Privacy Policy

1. Introduction

Welcome to Forma ("we," "our," or "us"). This Privacy Policy explains how information is handled when you use the Forma mobile application (the "App").

Forma operates in two distinct modes:

• Offline Mode (Free/Premium Offline): All data stored locally on your device. No cloud storage or data transmission.
• Cloud Premium Mode (Subscription): Optional cloud sync via Supabase for cross-device access. Data encrypted and securely stored.

This policy describes what information we collect (or don't collect) in each mode, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Offline Mode (Free/Premium Offline)

When using Forma in Offline Mode:

• Local Storage Only: All data stored on your device
• No Data Transmission: Nothing sent to external servers
• No Account Required: No sign-in or authentication needed
• Complete Privacy: Your data never leaves your device

2.2 Cloud Premium Mode (Subscription)

When you subscribe to Cloud Premium and choose to use cloud sync, we collect and store:

Account Information:

• Authentication Data: Name, email address, and user ID from Apple Sign-In or Google Sign-In
• Subscription Data: Purchase history, subscription status, expiration dates

Construction Project Data (Synced to Cloud):

• Job Site Information: Names, addresses, descriptions, and status
• Photos: Images you upload for cloud sync (stored in Supabase cloud storage)
• Measurements: Construction measurements and notes
• Notes & Tasks: Written notes, checklists, and task details
• Financial Data: Contract amounts, invoices, and payment tracking
• Labor Records: Time sheets and labor tracking data

Technical Data:

• User ID: Unique identifier for your Supabase account
• Sync Metadata: Timestamps and sync status for data synchronization

2.3 Information We DON'T Collect

We do not collect:

• Location data (unless you manually enter an address)
• Device information beyond what's required for app functionality and analytics measurement
• Advertising identifiers
• Data from third-party services (except authentication providers)
• In-app content for analytics (we do not send job site names, addresses, client contact details, notes, photos, measurements, or PDF contents as analytics parameters)

2.4 Analytics (Always On)

Forma uses Firebase Analytics (Google Analytics 4) to understand app usage and improve reliability and features. This analytics collection is always on.

What we send to analytics: app usage events (for example: app_open, job_site_created) and technical information that is typically collected by Firebase Analytics such as app version, device/OS information, language, and general interaction signals.

What we do not send to analytics: customer/client names, emails, phone numbers, addresses, job site titles, notes, photos, measurements, invoice/estimate contents, or any uploaded files.

4. How Your Information Is Used

4.1 Offline Mode

All information you enter in Offline Mode is:

• Stored locally on your device using SQLite database and local storage
• Never transmitted to external servers or third parties
• Accessible only by you on your device
• Fully under your control, including deletion at any time

4.2 Cloud Premium Mode

When using Cloud Premium, your data is:

• Synced to Cloud: Stored on Supabase servers for cross-device access
• Encrypted in Transit: All data transmitted via HTTPS/TLS encryption
• Row-Level Security: Database configured so you can only access your own data
• Used for Sync: Data synchronized across your devices when you sign in
• Backup & Recovery: Cloud storage acts as backup for your project data

We do not use your data for marketing, advertising, or any purpose other than providing the app functionality.

4.3 Analytics Usage

Firebase Analytics is used to measure product usage, app stability, and feature adoption so we can improve Forma. Analytics events are pseudonymous and do not include your project content.

5. Permissions We Request

Forma requests only the permissions necessary for core functionality:

5.1 Camera Access

Purpose: To take photos of job sites and project progress

Usage: Photos are stored locally on your device and within the app

5.2 Photo Library Access

Purpose: To select existing photos from your device

Usage: Only selected photos are accessed and stored locally

5.3 File Access (Optional)

Purpose: To export reports or import files when you choose

Usage: Used only during explicit user actions

5.4 Notifications (Optional)

Purpose: To send task reminders

Usage: Notifications are generated locally on your device

6. Data Storage and Security

Your data security is important to us:

