Privacy Policy

Last updated: April 19, 2026

Both the English and Romanian versions of this Policy are authentic. In case of inconsistency, the Romanian version prevails for users whose primary interface language is Romanian.

1. A Note About Health-Related Data

We process this data based on your explicit consent (GDPR Article 9(2)(a)), which you provide when you:

• create an account and enter body measurements or health-related goals;
• enable Apple Health integration and authorise specific data types;
• share health-related data with a Professional User (e.g., a trainer or nutritionist) through the Service's consent controls.

You can withdraw consent for specific data types at any time through your account settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal. When you withdraw consent for a Health Data category, we will stop processing that category and, unless we have another lawful basis to retain it (for example, a legal obligation), we will delete or anonymise it in accordance with the retention schedule in Section 6.

To meet our demonstrability obligation under GDPR Article 7(1), we record each consent grant and withdrawal (including timestamp and the scope of what was consented to) in our systems. You can request a copy of your consent history at any time via the rights flow in Section 7.

FormChase is not a medical device, does not provide medical diagnoses, and does not replace professional medical or nutritional advice. The data you enter is for your personal fitness and nutrition tracking. See our Terms and Conditions (Section 3) for important disclaimers.

2. What Data We Collect

2.1 Account Data

• Full name and display name
• Email address
• Language and timezone preferences
• User role (Trainee or Professional User)

2.2 Authentication Data

Depending on your sign-in method:

• Email and password (password is hashed; we never store it in plain text)
• Apple Sign-In identifier and associated email
• Google Sign-In identifier and associated email

We receive only the identifiers and email provided by Apple or Google during authentication. We do not receive your Apple ID password or Google account password.

2.3 Fitness and Workout Data

• Exercise logs (type, sets, reps, weights, duration)
• Workout routines and schedules
• Workout notes
• Personal records
• Program assignments (if assigned by a Professional User)

2.4 Nutrition Data

• Meal logs (foods, portions, meal type, timestamps)
• Calorie and macronutrient calculations
• Water intake records
• Custom recipes
• Meal plans (created by you or assigned by a Professional User)
• Food preferences and bookmarks

2.5 Body and Health Measurements

• Height, weight, body mass index (BMI)
• Body fat percentage
• Body measurements (waist, chest, arms, etc.)

2.6 Apple Health Data (Optional)

If you enable Apple Health integration, we may read and/or write the following data types, only with your explicit per-type permission:

• Workouts (type, duration, calories burned)
• Step count
• Active calories
• Body weight and body fat percentage

Apple Health data is:

• accessed only with your explicit permission for each data type;
• used solely to display your health information within FormChase and to sync workouts;
• never used for advertising, marketing, or sale to data brokers;
• never shared with third parties except as described in this Policy for providing the Service;
• stored securely and marked as externally synced so you can identify it.

You can disconnect Apple Health at any time in Settings → Health Integrations. Disconnecting stops future syncing but does not automatically delete previously synced data. You can delete that data through your account settings.

2.7 Professional User – Client Shared Data

If you are a Client of a Professional User (e.g., a trainer or nutritionist) and grant consent, the Professional User may view:

• Meal plan assignments and compliance
• Workout logs and program progress
• Body measurements

You control which categories the Professional User can access through granular consent toggles in Settings. Each consent grant and withdrawal is logged with a timestamp for your records.

2.8 Subscription and Billing Data

• Subscription plan and status
• App Store or Google Play transaction identifiers and subscription status
• RevenueCat app user ID (for entitlement validation)
• Payment history and invoice references
• Promotional codes redeemed

We do NOT store your full payment card details. Payments are processed by Apple or Google through their respective app stores.

2.9 Technical and Diagnostic Data

• Device type, operating system, app version
• Screen dimensions
• Error reports (with personal data automatically removed before transmission)
• Session identifiers (locally generated)

2.10 Product Analytics Data (Optional, Off by Default)

If you opt in to product analytics, we collect:

• Screen views and feature usage events
• Device type, OS version, app version
• Anonymous session identifiers

We do NOT collect through analytics:

• Your name, email, or any direct identifiers
• Location data (GeoIP enrichment is disabled)
• Body measurements, weight, or health data
• Meal contents, calorie, or macro values
• Payment or billing information

Analytics data is processed on EU servers by our analytics provider.

2.11 Food Label Photos (OCR)

If you use the food label scanning feature, photos of food labels are sent to Google Cloud Vision API through our backend for text extraction. We send only the image; no account identifiers are attached to the request to Google. Google's processing is governed by the Google Cloud Data Processing Addendum and Google's AI/ML Privacy Commitment, under which submitted content is not used to train Google's models. The extracted text is returned to our backend and used to populate your food entry.

2.12 Push Notification Tokens

If you enable push notifications, we store a device push token to deliver workout reminders, meal reminders, and account-related notifications (e.g., new messages from your trainer, subscription updates). Push tokens are transmitted through Apple Push Notification service (APNs) on iOS, Firebase Cloud Messaging (FCM) on Android, and the Expo push service which routes the request to APNs/FCM.

You can revoke push permissions at any time through your device's system settings. Revoking the permission stops all further notifications from FormChase.

3. Why We Process Your Data and Our Legal Bases

Note on invoices. FormChase does not issue fiscal invoices for consumer App Store or Google Play subscriptions. Apple and Google are the merchants of record for those purchases (see Terms §8) and they issue and retain the fiscal records. We store only the subscription status (plan, expiry, store identifier) returned by RevenueCat, which is covered by the first rows of the table above.

4. Who We Share Your Data With

We do not sell your personal data.

We share data only with the following processors and service providers, under data processing agreements:

4.1 Supabase: Cloud Database, Authentication, and File Storage

• Provider: Supabase, Inc. (privacy policy)
• Purpose: Primary database, authentication, object storage, server-side business logic (Edge Functions)
• Location: EU region (Ireland)
• Data: All user data stored in our database (profile, workouts, meals, measurements, progress photos, PT relationships, subscription references)
• Safeguards: GDPR-compliant DPA, EU data residency, Row-Level Security enforced on every table, encryption in transit and at rest

4.2 RevenueCat: Subscription Management

• Provider: RevenueCat, Inc. (privacy policy)
• Purpose: Cross-platform subscription validation, purchase restoration, entitlement management
• Location: United States
• Data: App user ID, subscription status, App Store / Play Store transaction references, product identifier
• Safeguards: DPA with EU Standard Contractual Clauses (SCCs)

4.3 Apple & Google: App Store and Google Play Billing

• Providers: Apple Distribution International Ltd (Ireland) and Google Ireland Ltd (respective store privacy notices apply)
• Purpose: In-app purchase processing, subscription management, payment handling, refund processing
• Data: Transaction identifiers, subscription status, purchase history (we do not receive your payment card details)
• Safeguards: Platform privacy policies and billing terms; transfer safeguards handled by Apple/Google

4.4 PostHog EU: Product Analytics (Only If You Opt In)

• Provider: PostHog, Inc. — EU Cloud (privacy policy)
• Purpose: Understand anonymised feature usage to improve the Service
• Location: EU (Germany — eu.i.posthog.com)
• Data: Screen views, feature events, device type, OS version, app version, anonymous session identifiers
• NOT shared: Name, email, IP address, geolocation, device fingerprint, health data, nutrition data, payment data
• Safeguards: EU data residency, GeoIP enrichment disabled, IP address stripped before transmission, DPA

