Privacy Policy
This policy explains how FormaOS collects, uses, and protects information provided by customers and end users.
FormaOS processes data on behalf of regulated organizations. We collect account details, operational data, and audit evidence required to deliver compliance services. Data is stored in secure infrastructure with access controls and audit logging.
We do not sell customer data. Access is limited to authorized personnel and governed by contractual and regulatory obligations. Customers remain responsible for the data they upload and the policies they configure.
Data is retained for as long as a customer account is active or as required to meet legal and audit obligations. Customers may request data exports or deletion subject to regulatory retention requirements.
FormaOS uses industry-standard security measures, including encryption in transit and role-based access controls, to protect customer information. Subprocessors are assessed to ensure they meet confidentiality and security obligations.
For privacy questions, contact privacy@formaos.com.