Privacy Policy

Last Updated: October 13, 2023

This Privacy Notice describes how Forma Health, Inc. (“Company,” “Forma Health,” “we,” “us,” or “our”) collects, uses, and shares your personal information through our mobile application (the “Services”) and our website (the “Site”). For ease of reference, the Services, the Site and our other online and offline product offerings are referenced in this Privacy Notice as the “Services.” This Privacy Notice does not apply to any third-party websites, services, application program interfaces (“APIs”), and software development kits (“SDKs”) even if they are accessible through the Services.

  1. Personal Information We Collect
  2. How We Use Your Personal Information
  3. How We Disclose Your Personal Information
  4. Your Privacy Choices and Rights
  5. How Long We Keep Your Personal Information
  6. Supplemental Notices for Nevada Users
  7. Children
  8. Third-Party Websites or Applications
  9. Changes to the Privacy Policy
  10. Contact Us

1. Personal Information We Collect

The categories of personal information we collect depend on how you interact with the Company, the Services, and the requirements of applicable law.

1.1 Personal Information You Provide to Us Directly

We collect personal information that you provide to us including:
  • Account Information. We collect personal information, such as your name and email address, or if you are a medical professional or researcher, your title and place of business and information about your clinical study, when you create an account to use the Services.
  • Demographic and Professional Information. We collect your name, business title, address, date of birth, gender, and other demographic information that you choose to provide in the Services.
  • Diagnosis Information. We collect information about your diagnosis, date of diagnosis, and doctor’s name who gave diagnosis, and other related information that you provide in the Services.
  • Health Information. We collect information about your symptoms (including pictures that you may take or videos that you may record), medications, notes, doctor appointments, labs, allergies, procedures, treatment plans, details about your medical history, and other health information that you provide in the Services.
  • User-Generated Content. We may require access to your device’s camera and/or microphone. When you grant us access to your device’s camera and/or microphone, we may process user-generated content, including photographs, video, and audio recordings that you choose to make available via the Services. We may transcribe your audio recordings.
  • Communication Information. We may collect personal information, such as your name and an email address, when you request information about Forma Health or the Services, request support, submit a feature request, report a bug, or otherwise communicate with us.
  • Interactive Features. We and others who use the Services (e.g., your doctor or caregiver) may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features).

1.2 Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.
  • Usage Information. When you use the Services, we collect certain information automatically, including your Internet protocol (IP) address, user settings, , other unique identifiers, browser or device information, location information (including approximate location derived from IP address) . We may also collect personal information about your use of the Services, such as the links you click within the Services, the types of content you interact with, the frequency and duration of your activities, and other similar information.
  • Crash Reports. If you provide crash reports, we may collect personal information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.
  • Cookie Policy (and Other Technologies). We and third parties that provide content or other functionality on the Services may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information when you use the Services.
  • Cookies. Cookies are small text files placed on device browsers. Cookies store preferences and enable and enhance your experience.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page. We may also include web beacons in emails to understand if a recipient opened, acted on, or forwarded them.
Our uses of these Technologies fall into the following general categories:
  • Operationally Necessary. This includes Technologies that allow you access to the Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality.
  • Performance-Related. We may use Technologies to assess the performance of the Services, including as part of our analytic practices to help us understand how individuals use the Services (see Analytics below).
  • Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using the Services. This may include identifying you when you sign into the Services or keeping track of your specified preferences, interests, or past items viewed.
See the "Your Privacy Choices and Rights" section below to understand your choices regarding these Technologies.
  • Analytics. We may use Technologies and other third-party tools to process analytics information on the Services. These Technologies allow us to better understand how the Services is used and to continually improve and personalize the Services. Some of our analytics providers include:
  • Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.

1.3 Personal Information Collected from Other Sources

Third Parties. We may collect personal information from third parties.  For example, your doctor or caregiver may provide information about your diagnosis and health.

2. How We Use Your Personal Information

We use your personal information for a variety of business purposes, including to provide the Services and  for administrative purposes , as described below.

2.1 Provide The Services

We use personal information to fulfill our contract with you and provide the Services, such as:
  • Managing your information and accounts;
  • Providing access to certain areas, functionalities, and features of the Services;
  • Answering support requests; and
  • Communicating with you about your account, activities on the Services, and policy changes.

2.2 Administrative Purposes

We use personal information for various administrative purposes, such as:
  • Pursuing our legitimate interests such as research and development and network and information security;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and taking appropriate actions against malicious actors;
  • Measuring interest and engagement with the Services;
  • Creating de-identified and/or aggregated information;
  • Developing and improving AI/ML models;
  • Comparing your patient data with cohorts of other patients but only if you choose to opt in into such use;
  • Carrying out analytics;
  • Improving, upgrading, or enhancing the Services;
  • Developing new products and services;
  • Ensuring internal quality control and safety;
  • Debugging to identify and repair errors on the Services;
  • Auditing relating to interactions, transactions, and other compliance activities;
  • Disclosing personal information to third parties as needed to provide the Services;
  • Enforcing our agreements and policies; and
  • Carrying out activities that are required to comply with our legal obligations.

2.3 With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

2.4 Creating De-Identified and/or Aggregated Information

We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about how you use the Services, information about the device from which you access the Services, or other analyses we create. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by or required to comply with applicable laws. De-identified and/or aggregated information is not personal information, and we may use, disclose, and retain such information as permitted by applicable laws including, but not limited to, for research, analysis, analytics, and any other legally permissible purposes. You will have the option, through the Services’s settings, to include or exclude your de-identified data from being shared with specific organizations, studies, and broad categories of organizations (e.g., Pfizer, Tylenol Health Study, North American Academic Research Centers).

3. How We Disclose Your Personal Information

We may disclose your personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a corporate transaction, as described below.

3.1 Disclosures to Provide the Services

The categories of third parties to whom we may disclose personal information are described below.
  • Other Users of the Services. The Services may allow you to share personal information or interact with other users of the Services. For example, we share your personal information with doctors and caregivers only if you authorize us to do so. You may withdraw your consent at any time. Your profile may be visible to other users of the Services, and you may interact with other users of the Services through messaging or other similar features. We are not responsible for the processing of your personal information by other users who receive information about you through the Services.
  • Service Providers. We may share your personal information with our third-party Service Providers. By “Service Providers” we mean companies, agents, contractors, vendors, or others engaged to perform functions on our behalf such as IT support, hosting, payment processing data storage, customer service, and related services.
  • Clinical Trial Sites and Researchers.  If you request to be matched with a clinical trial site or participate in a study through the Services, we may share your personal information with the clinical trial site or the researchers administering the study so that they can contact you about participating in the trial or the study.

3.2 Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation or prosecution of suspected or actual illegal activity.

3.3 Disclosures in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be sold or transferred as part of such a transaction.

4. Your Privacy Choices and Rights

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
  • Email Communications. If you receive a marketing email from us, you may opt-out by using the unsubscribe link at the bottom of such email or by contacting us. You will continue to receive service-related and other non-marketing emails related to the Services.
  • Mobile Devices. We may send you push notifications through our Services. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via the Services. You may opt out of this collection by changing the settings on your mobile device.
  • “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
  • Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications.
Your Privacy Rights. Depending on what laws apply to your personal information, you may have the right to:
  • Confirm Whether We Are Processing Your Personal Information (the right to know);
  • Request Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);
  • Request Correction of your personal information where it is inaccurate, incomplete, or outdated. In some cases, we may provide self-service tools that enable you to update your personal information;
  • Request Deletion of your personal information (also known as the “right to be forgotten”);
  • Request Restriction of or Object to our processing of your personal information; and
  • Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

Please contact us using the information in the "Contact Us" section below if you would like to exercise any of these rights. We will process your request in accordance with applicable laws. You can also delete your account via the Services through “Settings.”

5. How Long We Keep Your Personal Information

We keep the personal information we collect for as long as you use the Services, or as necessary to fulfill the purpose(s) for which we collected it. There are also other reasons why we may keep personal information. They may include, but are not limited to, providing the Services, resolving disputes, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and complying with applicable laws.  

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

6. Supplemental Notices for Nevada Users

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at support@formahealth.io with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in the "Contact Us" section below.

7. Children

The Services is not directed to children under 13 years of age (or other age as required by local law outside of the United States).  Parents and guardians may provide personal information about their children under 13. We do not knowingly collect personal information directly from children. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Services from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

8. Third-Party Websites or Applications

The Services may contain links to other websites or applications and other websites or applications may reference or link to the Services. We do not control these third-party services. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

9. Changes to the Privacy Policy

We may update this Privacy Notice from time to time in our sole discretion. If we do, we will let you know by posting the updated Privacy Notice on the Services, and we may also send other communications. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use the Services after the new Privacy Notice takes effect.

10. Contact Us

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at support@formahealth.io.

Discover how better data leads to better outcomes

Let us configure the data you need in minutes.
Book Demo