4.5 Sentry: Error Monitoring (Production Only)

• Provider: Functional Software, Inc. d/b/a Sentry (privacy policy)
• Purpose: Crash reporting and error diagnostics to improve service reliability
• Location: United States (or EU region if the DSN is configured to eu.sentry.io)
• Data: Your FormChase user ID (attached deliberately as a Sentry user tag so a crash report can be traced back to your account when we investigate a bug you reported), device model, OS version, app version, locale, build metadata (git SHA, build number), and error stack traces. The user ID is a personal identifier under GDPR, not an anonymous token.
• NOT sent: Email, username, IP address (scrubbed to 0.0.0.0 in-app before transmission), health payload values, nutrition payload values, payment data, and authentication tokens (masked in request URLs before breadcrumbs are emitted).
• Safeguards: Client-side PII scrubbing via Sentry's beforeSend and beforeBreadcrumb hooks, data minimisation, DPA with SCCs for US transfers, production-only (disabled in development)

4.6 Resend: Transactional Email

• Provider: Resend, Inc. (privacy policy)
• Purpose: Account verification emails, password reset, security notifications, support replies, privacy-request notifications
• Location: United States
• Data: Recipient email address, email subject and body, delivery metadata
• Safeguards: DPA with SCCs, transactional-only use; no marketing emails are sent through this channel

4.7 Google Cloud Vision API: Image Recognition (OCR)

• Provider: Google Ireland Ltd / Google LLC (Cloud privacy notice)
• Purpose: Text extraction from food label photos you submit
• Location: Google Cloud regional infrastructure
• Data: Food label image bytes only (no account identifiers attached to the call). The request is relayed through our Supabase Edge Function.
• Safeguards: Google Cloud Data Processing Addendum, Standard Contractual Clauses, and Google's AI/ML Privacy Commitment (submitted content is not used to train Google's models).

4.8 Cloudflare: CDN, Web Security, Legal & Marketing Site Hosting

• Provider: Cloudflare, Inc. (privacy policy)
• Purpose: Static hosting for legal.formchase.com, content delivery, DDoS protection, Turnstile CAPTCHA for web signup
• Location: Global edge network with EU presence
• Data: IP addresses, request metadata (in transit), Turnstile challenge tokens
• Safeguards: DPA, SCCs, strictly-necessary use; no advertising or analytics cookies are set by our Cloudflare properties

4.9 Open Food Facts: Open Food Database

• Provider: Open Food Facts (non-profit, France — privacy policy)
• Purpose: Nutritional information lookup by barcode or name
• Location: EU (France)
• Data: Requests to Open Food Facts are made directly from your device. Their server therefore receives the standard HTTP request metadata — your IP address, User-Agent string, the search query or barcode, and a timestamp. We do not attach any FormChase account identifier (user ID, email, session token). The response is nutritional data that we display in the Service.
• Safeguards: Public open data under the Open Database License (ODbL); Open Food Facts' own privacy policy governs their retention of request logs. If we later route these requests through our backend (so that only our backend IP is visible to Open Food Facts), we will update this section.

4.10 Professional Users (Trainers/Nutritionists): Independent Controllers

If you are a Client and grant consent, your Professional User (a trainer or nutritionist) may view specific categories of your data (see Section 2.7). In this relationship:

• FormChase remains the controller of the platform data and the technical means by which the Professional User accesses your data.
• The Professional User is an independent controller of the portion of your data they access for their own professional practice (e.g., notes, programs, and communications they produce outside the Service). They are responsible for complying with GDPR and their professional obligations in their own capacity. They must provide their own privacy notice to you for any processing they carry out outside the Service, and must respond independently to any data-subject rights request you direct to them about data they hold outside the Service.
• The in-app granular consent controls, combined with the Professional User's own notice to you, together fulfil the essential-arrangement requirement under GDPR Article 26 where any element of joint control exists.
• When you revoke consent or the professional relationship ends, the Professional User's access inside the Service is immediately revoked. Their obligation to delete copies of your data they hold outside the Service is governed by our Terms (Section 6.2) and their own legal duties.
• Allocation of responsibility. FormChase is not responsible for a Professional User's breach of their independent GDPR obligations (for example, failure to honour your access or erasure request for data they hold outside the Service, failure to provide their own privacy notice, or unauthorised onward disclosure of your data outside the Service). You retain the full set of GDPR rights against the Professional User as an independent controller, including the right to lodge a complaint with ANSPDCP naming that Professional User directly.

