FormUp LLC ("FormUp," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the FormUp mobile application and web dashboard (collectively, the "Service").
1. Information We Collect
1.1 Information You Provide
| Data Type | Examples | Purpose |
|---|
| Account Information | Name, email address, password | Account creation and authentication |
| Company Information | Company name, address, phone, email, logo | Company profile and invoice generation |
| Employee Information | Names, job titles, crew assignments, pay rates | Team management and payroll |
| Project Data | Project names, descriptions, addresses, budgets, schedules | Project management features |
| Client Information | Client names, addresses, phone numbers, emails | Invoicing and client portal access |
| Financial Information | Invoice amounts, payment records, pay rates | Invoicing and payroll features |
| Photos | Project photos, daily reports, profile pictures | Documentation and reporting |
1.2 Information Collected Automatically
| Data Type | When Collected | Purpose |
|---|
| Location Data (GPS) | Only at clock-in and clock-out | Job site attendance verification |
| Device Information | At app launch | App compatibility, crash reporting |
| Push Notification Tokens | When notifications enabled | Delivering alerts and reminders |
1.3 Information from Third Parties
- Google Sign-In: Name, email, profile photo (if you sign in with Google)
- Apple Sign-In: Name, email (if you sign in with Apple; email may be a relay address)
- Stripe: Connected account ID, business name (when connecting Stripe for payments)
- Square / QuickBooks: Account identifiers and business names (when connecting these services)
2. Financial & Banking Data
FormUp takes special care with financial information:
2.1 Payment Processing (Invoices)
- Credit card payments are processed entirely by Stripe. FormUp never receives, processes, or stores credit card numbers.
- Payment links are generated on the contractor's own Stripe account. Funds flow directly between the payer and the contractor.
- FormUp does not act as a payment processor, money transmitter, or financial institution.
2.2 Direct Deposit (Payroll)
- Employee bank account details (routing number and account number) are transmitted directly to Stripe via encrypted HTTPS connection and tokenized by Stripe.
- FormUp does NOT store full bank account numbers. We store only:
- A Stripe-generated reference token (not usable outside Stripe's system)
- The bank name and last four digits of the account number (for display purposes only)
- Direct deposit transfers are initiated from the employer's own Stripe account. FormUp does not hold, pool, or control any payroll funds.
- Stripe is PCI Level 1 certified and SOC 2 compliant. For more information, visit stripe.com/privacy.
2.3 Pay Rate Information
- Employee hourly pay rates entered by employers are stored in our database for payroll calculation purposes.
- Pay rate information is only visible to company owners and admins. Employees cannot see other employees' pay rates.
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service and its features
- Process transactions, invoices, and payroll at your direction
- Send notifications about your account, projects, and schedule
- Provide customer support
- Enforce our Terms of Service
- Comply with legal obligations
We do NOT:
- Sell your personal information to third parties
- Use your data for advertising or marketing by third parties
- Share your financial information with anyone other than the payment processors you connect
- Access, use, or analyze the content of your photos, reports, or project data for any purpose other than providing the Service
4. How We Share Your Information
We share information only in the following circumstances:
| Recipient | Data Shared | Purpose |
|---|
| Supabase (database provider) | All app data | Data storage and authentication |
| Stripe | Payment and bank account data | Payment processing and direct deposit |
| Square / QuickBooks | Invoice and client data (if connected) | Payment sync and accounting |
| Apple / Google | Authentication tokens | Sign-in services |
| RevenueCat | Subscription status | Subscription management |
| Expo (build service) | Push notification tokens | Push notification delivery |
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of FormUp, our users, or the public.
5. Location Data
FormUp collects GPS location data only at the specific moments when an employee clocks in or clocks out. This is done to verify attendance at designated job sites.
- We do not continuously track location.
- We do not track location when the app is in the background or closed.
- Location data is stored as part of time entries and is accessible to company owners and admins.
- You can deny location permissions, but clock-in/out may require location access.
6. Data Retention
- Active accounts: Data is retained as long as your account is active.
- Deleted accounts: Upon account deletion, we delete your personal data within 30 days. Certain data may be retained longer if required by law or for legitimate business purposes (e.g., payment records for tax compliance).
- Company data: If a company owner deletes their account, all associated company data (projects, employees, invoices) is deleted, subject to any legal retention requirements.
- Bank account data: Stripe tokens associated with deleted accounts are deactivated. Display data (last 4 digits) is deleted with the account.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data transmitted between the App and our servers uses TLS/SSL encryption.
- Database access is protected by Row Level Security (RLS) policies ensuring users can only access their own company's data.
- Sensitive operations (payment processing, bank account tokenization) are handled through secure server-side Edge Functions — API keys and secrets are never exposed to the mobile app.
- Financial data is processed through Stripe's PCI Level 1 certified infrastructure.
- Authentication supports email/password, Google Sign-In, and Apple Sign-In with industry-standard security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data.
- Portability: Request your data in a machine-readable format.
- Objection: Object to certain processing of your personal data.
To exercise any of these rights, contact us at support@useformup.com.
9. Children's Privacy
FormUp is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
10. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, and shared.
- Right to delete personal information.
- Right to opt-out of the sale of personal information. We do not sell personal information.
- Right to non-discrimination for exercising your privacy rights.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App. The "Last Updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the App constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: support@useformup.com
Website: useformup.com