Skip to content
Phorm

Legal

Privacy Policy

Effective April 29, 2026

Phorm is a health and fitness application that processes biometric and video data. We take your privacy seriously. This policy explains what we collect, why we collect it, how we use and store it, and the rights you have over it.

1. Overview

This Privacy Policy describes how Phorm Labs, Inc. (“Phorm,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Phorm mobile application (the “App”), the website at phorm.app (the “Site”), and any related services (collectively, the “Services”).

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

2. Information We Collect

Account information

When you create an account, we collect your name, email address, and a securely hashed password (or, if you sign in with Apple, the unique identifier and email relay Apple provides). You may optionally provide your date of birth, biological sex, height, weight, training experience, and goals to personalize the App.

Video and pose data

Phorm's flagship feature analyzes videos of you performing exercises. When you record a set:

  • The raw video is captured and processed entirely on your device using Apple's Vision framework and Phorm's on-device pose-estimation models.
  • We extract derived data — joint coordinates per frame, computed angles (e.g., hip hinge, knee tracking, spine angle), bar-path estimates, phase segmentation, and form scores.
  • Raw video is stored locally in the App's sandbox and is not uploaded to our servers by default. You may optionally choose to back up an individual video to your account; if you do, it is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • We sync only the derived analysis (scores, joint angles, AI summaries) to your account so that your training history is available across devices.

Health and biometric data

With your explicit permission, Phorm reads the following from Apple HealthKit and connected wearable integrations (Apple Watch, Whoop, Oura, Garmin, Fitbit):

  • Sleep duration, stages, and efficiency
  • Heart rate variability (HRV)
  • Resting heart rate (RHR)
  • Active energy, workout history, and steps
  • Body weight and body composition (if you log it)

This data is used to compute your Readiness Snapshot and to auto-regulate your daily training prescription. We never sell or share Health data with advertisers or data brokers, and Health data is treated as a special category subject to the additional safeguards described in Section 5.

Usage and device information

We automatically collect basic technical information when you use the Services: device model, OS version, App version, IP address (only at the request boundary; we do not log it persistently), crash reports, and aggregated, de-identified feature usage. We use this information to keep the App stable and improve performance.

Payments and subscriptions

Subscriptions to Phorm Pro are processed by Apple through the App Store. We do not receive or store your payment card information. We receive only a transaction identifier and the entitlement that lets us unlock Pro features for your account.

3. How We Use Information

  • To provide the core service: to compute form scores, generate AI feedback, calculate Readiness, and prescribe and adjust your training.
  • To operate your account: authenticate you, sync your training history across devices, and manage your subscription.
  • To improve Phorm: we use aggregated, de-identified training and analytics data (never raw video, never identifiable biometrics) to improve our pose models, scoring, and the AI coaching engine.
  • To communicate with you: service announcements, security notices, billing receipts, and (only if you opt in) product updates.
  • To keep the Services secure: to detect abuse, prevent fraud, enforce our Terms, and comply with legal obligations.

4. How We Share Information

Phorm does not sell your personal information. We share information only in the limited circumstances below:

  • Service providers who process information on our behalf under strict confidentiality and data-protection agreements (e.g., cloud hosting, error monitoring, transactional email).
  • Wearable and Health integrations that you explicitly connect, only the scopes you grant and only for the purposes described above.
  • Legal compliance and safety, when required by law, subpoena, or to protect the rights, property, or safety of Phorm, our users, or the public.
  • Business transfers in connection with a merger, acquisition, or sale of assets, in which case we will notify you and your data will continue to be protected by a policy at least as protective as this one.

5. Special Treatment of Health Data

Consistent with Apple's App Store Review Guideline 5.1.1(iii) and the HealthKit Terms:

  • We do not use Health, HealthKit, or Motion & Fitness data for advertising or any other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of health research.
  • We do not disclose Health data to third parties for advertising, marketing, or other use-based data mining purposes.
  • We never write false or inaccurate data to HealthKit and we never store HealthKit data in iCloud.

6. Data Retention

We retain account data for as long as your account is active. Derived analysis (scores, joint angles, summaries) is retained until you delete the corresponding session or close your account. Optionally backed-up videos are retained for 90 days unless you save them to your training journal, in which case they persist until you delete them.

When you close your account, we delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., billing records).

7. Your Rights and Choices

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, to object to or restrict processing, and to withdraw consent at any time. You can exercise most of these rights directly in the App:

  • Access & export: Settings → Privacy → Export my data
  • Delete a session or video: swipe on any session in your training journal
  • Disconnect a wearable: Settings → Integrations
  • Delete your account: Settings → Account → Delete account (this is permanent)

You may also email us at privacy@phorm.app. We respond to verified requests within 30 days.

8. Security

We implement industry-standard administrative, technical, and physical safeguards: TLS 1.3 in transit, AES-256 at rest, encrypted backups, principle-of-least-privilege access controls, regular third-party penetration testing, and immediate revocation of credentials on offboarding. No system is perfectly secure; we encourage you to use a strong, unique password and enable Sign in with Apple where possible.

9. Children

Phorm is not directed to children under 13 (or under 16 in the EEA and UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact privacy@phorm.app and we will delete it.

10. International Transfers

Phorm is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries. Where required, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for cross-border transfers.

11. California Privacy Rights

California residents have rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under California law. To exercise your rights, email privacy@phorm.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If the changes are material, we will notify you in the App or by email at least 14 days before the changes take effect. The “Effective” date at the top reflects the most recent version.

13. Contact

Questions about this Policy or about your information? Reach us at:

Phorm Labs, Inc.
Attn: Privacy
548 Market St, PMB 60416
San Francisco, CA 94104
privacy@phorm.app