Privacy Policy
Last updated: February 9, 2026
Forma ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our pre-procedure assessment service.
1. Information We Collect
We collect information you provide directly to us:
- Account Information: Email address, name, and password when you create an account.
- Payment Information: Payment details are processed by our third-party payment processor (Stripe). We do not store your full credit card information.
- Photos: Facial photographs you upload for analysis. These are encrypted during transit and at rest.
- Communications: Information you provide when contacting us for support or inquiries.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our pre-procedure assessment services
- Process transactions and send related information
- Send you technical notices and support messages
- Respond to your comments, questions, and customer service requests
- Communicate with you about products, services, and events
- Monitor and analyze trends, usage, and activities
3. Photo Handling
Your privacy regarding uploaded photos is paramount:
- Encryption: All photos are encrypted using AES-256 encryption during upload and storage.
- Limited Access: Only assigned clinical reviewers can access your photos during the assessment process.
- Deletion: Photos are permanently deleted from our servers within 30 days after your report is delivered, unless you request earlier deletion.
- No Sharing: We never sell, share, or use your photos for marketing, model training, or any purpose beyond your individual report.
4. Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- Service Providers: With vendors who perform services on our behalf (payment processing, email delivery, cloud hosting).
- Legal Requirements: If required by law or in response to valid legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly authorize us to share information.
5. Data Security
We implement appropriate technical and organizational measures to protect your information:
- SSL/TLS encryption for all data in transit
- AES-256 encryption for stored photos
- Regular security audits and penetration testing
- Access controls limiting who can view sensitive data
- Secure cloud infrastructure (Google Cloud Platform)
6. Data Retention
We retain your information for as long as your account is active or as needed to provide services:
- Account Data: Retained until you delete your account
- Photos: Deleted within 30 days of report delivery
- Reports: Available in your account until you delete them
- Transaction Records: Retained for 7 years for legal and tax purposes
7. Your Rights
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information
- Object to processing of your information
- Request a copy of your data in a portable format
- Withdraw consent at any time
To exercise these rights, contact us at privacy@forma.clinic.
8. Cookies and Tracking
We use essential cookies to maintain your session and preferences. We do not use advertising cookies or share data with ad networks. Analytics data is anonymized and used only to improve our service.
9. Children's Privacy
Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us: