This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the mobile application Forma (the "App") and any related services (collectively, the "Services"). Forma is an AI-powered physique analysis and fitness planning tool designed to help users better understand their body composition and receive personalized recommendations.
Your privacy is important to us. We are committed to processing your personal data responsibly, securely, and transparently. This Privacy Policy applies to all users of the App, whether on the free plan or subscribed to the premium tier, and it complies with the data protection laws applicable in your region, including the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA), where applicable.
By accessing or using Forma, you agree to the terms outlined in this Privacy Policy. If you do not agree, please refrain from using the App.
For the purposes of this policy, references to "we," "us," or "our" refer to the developer and operator of Forma.
When you use Forma, we collect certain types of data to deliver the core features of the app, improve performance, and ensure a smooth user experience. We do not collect personal identifiers such as email addresses, phone numbers, or usernames, and we do not require user accounts to access the app's features.
We collect the following categories of information:
a. Physique Images (1–5):
To provide personalized analysis, the app allows you to upload between one and five images of your body. These images are processed securely and used solely for AI-driven physique evaluation. They are not stored permanently unless explicitly cached locally for display in history, and they are never used for training purposes or third-party sharing.
b. Onboarding Data:
To personalize analysis and recommendations, Forma collects:
This information is processed locally and may be stored in your device's memory or linked with your subscription tier.
c. Device Information:
We collect non-personal, technical data including:
This helps us optimize the app for different devices and user locales.
d. Usage Data:
We track general engagement such as:
This is anonymized and used for improving app performance and feature prioritization.
e. Subscription & Purchase Data:
Forma uses App Store billing systems. We receive confirmation of subscription type and validity through secure receipts:
We do not receive or store payment card information.
f. Optional Profile Data:
Users may optionally input their name in the profile section for personalization. This information remains strictly local to the device and is not transmitted, stored remotely, or accessible by us.
We use the data we collect from you solely to provide and improve the services within the Forma app. This includes enhancing your experience, delivering AI-driven analysis, and maintaining the stability and performance of the application.
Specifically, your information is used in the following ways:
a. To Provide AI-Powered Physique Analysis:
Your uploaded images and onboarding data (height, weight, age, gender, goals) are processed by AI models to generate an in-depth, personalized breakdown of your physique. This includes estimates of body fat percentage, muscle symmetry, genetic potential, and other aesthetic insights.
b. To Generate Custom Workout Suggestions:
Based on your analysis, the app tailors science-backed training recommendations that focus on your strengths, weaknesses, and physique goals.
c. To Display Progress and Visual Feedback:
Forma tracks changes in your body metrics and displays them in a visually engaging and informative way to help you monitor your transformation over time.
d. To Improve App Performance and Functionality:
Usage data helps us understand how users interact with the app, allowing us to identify friction points, improve usability, and prioritize future features.
e. For Debugging and Crash Reporting:
If enabled through your operating system, technical data related to crashes or bugs may be shared with us to diagnose and fix stability issues.
We do not use your data for advertising, cross-platform tracking, or third-party profiling.
At Forma, we take data security and user privacy seriously. We are committed to storing and handling your information in a secure and privacy-conscious manner.
a. Image Storage and Retention:
Any physique images you upload are either processed directly on-device or, if applicable, temporarily transmitted to secure cloud infrastructure solely for the purpose of analysis. These images are automatically deleted immediately after the analysis is complete. They are never stored permanently or reused for any other purpose.
b. User Data Storage:
No personal user data is stored on remote servers. All onboarding inputs (height, weight, age, gender, goals) are processed locally on your device and remain under your control. We do not store your personal information or access it via a user account system. Any optional profile data, such as your name (if entered by you), is also kept locally and never transmitted to us.
c. Supabase Usage (Internal Only):
Supabase is used exclusively to store internal, static app data such as our exercise database. No personally identifiable user information is stored on Supabase or any cloud infrastructure.
d. Security Measures:
All communications between the app and any cloud services are encrypted using industry-standard protocols (e.g., HTTPS/TLS). Access to any temporary processing services is tightly controlled and secured using authentication, rate-limiting, and isolation practices. We also monitor systems for potential vulnerabilities or threats on an ongoing basis.
Despite our best efforts, no system is entirely immune to risk. By using Forma, you acknowledge and accept the inherent limitations of digital security.
We do not share your data with third parties for marketing, advertising, or commercial purposes.
We may share non-identifiable or anonymized data with trusted subprocessors (such as Supabase) strictly for operational purposes, including analytics, crash monitoring, and infrastructure support. All such providers are bound by strict confidentiality and security obligations.
If required by law, regulation, or legal process, we may disclose limited data to comply with governmental or regulatory authorities — but only to the minimum extent necessary and never without cause.
