Skip to main content
HomeHow it worksRobinFAQLog inRegister interest

Privacy Policy

Privacy Policy for formidably.life.

Last updated: 15 May 2026 Effective date: 15 May 2026

1. Who We Are

Formidably Life is a trading name of Formidably Ltd, a company registered in England and Wales under company number 15228227. Our registered address is Unit A Crescent Trade Park, Redditch B98 9DZ. We are the data controller for personal data processed through Formidably Life.

Contact us at: contact form (or by writing to: Formidably Ltd, Unit A Crescent Trade Park, Redditch B98 9DZ).

2. Scope of This Policy

This policy covers personal data collected and processed through the formidably.life web application, its associated APIs, and the Formidably Mobile companion app when it transmits data to formidably.life. It does not cover other Formidably websites, which have their own policies.

3. The Data We Collect and Why

3.1 Account and Household Data

When you register, we collect your name, email address, and a password (stored as a hashed credential via Supabase Auth). You may also provide a profile photo. We use this data to create and maintain your account, authenticate your sessions, and identify you within your household.

3.2 Household Member Profiles

As the household administrator, you can create profiles for other household members (including children). For each member you provide a display name and optionally an email address or date of birth. You are responsible for obtaining appropriate consent from any adult members whose profiles you create, and for the lawful creation of child profiles (see Section 9).

3.3 Google Calendar Data

Formidably Life integrates with Google Calendar. When you connect a Google account, we request two OAuth scopes:

https://www.googleapis.com/auth/calendar.events: to read your calendar events so we can display them within your household view and calculate availability, and to create, update, and delete events on your behalf when you use the write features of the integration.
https://www.googleapis.com/auth/calendar.calendarlist.readonly: to see the list of calendars in your Google account so you can choose which calendar each type of event is written to.
We deliberately request only these event and calendar-list scopes. We do not request access that would let us delete or reshare your calendars.

We store a refresh token in an encrypted secret store (Supabase Vault) so we can maintain the connection between sessions. We do not store the full content of your calendar events on our servers beyond what is necessary to display them. You can disconnect a Google account at any time from Settings; doing so deletes your refresh token immediately.

For each connected calendar you choose which visibility level applies within your household: full details, title only, or busy only. We honour these settings when sharing calendar data with other household members.

Your Google Calendar data is used exclusively within your household for scheduling and availability purposes. We do not use it to train machine learning models, sell it to third parties, or share it outside your household. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.4 Microsoft Calendar Data

The same principles apply to Microsoft Calendar connections. We use OAuth 2.0 to request read and write access, store the refresh token in Supabase Vault, and honour your per-calendar visibility settings. Disconnect at any time to delete the token.

3.5 iCal Feed Data

If you add an iCal feed URL, we fetch the feed on your behalf, parse the event data, and display it within your household view. We store the feed URL but do not store the full content of iCal events beyond the current display window.

3.6 Location Data

formidably.life supports household location sharing. Location data is only visible to members of the same household. We collect location in three modes:

  • Background mode: your device periodically reports location when the Formidably Mobile app is running in the background.
  • Live meetup mode: your device reports location more frequently during an active meetup session you have initiated.
  • Manual mode: you share a specific location you have chosen.

Location accuracy varies by mode. We store latitude, longitude, and accuracy. Location data has a configurable expiry; when it expires it is no longer displayed but remains in our database for audit purposes for 30 days before deletion. Your household administrator can restrict which members have location sharing enabled.

We do not share location data with any third party and we do not use it for any purpose other than household location visibility.

3.7 Usage Data

We collect basic technical data to operate the service: IP addresses (retained for 30 days), browser/device type, and log data relating to errors and API calls. This data is used for security, debugging, and service improvement only.

3.8 Analytics Cookies

We use Google Tag Manager (GTM) to manage tracking tags on our websites. GTM itself is only loaded after you consent to analytics or marketing cookies. We have implemented Google Consent Mode v2, which defaults all consent signals to denied. The signals analytics_storage, ad_storage, ad_user_data, and ad_personalization are only set to granted after you give the relevant consent.

With your consent to analytics cookies, we load Google Analytics 4 (GA4). GA4 collects information about your visit such as pages viewed, time on site, referring website, and general location (country/city level, not precise). This data is aggregated and used only to improve our websites and content. GA4 is operated by Google LLC; data may be transferred to the United States under the EU-US Data Privacy Framework.

Legal basis: consent (UK GDPR Article 6(1)(a)). If you decline analytics cookies, GA4 does not run. If you decline both analytics and marketing cookies, GTM does not load for your session. You can change your choice at any time via the cookie settings link in our footer. You can also opt out globally via the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout).

3.9 Marketing and Retargeting Cookies

With your consent to marketing cookies, we load advertising pixels to support retargeting campaigns. We use:

  • Meta Pixel (Facebook/Instagram): measures the effectiveness of our advertising on Meta platforms by tracking actions taken on our website after clicking a Meta ad. Operated by Meta Platforms, Inc. Data may be transferred to the United States under Standard Contractual Clauses.
  • Pinterest Tag: measures conversions and enables retargeting on Pinterest. Operated by Pinterest, Inc. Data may be transferred to the United States under Standard Contractual Clauses.

