Privacy Policy
Last updated: 13 June 2026
This Privacy Policy explains how Formation (“Formation”, “we”, “us”), operated by Rahul Krishna K A, an individual based in Kochi, India, collects, uses, shares, and protects your personal data when you use the Formation mobile app and related services (the “Service”). Formation is intended only for people aged 18 or over. By using the Service you agree to this Policy.
1. Information we collect
- Account & identity: your name, email address, and sign-in identifiers, provided through Google or Apple sign-in (handled by Clerk).
- Profile & trip data: your display name, vehicle model, the trips you create or join, and any route or waypoints you set.
- Location data: your precise GPS location, including in the background, collected only while you are an active participant in a trip and sharing your position. We do not access your location at any other time.
- Purchases: your subscription and pass entitlement status (via RevenueCat and the App Store / Google Play). We never receive your full card details; payment is processed by Apple or Google.
- Device & notifications: a push notification token (via Expo) so we can send trip alerts.
- Usage data: in-app activity and diagnostics used to understand and improve the product (via PostHog).
2. How we use your information
- To run the Service: show your position to your trip group, compute ETAs and route information, and deliver alerts.
- To manage your account, subscription, and purchases.
- To send trip-related notifications you have enabled.
- To keep the Service secure and to investigate misuse.
- To understand usage and improve the product.
We process this data on the legal bases of performance of our contract with you (providing the trip-coordination service, including location sharing you opt into), your consent (location, notifications, optional analytics), and our legitimate interests (security and product improvement). We do not use your data for advertising and do not sell your data.
3. How your location is shared with other users
During an active trip, your live location and display name are visible to the other members of that trip group on their map. This sharing:
- happens only with members of the same trip, and only while the trip is active and you are broadcasting your position;
- is not public and is not shared with anyone outside your trip;
- stops when you leave the trip, the trip ends, switch to “ETA only”, or are removed by the trip leader.
Other members may see your recorded positions for that trip while it is active. We cannot control what other members do with what they observe on the map, so only join trips with people you trust.
4. Service providers we share data with
We share data with the following providers, who process it on our behalf to deliver the Service. Each is bound to protect your data:
| Provider | Purpose | Data | Policy |
|---|---|---|---|
| Clerk | Account sign-in (Google / Apple) | Name, email, account identifiers | View |
| RevenueCat | Subscription & purchase management | Purchase history, account identifier | View |
| Apple / Google | In-app payments (App Store / Play) | Payment processing (we never receive card details) | View |
| Expo | Push notifications | Device push token | View |
| PostHog | Product analytics | App usage events, account identifier | View |
| Mapbox | Maps, geocoding & directions | Location coordinates for map/route requests | View |
| Cloudflare | Application hosting & processing | Traffic metadata, all in-transit data | View |
| Neon | Database hosting | All stored account & trip data | View |
5. Data retention
We keep your account data for as long as your account is active. Trip and location-history data is retained for 12 months after a trip completes, then deleted or anonymized. Analytics data is retained per our analytics provider’s configuration. When the purpose for which data was collected is served, or you withdraw consent or delete your account, we delete or anonymize it, unless we are legally required to retain it (for example, transaction records for tax purposes).
6. Your rights & choices
You can, at any time:
- Access the personal data we hold about you and information about how it is processed.
- Correct, complete, or update your data.
- Erase your data and delete your account (see Section 7).
- Withdraw consent: turn off location or notification permissions in your device settings, or stop sharing within the app. Withdrawing consent is as easy as giving it.
- Nominate another person to exercise your rights in the event of death or incapacity (under India’s DPDP Act).
- Grievance redressal: raise a concern with our Grievance Officer (Section 11).
For users in the EEA/UK, you also have the rights to data portability, to restrict or object to processing, and to lodge a complaint with your supervisory authority. To exercise any right, use the in-app controls or email privacy@getformation.in.
7. Account deletion
You can permanently delete your account from within the app (Profile → Delete account). Deletion removes your sign-in identity and your personal data: your profile, trip memberships, push token, and preferences. Some records may be retained where required by law, and data already shown to other members during a past trip may persist in that trip’s history. Any trips you lead are ended when you delete your account.
8. Children’s privacy
Formation is not intended for anyone under 18, and we do not knowingly collect personal data from minors. If we learn that we have collected data from someone under 18, we will delete it.
9. Security
We use reasonable safeguards to protect your data, including encryption in transit (TLS), access controls, and sign-in through trusted OAuth providers (we do not store passwords). No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. International data transfers
Our infrastructure providers (including Cloudflare and Neon) may process and store data outside India. Such transfers are permitted under India’s DPDP Act subject to government restrictions. For EEA/UK users, transfers outside the EEA rely on appropriate safeguards such as Standard Contractual Clauses.
11. Grievance Officer & contact
For any questions, requests, or complaints about your data, contact our Grievance Officer:
- Rahul Krishna K A
- Email: grievance@getformation.in
- Kochi, India
If your concern is not resolved, you may escalate to the Data Protection Board of India. General privacy questions: privacy@getformation.in.
12. Changes to this policy
We may update this Policy from time to time. We will post the new version here with a revised “Last updated” date and, for material changes, notify you in the app or by email.