Form - Privacy Policy

Last Updated: May 2026

Form is built around a simple privacy promise: your health data never leaves your iPhone.

This policy describes what data the app reads, what it does with that data, and what — explicitly — it does not do.

What data does Form access?

Form reads health and workout data from Apple HealthKit on your iPhone. Specifically:

  • Workouts — type, duration, and the heart rate samples recorded during each session
  • Heart rate metrics — resting heart rate, heart rate variability (SDNN), walking heart rate average, heart rate recovery (1-minute)
  • Cardio fitness — VO₂ max as estimated by Apple
  • Sleep — sleep analysis, including stages on watches that support them
  • Activity — steps and active energy burned
  • Body composition — body mass, only if you sync a connected scale to Apple Health
  • Profile characteristics — date of birth and biological sex, used solely to compute heart rate zone boundaries and to label fitness norms (e.g., "above average for age 40–49 M")

You grant access through the standard iOS HealthKit permission prompt the first time you open the app. You can revoke any individual permission at any time from Settings → Health → Data Access & Devices → Form. The app degrades gracefully when permissions are partial — tiles that depend on missing data are clearly marked.

Form does not access:

  • Your contacts, calendar, photos, location, microphone, or camera
  • Any health data Apple does not surface through HealthKit (medical records, prescriptions, lab results, etc.)
  • Any other apps installed on your iPhone

Form is read-only. It never writes data back to HealthKit.

Where does the data go?

Nowhere. Form processes all data on-device.

  • We do not operate any servers.
  • There is no account to create.
  • There is no cloud sync.
  • The app makes no network requests in normal operation.
  • We do not transmit your health data to Apple, to us, or to any third party.

Do you use analytics or tracking?

No. Form contains no analytics SDKs, no tracking pixels, no advertising identifiers, no third-party services of any kind. We have no way of knowing who is using the app, how often, or what you do inside it. We cannot count installs except through Apple's standard App Store Connect reports, which are aggregated and anonymized by Apple.

Do you share or sell data?

No. We have nothing to share or sell. Even if we wanted to, we would have to ask you for the data first — we do not have it.

What about derived data like baselines, recent recommendations, computed metrics?

Form computes baselines and rolling averages from your HealthKit data; for example, your 60-day average HRV, your 30-day Zone 2 minutes, your last 4 sessions' heart rate recovery. These computed values are stored locally on your iPhone in the app's sandboxed storage. They never leave the device. If you uninstall Form, this storage is deleted by iOS along with the app.

Your original HealthKit data is unaffected by anything Form does. It remains in your Health app, controlled by Apple, governed by Apple's HealthKit privacy policy.

Children's privacy

Form is not designed for users under 13 and is not directed at children. We do not knowingly collect or process any data from users under 13. If you believe a user under 13 is using the app, please contact us — though there is no account system, so the most effective action is to uninstall the app from that device.

Changes to this policy

If we ever introduce features that change how data is handled, we will update this policy and the version number above before shipping the release that introduces the change. Material changes will be highlighted in the app's release notes on the App Store.

We do not maintain a mailing list. If you want to be notified of material privacy changes, please bookmark this page and check the version number at the top.

Your rights

Because Form does not collect or store data outside your device, the rights typically described in privacy policies (data access, deletion, portability) are exercised directly through your iPhone:

  • To see what Form has access to, open Settings → Health → Data Access & Devices → Form.
  • To delete data Form has computed, uninstall the app.
  • To restrict access, revoke specific HealthKit permissions in Settings.

You do not need to email us to exercise these rights. iOS gives you direct control.

Contact

Questions about this policy?

Email: Desai[at]vandan[dot]co

We aim to respond within five business days. There is no support phone line.

This policy is intended to be readable, not lawyerly. Plain language prevails over legalese.