Privacy Policy
Forma — gym & training app
Last updated: June 5, 2026
This Privacy Policy explains how Forma ("Forma," "we," "us," or "our") collects, uses, shares, and protects your information when you use the Forma mobile application (the "App"). By creating an account or using the App, you agree to the practices described here.
1. Who we are
Forma is a mobile application that helps members of gyms and training academies book classes, track their training sessions, follow skill progress, and manage their gym membership. You can contact us at any time at zoop.devs@gmail.com.
2. Information we collect
Information you provide
- Account details — your name and email address when you sign up or sign in (including via Google or Apple sign-in).
- Profile photo — an optional avatar image you choose to upload.
- Gym membership — the gym or academy you belong to and your membership status.
Information generated as you use the App
- Training activity — the activities you train (e.g. Brazilian Jiu-Jitsu, Muay Thai, Judo, dance), your skills progress, class attendance, and training streaks.
- Subscription status — whether you have an active, trial, comped, or canceled membership subscription with your gym.
- Notifications data — a push-notification token for the device you use, so we can deliver class reminders and announcements.
- Basic technical/device data — limited information needed to operate the App reliably, such as the device platform.
Payment information
When you subscribe to a paid membership, payments are processed by Stripe. Your gym is paid directly through Stripe Connect. Forma does not collect or store your full card number or card security details — that information is handled by Stripe under its own privacy and security standards. We retain only non-sensitive subscription metadata (for example, plan, status, and Stripe reference identifiers).
3. How we use your information
- To create and manage your account and your gym membership.
- To provide core features: class booking, attendance tracking, skills and progress, and streaks.
- To process and reflect your subscription with your gym.
- To send you class reminders, announcements, and other notifications you have enabled.
- To operate, maintain, secure, and improve the App.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Legal bases for processing (EEA/UK users)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Contract — to provide the App and your membership features.
- Legitimate interests — to keep the App secure and to improve it.
- Consent — for push notifications and optional features (you can withdraw consent at any time).
- Legal obligation — where we must retain or disclose data by law.
5. How we share information
We share information only as needed to run the App, with service providers acting on our behalf:
| Provider | Purpose |
|---|---|
| Convex | Backend database and file (image) storage that powers the App. |
| Stripe (Stripe Connect) | Subscription and payment processing; your gym is the payee. |
| Google & Apple | Optional single sign-on (OAuth) when you choose those sign-in methods. |
| Expo | Delivery of push notifications. |
We may also share your information with your gym/academy (the people who operate the gym you belong to) so they can manage classes, attendance, and your membership. We may disclose information if required by law or to protect the rights, safety, and security of users and the public.
6. International data transfers
We and our service providers may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers of personal data.
7. Data retention
We keep your information for as long as your account is active and as needed to provide the App. When you delete your account, we delete or anonymize your personal data, except where we must retain certain records to comply with legal, accounting, or security obligations.
8. Your rights and choices
- Access & portability — request a copy of the personal data we hold about you.
- Correction — update inaccurate information from within the App or by contacting us.
- Deletion — delete your account and associated personal data from the Profile screen, or by contacting us.
- Notifications — turn push notifications on or off on your device and in the App.
- Marketing — we do not run third-party advertising; we will only send service-related messages you have enabled.
California (CCPA/CPRA): California residents have the right to know what personal information we collect, to request deletion, and to not be discriminated against for exercising these rights. We do not sell or "share" personal information as those terms are defined under California law.
To exercise any right, email us at zoop.devs@gmail.com.
9. Security
We use reasonable technical and organizational measures to protect your information, including encryption in transit and access controls. Payment card data is handled entirely by Stripe. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. Children's privacy
Forma is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the App.
12. Contact us
Questions about this Privacy Policy or your data? Email zoop.devs@gmail.com.
See also our Terms of Service.