Back to home

Legal

Privacy Policy

Last updated May 12, 2026

Template notice. This policy is a reasonable starting point and should be reviewed by qualified counsel before broad public launch. Bracketed tokens ([like this]) indicate values that must be filled in.

1. Introduction

FORM LLC (“Take Form,” “we,” “us”) respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It applies to the Take Form website, courses, training tools, and related services (the “Service”).

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information we collect

Information you give us

  • Account information: name, email address, and password (stored as a one-way hash). If you sign in with Google, we receive your name and email from Google.
  • Payment information: billing details are collected and processed by our payment provider, Stripe. We do not store full card numbers; we receive a customer identifier and the metadata Stripe returns (last four digits, brand, country, subscription status).
  • Community content: posts, replies, and reactions you publish in community features.
  • Support correspondence: messages you send us via email.

Information we collect automatically

  • Usage data: sessions completed, courses viewed, streak activity, and similar product-engagement signals used to power features like your dashboard and progress tracking.
  • Device data: IP address, browser type, operating system, and timezone (used to roll over your daily streak in your local time).
  • Authentication cookies: session cookies set by NextAuth so you stay signed in.

3. How we use your information

  • To provide, maintain, and improve the Service;
  • To process payments, manage subscriptions, and send billing-related notices;
  • To compute and display your progress, streak, and community activity;
  • To send transactional email (account verification, password reset, trial reminders, reply digests);
  • To investigate abuse, enforce our Terms of Service, and protect the Service and its users;
  • To comply with legal obligations.

We do not sell your personal information, and we do not use it for behavioral advertising.

4. Who we share information with

We share personal information only with the following categories of recipients, and only as needed to operate the Service:

  • Stripe — payment processing and subscription management.
  • Resend — transactional email delivery.
  • Turso — managed database hosting for application data.
  • Vercel — application hosting and serverless infrastructure.
  • Google — optional sign-in via Google OAuth (only if you choose to use it).
  • Authorities — when required by valid legal process or to protect the rights, property, or safety of Take Form, our users, or others.

If Take Form is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users in advance.

5. International data transfers

Our service providers (including Stripe, Vercel, and Turso) may process and store data in the United States and other countries outside Canada. Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) to protect your information when it is transferred internationally.

6. Data retention

We keep your account and activity data for as long as your account is active and for a reasonable period afterward to support reactivation, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion at any time (see Section 7).

7. Your rights and choices

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you;
  • Correct information that is inaccurate or incomplete;
  • Request deletion of your account and personal information;
  • Withdraw consent where we rely on it;
  • Object to or restrict certain processing;
  • Receive a copy of your information in a portable format.

To exercise any of these rights, email [contact email]. We will respond within a reasonable period and in line with applicable law (including Canada's PIPEDA and, where it applies, the EU GDPR and UK GDPR).

You may also lodge a complaint with the Office of the Privacy Commissioner of Canada or another supervisory authority in your jurisdiction.

8. Cookies

We use a small set of cookies that are strictly necessary to operate the Service, including session cookies set by NextAuth to keep you signed in and CSRF tokens used to protect form submissions. We do not use third-party advertising cookies. If we add analytics in the future, this policy will be updated and, where required, we will ask for your consent first.

9. Children

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact [contact email] and we will delete it.

10. Security

We use industry-standard safeguards to protect your information, including encryption in transit, hashed passwords, and access controls on our infrastructure. No system is perfectly secure, however, and we cannot guarantee absolute security. If you suspect your account has been compromised, contact [contact email] immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, give you reasonable notice (for example, by email or an in-app notice). Continued use of the Service after the changes take effect constitutes acceptance.

12. Contact

Questions about this policy, or requests to exercise your privacy rights, can be sent to [contact email].