5. International Data Transfers

Your data is primarily stored in the EU.

Some processors are located in the United States. For these transfers, we rely on:

• EU Standard Contractual Clauses (SCCs) adopted by the European Commission
• Processor DPAs with appropriate safeguards
• Technical measures (encryption in transit and at rest)

You can request details about specific transfer safeguards by contacting us.

6. How Long We Keep Your Data

After account deletion, your personal data is permanently deleted or anonymised, except where retention is required by law or specified above.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

7.1 Right of Access (Art. 15)

Request a copy of the personal data we hold about you. You can do this in-app (Settings → Privacy & Data → Export My Data) or by contacting us.

7.2 Right to Rectification (Art. 16)

Correct inaccurate or incomplete data. Most data can be corrected directly in the app. For other corrections, contact us.

7.3 Right to Erasure (Art. 17)

Request deletion of your personal data. Use the in-app account deletion feature (Settings → Privacy & Data → Delete Account) or contact us. Deletion is subject to a 30-day cooling-off period and legal retention obligations.

7.4 Right to Restrict Processing (Art. 18)

Request restriction of processing in certain circumstances (e.g., while we verify the accuracy of contested data).

7.5 Right to Data Portability (Art. 20)

Receive your data in a structured, commonly used, machine-readable format (JSON). Available in-app via the Export feature.

7.6 Right to Object (Art. 21)

Object to processing based on legitimate interests (error reporting, security). We will stop unless we have compelling legitimate grounds.

7.7 Right to Withdraw Consent (Art. 7)

Where we process data based on your consent (analytics, Apple Health, data sharing with Professional Users), you can withdraw consent at any time in your account settings. Withdrawal does not affect processing that occurred before withdrawal.

7.8 Right Not to Be Subject to Automated Decision-Making (Art. 22)

FormChase does not make automated decisions that produce legal or similarly significant effects on you. Calorie and macro calculations are informational estimates, not decisions about you.

7.9 How to Exercise Your Rights

• In-app: Settings → Privacy & Data
• Email: contact@formchase.com
• Formal DSAR: Available in-app and via email, including for logged-out users with email verification

We will respond without undue delay and in any event within one month of receipt of your request, as required by GDPR Article 12(3). That period may be extended by up to two further months where necessary, taking into account the complexity and number of requests; in that case we will inform you of the extension and the reasons within one month of receipt.

7.10 Right to Complain

You have the right to lodge a complaint with:

Or with the supervisory authority in your EU Member State of habitual residence.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit and at rest
• Access controls ensuring users can only access their own data
• Passwords are hashed and never stored in plain text
• Personal data is automatically removed from error reports
• Identity verification before sensitive account operations
• Regular security reviews

No system is perfectly secure. If we discover a personal data breach, we will notify ANSPDCP within 72 hours of becoming aware of it, as required by GDPR Article 33, unless the breach is unlikely to result in a risk to your rights and freedoms. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay and in clear and plain language, as required by GDPR Article 34, describing the nature of the breach, the likely consequences, the measures taken to mitigate it, and a contact point for further information.

9. Children

FormChase is not intended for children under 16. In Romania, Article 6 of Law no. 190/2018 (implementing the GDPR) sets 16 as the age at which a child can validly consent to information-society services, above the default 13-year threshold in Article 8(1) GDPR. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has created an account, contact us at contact@formchase.com and we will delete the account.

10. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes at least 30 days in advance through in-app notification and/or email. The "Last updated" date at the top reflects the most recent revision.

Previous versions of this policy are available upon request.

11. Data Controller

The data controller responsible for processing your personal data is:

We process your data in accordance with the General Data Protection Regulation (GDPR), Romanian Law 190/2018 implementing GDPR, and other applicable data protection legislation.

At our current scale, we are not required to appoint a Data Protection Officer under GDPR Article 37. For all privacy inquiries, contact us at contact@formchase.com. We will reassess this obligation as we grow.

12. Contact

For questions about this Privacy Policy or to exercise your data rights: