Privacy Policy

Last updated: February 19, 2026

Forma ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our pre-procedure assessment service.

1. Information We Collect

We collect information you provide directly to us:

• Account Information: Email address, name, and password when you create an account.
• Payment Information: Payment details are processed by our third-party payment processor (Stripe). We do not store your full credit card information.
• Photos: Facial photographs you upload for analysis. These are stored securely and kept private.
• Communications: Information you provide when contacting us for support or inquiries.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our pre-procedure assessment services
• Process transactions and send related information
• Send you technical notices and support messages
• Respond to your comments, questions, and customer service requests
• Communicate with you about products, services, and events
• Monitor and analyze trends, usage, and activities

3. Photo Handling

Your privacy regarding uploaded photos is paramount:

• Privacy: All photos are stored securely and kept private during upload and storage.
• Limited Access: Only authorized assessment reviewers can access your photos during the assessment process.
• Deletion: You can delete your photos at any time from your dashboard. Photos are stored only as long as needed for your report and can be permanently removed with one click.
• No Sharing: We never sell, share, or use your photos for marketing, model training, or any purpose beyond your individual report.

4. Biometric Data Policy

When you upload photos for assessment, our system performs facial geometry analysis that generates biometric data including facial proportion measurements, symmetry calculations, and feature mapping coordinates.

This biometric data is used exclusively for generating your pre-procedure assessment report. It is never used for identification purposes, sold to third parties, or shared with any external parties.

You can delete your photos and all associated biometric data at any time from your dashboard. You may also request deletion by contacting us at support@forma.clinic.

Forma never sells, licenses, or otherwise profits from your biometric data. This data exists solely to serve you.

5. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: With vendors who perform services on our behalf (payment processing, email delivery, cloud hosting).
• Legal Requirements: If required by law or in response to valid legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize us to share information.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption for all data in transit
• Secure, private storage for all photos
• Regular security audits and penetration testing
• Access controls limiting who can view sensitive data
• Secure cloud infrastructure (Google Cloud Platform)

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

• Account Data: Retained until you delete your account
• Photos: Stored until you delete them from your dashboard or delete your account
• Reports: Available in your account until you delete them
• Transaction Records: Retained for 7 years for legal and tax purposes

8. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Object to processing of your information
• Request a copy of your data in a portable format
• Withdraw consent at any time

To exercise these rights, contact us at privacy@forma.clinic.

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use advertising cookies or share data with ad networks. Analytics data is anonymized and used only to improve our service.

10. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@forma.clinic
• Contact Form: forma.clinic/contact