Privacy Policy

1. Introduction

Formetrix ("Formetrix", "App", "we", "our") is a cross-platform body composition and fitness tracking application developed by AEV Labs.

We respect your privacy and comply with global data protection laws, including the General Data Protection Regulation (GDPR), Türkiye's Personal Data Protection Law (KVKK), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), and other applicable regulations.

Formetrix is a wellness application and does not provide medical or diagnostic advice. Any information or insights provided are for general fitness and wellness purposes only and should not be considered medical advice.

2. Data We Collect

We only collect data necessary for the functionality of the App.

2.1 Account Information

If you create an account, we may collect:

• Email address
• Hashed password (never stored or visible in plain text)
• Internal user ID
• Authentication tokens and session identifiers

2.2 Body Measurements & Fitness Data

You may optionally enter:

• Height, weight, and body circumferences
• Body composition values and indexes (e.g., BMI, WHR, FFMI)
• Assessment dates and historical measurement records

2.3 Progress Photos

If you use the photo module, the App may process:

• Progress photos you capture or upload
• Basic alignment or metadata required for comparisons

Photos are stored in your private storage space and are not visible to other users unless you explicitly choose to share or export them. Any current or future sharing features are strictly opt-in, and you can change your sharing preferences at any time.

2.4 Device & Technical Information

To improve performance, stability, and security, we may automatically collect:

• Device model and operating system version
• App version and basic configuration
• Country or region (approximate, not precise GPS location)
• Crash logs and error reports
• Anonymized usage analytics (e.g., which screens are used most)

We do not collect:

• Your contacts or address book
• SMS or phone call information
• HealthKit / Google Fit data, unless explicitly added in future integrations

2.5 Optional Analytics

We may use anonymized analytics to understand how features are used and to improve the experience. These analytics are not used to personally identify you.

3. Legal Basis for Processing (GDPR & KVKK)

We process your personal data under the following legal bases:

3.1 Consent

When you create an account, enter measurements, or upload photos, you provide consent for us to process that information to provide the App's features.

3.2 Contractual Necessity

Some processing is required to fulfil our contract with you, such as authenticating you, syncing your data, and ensuring the core features of the App work correctly.

3.3 Legitimate Interest

We may process certain technical and usage information to secure the App, prevent abuse, and improve performance, provided these interests do not override your fundamental rights.

3.4 Compliance with Legal Obligations

We may process or disclose data when necessary to comply with applicable laws or lawful requests from authorities.

4. How We Use Your Data

We use the data we collect to:

• Provide and maintain the App's core functionality
• Calculate body indexes and generate visualizations
• Display your historical progress and trends
• Sync your data securely across supported devices
• Generate AI-assisted wellness insights based on your history
• Respond to support requests and troubleshoot issues
• Improve stability, performance, and usability of the App

We do not sell or rent your personal data to third parties. We also do not use your measurements or photos for advertising purposes or to train external AI models.

5. Data Storage & Security

We use reputable managed cloud infrastructure providers for authentication, database storage, and file storage.

Security measures include:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for stored data
• Row-Level Security (RLS) and access control policies
• Hashed passwords (never stored in plain text)
• Limited access to production systems

While we take reasonable steps to protect your data, no system can be guaranteed to be 100% secure. You are responsible for keeping your account credentials confidential.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

6.1 Right of Access

Request confirmation of whether we process your data and obtain a copy of that data.

6.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your account and associated data, subject to legal retention requirements.

6.4 Right to Data Portability

Request a copy of your data in a structured, commonly used format, where technically feasible.

6.5 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal.

6.6 CCPA/CPRA Rights (California)

California residents may have the right to:

• Know what categories of personal information are collected
• Request deletion of personal information
• Opt-out of "sale" or "sharing" of personal information (we do not sell data)

6.7 KVKK Rights (Türkiye)

Under KVKK, individuals in Türkiye may request information about data processing, demand correction, deletion, or anonymization of personal data, and object to certain forms of processing.

To exercise any of these rights, please contact us at [email protected].

7. Data Sharing

We do not share your personal data with third parties except in the following cases:

• Service Providers: Trusted providers (for example managed cloud hosting, database, crash reporting, or analytics tools) that process data on our behalf under strict confidentiality and data protection agreements.
• Legal Requirements: When required by law or valid legal process, or to protect our rights, users, or the public.
• Future Payment Processors: If premium features are introduced, payment data may be processed by secure third-party payment providers.

8. International Data Transfers

Your data may be processed on servers located in the European Union, the United States, or other jurisdictions, depending on the regions used by our cloud infrastructure providers.

Where required, appropriate safeguards (such as Standard Contractual Clauses) are used to protect your data during international transfers.

9. Children's Privacy

Formetrix is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top indicates when it was last revised.

If we make significant changes, we may notify you within the App or via email, where appropriate.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: [email protected]