Neither the Meta Pixel nor the Pinterest Tag fires unless you have consented to marketing cookies. We do not use these pixels to build profiles about you outside the context of our own advertising campaigns. You can opt out of Meta's data use for advertising at facebook.com/settings, and Pinterest's at pinterest.com/settings/privacy.

Legal basis: consent (UK GDPR Article 6(1)(a)). You can withdraw consent at any time via the cookie settings link in our footer.

3.10 Email List and Newsletter

Across our websites, we offer the opportunity to join our email list. When you sign up you provide your name (optional) and email address, and tick a consent checkbox confirming you agree to receive Formidably updates by email. We also use gated downloads: if you request a free resource, you provide your name and email address, and optionally consent to receive further emails from us.

We collect and store: name (where provided), email address, the date and source of your signup, and your consent record. Your consent record is retained permanently so we can demonstrate lawful processing.

Legal basis: consent (UK GDPR Article 6(1)(a)). You can unsubscribe at any time via the link in any email we send, or by contacting contact form. Unsubscribing does not delete your account or affect your access to products you have purchased.

We use Resend to send emails. Resend processes your email address on our behalf under a data processing agreement.

3.11 Payment Data

Subscription payments are handled by Stripe. We do not store card numbers or bank details. We store your Stripe customer ID, subscription status, and billing history. See Stripe's privacy policy at stripe.com/privacy.

4. Legal Bases for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: account data, calendar integrations, location sharing, and household member data are necessary to provide the service you have subscribed to.
  • Legitimate interests: usage logs and technical data, to operate and improve the service securely.
  • Legal obligation: where required by UK law, including financial record-keeping.
  • Consent: analytics cookies, marketing/retargeting cookies, email marketing, and child accounts under 13 where parental consent is required (see Section 9).

5. How We Share Your Data

We do not sell your personal data. We share data only with the following processors under data processing agreements:

ProcessorPurposeLocation
SupabaseDatabase, authentication, secret storageEU (AWS eu-west-1)
StripePayment processingUS (SCCs in place)
ResendTransactional emailUS (SCCs in place)
CloudflareCDN, DDoS protection, DNSGlobal (adequacy/SCCs)
Google LLCCalendar API when you connect Google Calendar; Google Tag Manager and Google Analytics on public website pages, with analytics cookies only after consentUS (SCCs/Data Privacy Framework where applicable)
Meta Platforms, Inc.Meta Pixel advertising measurement and retargeting on public website pages, with marketing cookies only after consentUS (SCCs in place)
Pinterest, Inc.Pinterest Tag advertising measurement and retargeting on public website pages, with marketing cookies only after consentUS (SCCs in place)
Microsoft CorporationCalendar API (when you connect Microsoft Calendar)US (SCCs in place)

We may also disclose data where required by law, court order, or to protect the safety of our users.

6. Data Retention

We retain data for as long as your account is active, plus the following periods after account deletion:

  • Account and household data: deleted within 30 days of account closure.
  • Calendar tokens (Supabase Vault): deleted immediately on disconnect or account closure.
  • Location data: expired entries deleted after 30 days; all location data deleted within 30 days of account closure.
  • Payment records: retained for 7 years to comply with UK financial regulations.
  • Security logs: retained for 90 days.
  • Anonymised aggregate usage statistics: retained indefinitely.

7. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data (subject to legal retention requirements).
  • Restrict or object to processing.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at contact form. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

8. Security

We use industry-standard measures to protect your data: TLS encryption in transit, encrypted storage for OAuth credentials (Supabase Vault), bcrypt password hashing, and role-based access controls. Our infrastructure is hosted on Supabase (AWS eu-west-1). We conduct periodic security reviews.

No system is completely secure. If we become aware of a breach affecting your data, we will notify you and the ICO as required by UK GDPR.

9. Children's Data

formidably.life allows household administrators to create profiles for child members. We comply with the UK Children's Code (Age Appropriate Design Code).

Where a child is under 13, the household administrator (who must be an adult) is responsible for providing appropriate parental consent before creating the child's profile. We do not use children's data for marketing, profiling, or any purpose beyond providing the household service.

Child profiles have access only to the household features appropriate to their role. Location sharing for child members is controlled by the household administrator.

If you believe a child's data has been collected without appropriate consent, contact us at contact form and we will delete it promptly.

10. Cookies

We use strictly necessary cookies to maintain secure sessions, operate the site, and remember your cookie choices. On public website pages, analytics cookies are used only with analytics consent and marketing cookies only with marketing consent.

Our marketing cookies support Meta Pixel and Pinterest Tag for advertising measurement and retargeting. Neither tag fires unless you have consented to marketing cookies. Household app features do not use advertising cookies.

You can accept all, reject all, or manage choices through the cookie banner, and you can change your choice later using Cookie settings in the footer. See our Cookie Policy for the full cookie table.

11. International Transfers

Some of our processors are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place: either an adequacy decision, Standard Contractual Clauses (SCCs), or Binding Corporate Rules. Details are available on request at contact form.

12. Changes to This Policy

We may update this policy from time to time. We will notify you by email or in-app notification of any material changes at least 14 days before they take effect. The date at the top of this page shows when it was last updated.

13. Contact

Formidably Ltd

Contact: contact form

Website: formidably.life

ICO registration: ZB685467

Formidably Ltd is registered in England and Wales. Governing law: England and Wales.