As a user of Forma, you have rights concerning the limited data we handle:
To make a request, you may contact us at contact@noface.media. We will respond within 30 days, in accordance with applicable privacy laws.
Forma is designed with minimal data processing in mind to prioritize user privacy. If you have questions about your data, feel free to contact us directly.
Forma is not intended for use by children under the age of 13. We do not knowingly collect, use, or store any personal data from individuals under 13 years of age.
If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete such data.
For minors between 13 and 18 years old, parental or guardian consent is required to use the app. We encourage parents and guardians to monitor their children's use of mobile applications and educate them on safe online behavior and privacy practices.
If you believe that a minor has used the app without proper consent or if you have any questions about our children's privacy policies, please contact us at contact@noface.media.
Forma is available to users globally. By using the app, you understand and acknowledge that your data may be processed and stored in servers located in the European Union or the United States, depending on our infrastructure and service providers.
For Users in the European Union (EU):
If you are located in the EU, your personal data is protected under the General Data Protection Regulation (GDPR). You have the right to:
We are committed to complying with GDPR principles and ensuring that your data is handled with transparency and security.
For Users in Canada:
If you are a resident of Canada, Forma adheres to the principles outlined in the Personal Information Protection and Electronic Documents Act (PIPEDA). This includes:
If you have any questions or concerns about your privacy rights or data transfers, feel free to contact us at contact@noface.media.
If you are an individual located in the European Union (EU), we process your personal data in accordance with the legal bases established under the General Data Protection Regulation (GDPR).
We rely on the following lawful bases for processing your information:
a. Consent
We ask for your explicit consent before processing any personal data that could be subject to GDPR regulations. This includes:
You have the right to withdraw your consent at any time. Doing so may limit your ability to use certain features of the app, but it will not affect the lawfulness of processing based on consent before its withdrawal.
b. Legitimate Interest
We may process certain non-sensitive data under the legal basis of legitimate interest in cases where:
We carefully assess that these interests are not overridden by your rights and freedoms under GDPR. You may object to this processing at any time by contacting us at contact@noface.media.
We use a limited number of trusted third-party services to operate and maintain key features within the Forma app. These services are used strictly to provide functionality, ensure reliability, and manage subscriptions. We do not sell, rent, or share your personal data with any third-party marketing platforms.
Below are the third-party providers Forma interacts with and the nature of their involvement:
• Gemini API (by Google Cloud)
We use the Gemini 2.0 API to process your uploaded physique images and onboarding data (height, weight, etc.) for the purpose of generating AI-based fitness analysis. Images are transmitted securely and are not stored after processing. Google may collect metadata (e.g., request frequency) for operational purposes, in compliance with their own privacy policy.
• RevenueCat
RevenueCat is used to manage in-app purchases and subscriptions. It handles billing and receipts for the Apple App Store. We do not receive or store your payment information directly — all transactions are processed securely via Apple. RevenueCat provides us with anonymized subscription status (active, canceled, etc.) but not personal identifiers unless permitted by Apple.
• Supabase
Supabase powers the app's workout database and handles limited technical analytics (e.g., app error logs, performance stats). No sensitive personal data (e.g., names, images, or user identifiers) are stored in Supabase unless absolutely necessary. Any onboarding data or preferences are stored locally on your device unless explicitly needed for functionality.
Each of these services complies with applicable data protection regulations, including GDPR and CCPA where applicable. You can refer to their individual privacy policies for further details.
We retain only the data necessary to provide the core features of Forma and ensure a smooth user experience. Data is stored in accordance with legal and technical requirements, and we do not keep any unnecessary or outdated user data.
We take reasonable steps to ensure that your data is only retained for as long as necessary to fulfill its purpose, after which it is securely deleted or anonymized.
Forma is designed to respect your privacy by default. Most of your data is stored locally on your device and never leaves it unless used for temporary analysis. However, if you wish to clear or delete any stored data, we offer multiple options:
We are committed to responding to verified deletion requests in a timely and responsible manner.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we do, we will revise the "Last updated" date at the top of this document.
How You'll Be Notified:
If material changes are made, you will be notified through a notice in the Forma app — either on the landing screen or directly within the settings section. In some cases, we may also prompt you to review and accept the updated policy before continuing to use the app.
We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information.
If you have any questions about this Privacy Policy, the data we collect, or if you would like to request deletion or access to your data, please contact us at:
Name: NoFace Media
Email: contact@noface.media
Location: Strada Garoafei 17, Marasesti, Vrancea 625200, Romania
We're committed to protecting your privacy and will do our best to address your concerns as quickly and clearly as possible.