6.1 Offline Mode

• Local Storage Only: All data stored on your device via SQLite database and filesystem
• No Cloud Storage: No external servers or cloud databases
• Device Security: Protected by your device's built-in security (passcode, biometric)
• No Transmission: Data never leaves your device

6.2 Cloud Premium Mode

• Cloud Storage: Data stored on Supabase (PostgreSQL database + Storage Buckets)
• Encryption in Transit: All data transmitted via HTTPS with TLS 1.3
• At-Rest Encryption: Data encrypted on Supabase servers
• Row-Level Security: Database policies ensure users only access their own data
• Authentication: Secure sign-in via Apple Sign-In or Google Sign-In
• Supabase Security: Industry-standard security practices (Supabase Security)

You can use Forma entirely offline without creating an account. Premium subscriptions purchased through the Apple App Store work offline and do not require an account unless you choose Cloud Premium.

7. Data Sharing and Third Parties

We do NOT sell your data.

We do not:

• Sell, rent, or share user data with third parties for marketing
• Share your construction project content with third parties without your action (cloud sync is opt-in, and exports/shares happen only when you choose)
• Display advertisements
• Use advertising networks
• Share data with social media platforms

7.1 Third-Party Services

Forma uses the following third-party services:

• Firebase Analytics (Google Analytics 4): app usage measurement (always on). Firebase Privacy & Security
• Supabase: Backend-as-a-service providing database, storage, and authentication. Supabase acts as a data processor on our behalf and stores your cloud-synced data. Supabase Privacy Policy
• Apple Sign-In: Authentication service. Apple provides your name and email (or private relay email). Apple Privacy Policy
• Google Sign-In: Authentication service. Google provides your name, email, and profile photo. Google Privacy Policy
• Apple App Store: Processes all subscription payments via In-App Purchase. Apple Privacy Policy

Note: Offline Mode does not use cloud sync services unless you enable Cloud Premium. Firebase Analytics remains enabled as described in Section 2.4.

8. Your Data Rights

You have full control over your data:

• Access: View all data directly in the app
• Edit: Modify or update entries at any time
• Delete: Remove individual items or all data
• Export: Generate PDFs or reports for your records
• Switch Modes: Move from Offline to Cloud or vice versa
• Delete Account: Cloud Premium users can delete their account and all cloud data
• Uninstall: Removing the app deletes all locally stored data

For Cloud Premium users: To delete your account and all cloud data, contact us at 1crmforma@gmail.com.

9. Children's Privacy

Forma is not intended for children under the age of 13. We do not knowingly collect information from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be reflected by changing the "Last Updated" date.

Continued use of the app after changes indicates acceptance of the updated policy.

11. California Privacy Rights (CCPA)

For California residents:

• Offline Mode: No personal information is collected or stored externally
• Cloud Premium: We collect authentication and subscription data (see Section 2.2)
• No Sale: We do not sell personal information
• Right to Delete: Contact us to delete your account and cloud data
• Right to Know: We disclose what data we collect in this policy

12. European Users (GDPR)

For users in the European Economic Area (EEA):

• Data Controller: Forma is the data controller for Cloud Premium data
• Legal Basis: Your consent when subscribing to Cloud Premium
• Data Location: Supabase servers (may be located outside EEA)
• Your Rights: Access, rectification, erasure, data portability, and objection
• Offline Mode: No data transferred outside EEA (stored locally only)

To exercise your rights, contact us at 1crmforma@gmail.com.

13. Contact Information

If you have questions about this Privacy Policy or Forma's data practices, contact us at:

• App Name: Forma – Construction Management
• Email: 1crmforma@gmail.com

14. Summary

• Two Modes: Offline (local only) and Cloud Premium (cloud sync)
• You Choose: Decide which mode fits your needs
• Offline Mode: Your data never leaves your device
• Cloud Premium: Data synced securely via Supabase for cross-device access
• Firebase Analytics is always on for app usage measurement, but project content is not sent as analytics parameters
• No ads, no advertising identifiers (no IDFA), and no data selling
• You control your information at all times
• Delete account and data anytime