sign in
- Backup & Recovery: Cloud storage acts as backup for your project data
We do not use your data for marketing, advertising, or any purpose other than providing the app functionality.
5. Permissions We Request
Forma requests only the permissions necessary for core functionality:
5.1 Camera Access
Purpose: To take photos of job sites and project progress
Usage: Photos are stored locally on your device and within the app
5.2 Photo Library Access
Purpose: To select existing photos from your device
Usage: Only selected photos are accessed and stored locally
5.3 File Access (Optional)
Purpose: To export reports or import files when you choose
Usage: Used only during explicit user actions
5.4 Notifications (Optional)
Purpose: To send task reminders
Usage: Notifications are generated locally on your device
6. Data Storage and Security
Your data security is important to us:
6.1 Offline Mode
- Local Storage Only: All data stored on your device via SQLite database and filesystem
- No Cloud Storage: No external servers or cloud databases
- Device Security: Protected by your device's built-in security (passcode, biometric)
- No Transmission: Data never leaves your device
6.2 Cloud Premium Mode
- Cloud Storage: Data stored on Supabase (PostgreSQL database + Storage Buckets)
- Encryption in Transit: All data transmitted via HTTPS with TLS 1.3
- At-Rest Encryption: Data encrypted on Supabase servers
- Row-Level Security: Database policies ensure users only access their own data
- Authentication: Secure sign-in via Apple Sign-In or Google Sign-In
- Supabase Security: Industry-standard security practices (Supabase Security)
You can use Forma entirely offline without creating an account. Premium subscriptions purchased through the Apple App Store work offline and do not require an account unless you choose Cloud Premium.
7. Data Sharing and Third Parties
We do NOT sell your data.
We do not:
- Sell, rent, or share user data with third parties for marketing
- Use third-party analytics or tracking tools
- Display advertisements
- Share data with social media platforms
7.1 Third-Party Services (Cloud Premium Only)
If you subscribe to Cloud Premium, we use the following third-party services:
- Supabase: Backend-as-a-service providing database, storage, and authentication. Supabase acts as a data processor on our behalf and stores your cloud-synced data. Supabase Privacy Policy
- Apple Sign-In: Authentication service. Apple provides your name and email (or private relay email). Apple Privacy Policy
- Google Sign-In: Authentication service. Google provides your name, email, and profile photo. Google Privacy Policy
- Apple App Store: Processes all subscription payments via In-App Purchase. Apple Privacy Policy
Note: Offline Mode does not use any of these services except Apple App Store for subscription payments.
8. Your Data Rights
You have full control over your data:
- Access: View all data directly in the app
- Edit: Modify or update entries at any time
- Delete: Remove individual items or all data
- Export: Generate PDFs or reports for your records
- Switch Modes: Move from Offline to Cloud or vice versa
- Delete Account: Cloud Premium users can delete their account and all cloud data
- Uninstall: Removing the app deletes all locally stored data
For Cloud Premium users: To delete your account and all cloud data, contact us at 1crmforma@gmail.com.
9. Children's Privacy
Forma is not intended for children under the age of 13. We do not knowingly collect information from children.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updates will be reflected by changing the "Last Updated" date.
Continued use of the app after changes indicates acceptance of the updated policy.
11. California Privacy Rights (CCPA)
For California residents:
- Offline Mode: No personal information is collected or stored externally
- Cloud Premium: We collect authentication and subscription data (see Section 2.2)
- No Sale: We do not sell personal information
- Right to Delete: Contact us to delete your account and cloud data
- Right to Know: We disclose what data we collect in this policy
12. European Users (GDPR)
For users in the European Economic Area (EEA):
- Data Controller: Forma is the data controller for Cloud Premium data
- Legal Basis: Your consent when subscribing to Cloud Premium
- Data Location: Supabase servers (may be located outside EEA)
- Your Rights: Access, rectification, erasure, data portability, and objection
- Offline Mode: No data transferred outside EEA (stored locally only)
To exercise your rights, contact us at 1crmforma@gmail.com.
If you have questions about this Privacy Policy or Forma's data practices, contact us at:
14. Summary
- Two Modes: Offline (local only) and Cloud Premium (cloud sync)
- You Choose: Decide which mode fits your needs
- Offline Mode: Your data never leaves your device
- Cloud Premium: Data synced securely via Supabase for cross-device access
- No tracking, no ads, no data selling
- You control your information at all times
- Delete account and data anytime