Privacy Policy
Your privacy matters. This document explains exactly what data FormLox collects, why we collect it, how it is used, and the controls you have over it — including your health and fitness data, AI coaching interactions, and account information.
1. Introduction
FormLox ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FormLox iOS application and any related services (collectively, the "Service"). Please read this policy carefully. By using FormLox, you agree to the collection and use of information described here. If you do not agree, please discontinue use of the Service. This policy applies to all users of FormLox globally, including users in the European Economic Area (EEA), United Kingdom, and California. Where applicable, additional rights and disclosures are described in the relevant sections below.
2. Information We Collect
2.1 Account & Identity Information
When you create a FormLox account, we collect: • Full name • Email address • Password (stored as a one-way hash — we never store your plaintext password) • Profile photo (optional) • Date of birth (used to personalize training recommendations) • Biological sex (optional, used for fitness and nutrition calculations)
2.2 Health & Fitness Data
FormLox is a health and fitness application. To provide its core service, we collect and process sensitive health-related data, including: • Body metrics: height, weight, body fat percentage, and other measurements you choose to log • Workout history: exercises performed, sets, reps, weight, duration, and session notes • Injury and pain logs: body parts affected, severity, duration, and history — used by the AI coach to modify training recommendations • Diet preferences and restrictions: dietary styles (e.g., vegan, keto), allergies, intolerances, and macro targets • Recovery data: sleep quality, soreness, and perceived exertion ratings you provide • Progress photos (if you choose to upload them) This data is considered sensitive. We apply heightened security standards to its storage and processing, described in Section 8.
2.3 AI Coaching & Chat Data
When you interact with the FormLox AI coach, we collect: • All messages and prompts you send to the AI • AI responses generated for you • Workout plans, diet plans, and recovery plans created during sessions • Plan edits, revisions, and save/discard actions • Follow-up threads and contextual memory items the AI stores on your behalf AI Memory: FormLox's AI coach maintains a persistent memory of facts you share — such as injury history, preferences, and goals — to provide continuity across sessions. You can view and delete individual memory items at any time from within the app.
2.4 Usage & Interaction Data
We automatically collect certain data about how you use the app: • Feature usage patterns (which tabs, tools, and features you access) • Session frequency and duration • In-app navigation paths • Errors and crash reports • API response times and performance metrics This data is used solely to improve the reliability and quality of the Service. It is not sold or used for advertising.
2.5 Device & Technical Information
We collect standard technical information including: • Device model and iOS version • App version • Unique device identifier (for session management) • IP address (used to detect abuse and for geographic compliance — not stored long-term) • Push notification token (if you enable notifications)
2.6 Payment Information
FormLox subscriptions (Pro and Lox plans) are processed entirely through the Apple App Store. We do not collect, process, or store your credit card number, billing address, or any other payment credentials. All billing is governed by Apple's terms and privacy policy. We receive only confirmation of your subscription status from Apple.
3. How We Use Your Information
We use the information we collect for the following purposes: Core Service Delivery • To authenticate your account and maintain your session • To power the AI coaching engine — generating workout plans, diet plans, recovery recommendations, and conversational coaching responses personalised to your data • To remember your preferences, injury history, and goals across sessions (AI Memory) • To display your historical progress, logs, and saved plans Service Improvement • To identify and fix bugs and performance issues • To understand which features are most valuable and where to invest in improvements • To train and evaluate our AI models (see Section 4 for full details) Communication • To send transactional emails (account confirmation, password reset, subscription receipts) • To notify you of important changes to the Service or this Privacy Policy • To respond to support requests sent to support@formlox.com Legal & Safety • To detect and prevent fraud, abuse, and violations of our Terms of Service • To comply with applicable laws, court orders, and regulatory obligations
4. AI, Machine Learning & Your Data
FormLox uses large language models (LLMs) and machine learning to power its coaching features. This section explains specifically how your data interacts with AI systems. Model Inference Your messages and profile data are sent to AI inference endpoints to generate responses in real time. These requests are processed securely over encrypted connections. Inference providers are bound by data processing agreements that prohibit them from using your data for their own purposes. AI Memory The AI coach stores discrete facts about you (e.g., "has a recurring left shoulder issue," "follows a vegan diet") in a structured memory store. This memory is: • Tied exclusively to your account • Visible to you at any time in the app under Profile → AI Memory • Deletable by you at any time, individually or in bulk • Never shared with other users Model Training We may use anonymised, aggregated interaction data to fine-tune and evaluate our own AI models. Before any data is used for training: • All direct identifiers (name, email, device ID) are removed • Health data is further generalised to prevent re-identification • You may opt out of contributing to model training at any time via Settings → Privacy → AI Training Opt-Out Third-Party AI Providers We use third-party AI infrastructure providers. These providers act as data processors under contractual agreements that restrict them to processing data only as directed by us. We do not permit any third-party AI provider to use your data to train their own general-purpose models.
5. Data Sharing & Disclosure
We do not sell your personal data. We do not share your data with advertisers. We disclose your information only in the following limited circumstances: Service Providers (Data Processors) We engage trusted third-party companies to help operate the Service. These include: • Cloud infrastructure and database hosting • AI model inference providers • Error monitoring and crash reporting services • Email delivery services (for transactional emails only) All service providers are contractually bound to process your data only for the purpose of providing services to us, and to maintain appropriate security standards. Apple As the distributor of our iOS app, Apple has access to certain data as described in Apple's Privacy Policy. Subscription and billing data is governed entirely by Apple. Legal Requirements We may disclose your information if required to do so by law or in response to a valid legal process (such as a court order or subpoena). Where legally permitted, we will attempt to notify you before disclosing your data. Business Transfers If FormLox is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your data becomes subject to a different privacy policy. With Your Consent We may share your data in any other circumstances with your explicit prior consent.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Account Deletion When you delete your account, we initiate deletion of your personal data within 30 days. Some data may be retained for up to 90 days in encrypted backups before being permanently purged. Certain data may be retained longer where required by law (e.g., financial transaction records which Apple may retain per their own obligations). Anonymised Data Anonymised and aggregated data that cannot be linked back to you may be retained indefinitely for research and product improvement purposes. AI Chat History Chat history is retained for the life of your account to support the AI's contextual memory. You may delete individual conversations or your entire chat history at any time from within the app.
7. Data Security
We implement industry-standard technical and organisational measures to protect your data: • All data in transit is encrypted using TLS 1.2 or higher • All data at rest is encrypted using AES-256 • Health and fitness data is stored in isolated, access-controlled databases with stricter access policies than general app data • Access to production data is restricted to authorised personnel only, with audit logging • We conduct regular security reviews of our infrastructure and third-party dependencies Despite these measures, no system is completely secure. We encourage you to use a strong, unique password and to enable two-factor authentication where available. If you discover a potential security vulnerability, please report it responsibly to support@formlox.com.
8. Your Rights
8.1 Rights Available to All Users
Regardless of where you are located, you have the right to: • Access: Request a copy of the personal data we hold about you • Correction: Ask us to correct inaccurate or incomplete data • Deletion: Request deletion of your account and associated personal data • Data Portability: Request your data in a structured, machine-readable format • Opt-Out of AI Training: Opt out of your data being used to improve our AI models (Settings → Privacy) To exercise any of these rights, contact us at support@formlox.com or use the relevant controls within the app.
8.2 EEA & UK Users (GDPR)
If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR): • Right to Object: You may object to processing based on our legitimate interests • Right to Restrict Processing: You may ask us to pause processing of your data in certain circumstances • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing • Right to Lodge a Complaint: You have the right to complain to your local data protection authority Our lawful bases for processing are: • Contract performance (to deliver the Service you signed up for) • Legitimate interests (to improve the Service and prevent fraud) • Consent (for AI training and optional data uses) • Legal obligation (where required by law)
8.3 California Users (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act grants you additional rights: • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you in the past 12 months • Right to Delete: You may request deletion of your personal information, subject to certain exceptions • Right to Correct: You may request correction of inaccurate personal information • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioural advertising • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights To submit a verifiable consumer request, email support@formlox.com with the subject line "CCPA Request."
9. Children's Privacy
FormLox is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@formlox.com and we will delete the information promptly. Users between 13 and 17 may use FormLox only with the consent and supervision of a parent or legal guardian.
11. Third-Party Links & Services
The Service may contain links to third-party websites or services (such as social media platforms). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through FormLox. We are not responsible for the privacy practices or content of third-party services.
12. International Data Transfers
FormLox operates globally. Your data may be processed in countries other than the one in which you reside. These countries may have different data protection laws than your own. Where we transfer data out of the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by: • Sending an email to the address associated with your account, and/or • Displaying a prominent notice within the app The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of FormLox after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: support@formlox.com Subject line: Privacy Inquiry We aim to respond to all privacy-related enquiries within 5 business days. For formal data subject requests under GDPR or CCPA, we will respond within the legally required timeframe (typically 30 days).