Privacy Policy

FormaOS is designed for regulated industries where confidentiality, accountability, and data integrity are essential. We are committed to protecting your personal and organizational information.

data controller: FormaOS Pty Ltd is the data controller responsible for personal information processed through the FormaOS platform. For privacy enquiries, contact privacy@formaos.com.au.

a) Information You Provide

• Name, email, phone number
• Organization and role
• Account credentials
• Communications and support requests

b) Usage Data

• Login timestamps
• Activity logs
• Feature usage patterns
• IP address and device metadata

c) Customer Data

Data uploaded into the platform, including:

• Compliance records
• Evidence files
• Task logs
• Organizational structures

We use information to:

• Provide and operate the platform
• Authenticate users and secure accounts
• Generate audit logs and compliance records
• Respond to inquiries and provide support
• Improve system performance and features

We do not sell or monetize your data.

Under the GDPR and equivalent regimes, the legal basis (also referred to as lawful basis) for processing your personal data is one of the following:

• Contractual necessity , providing the service you signed up for
• Legal obligations , regulatory record-keeping and audit trails
• Legitimate interest , securing the platform, preventing abuse, and improving the product without undue impact on your privacy
• Explicit consent, where required (e.g. analytics cookies, marketing communications)

We implement enterprise-grade protections including:

Access to data is restricted to authorized personnel only.

We may share information only with:

• Trusted infrastructure providers (hosting, security, analytics)
• Legal authorities where required by law

We never share data for advertising or resale.

We retain personal data only as long as:

• Necessary to provide the Services
• Required for legal or compliance obligations
• Permitted by contractual agreements

Customer data may be deleted upon account termination in accordance with retention policies.

You have the right to:

• Access your data
• Request corrections
• Request deletion (where legally permissible)
• Withdraw consent

To exercise your rights, contact:

If data is transferred outside Australia, we ensure:

• Contractual safeguards
• Compliance with applicable data protection regulations

We use minimal cookies for:

• Authentication
• Session management
• Performance monitoring

We may update this Privacy Policy to reflect regulatory, technical, or operational changes.

Material changes will be communicated on our website.

For privacy concerns: