Privacy Policy
1. Who is the data controller?
The data controller for Forra is:
Michael Salah Milik Andrawos
Bienengasse 9/22, 8020 Graz
Austria
Email: support@forrafamily.app
You can reach us in English, German, or Arabic.
2. What data we collect and why
We collect only the data Forra needs to function. Every item below is named, justified, and tied to a legal basis under GDPR Article 6(1).
| Data category | Why we collect it | Legal basis (Art. 6(1)) | Retention |
|---|---|---|---|
| Account credentials (email, hashed password) | Authenticate you; restore your sessions | (b) contract performance | Account lifetime + 24h post-deletion |
| Family memberships + display name | Family-scoped data isolation | (b) contract performance | Account lifetime + 24h post-deletion |
| Shopping list items + checked status | Core product feature | (b) contract performance | Account lifetime + 24h post-deletion (items added by other family members survive on the shared list) |
| Expense entries (amount, category, date, note) | Core product feature + AI recap input | (b) contract performance | Account lifetime + 24h post-deletion; invoice-relevant entries retained 7 years per Austrian Tax Code § 132 BAO |
| Income entries | Core product feature | (b) contract performance | Same as expenses |
| Recurring expense + income rules | Auto-post automation | (b) contract performance | Account lifetime + 24h post-deletion |
| Voice recordings (microphone audio) | Speech-to-text transcription | (a) your explicit consent — one-time JIT modal | Not retained — discarded immediately after one transcription request |
| Voice transcripts (text result) | Display + intent extraction | (a) your explicit consent | Account lifetime + 24h post-deletion |
| Voice & AI consent flag | Remember whether you accepted the one-time JIT consent so we don't re-prompt | (a) your explicit consent (state of) | Account lifetime + 24h post-deletion; revokable anytime via Settings → Privacy → Voice & AI |
| AI summary cache | Recap result memoization | (b) contract performance | Same as expenses |
| Crash reports | Bug detection + diagnosis | (f) legitimate interest — opt-out anytime via Settings → Privacy | 90 days at Sentry, then aggregated |
| Push notification tokens | Deliver notifications you opted into | (a) consent (OS-level prompt) | Until you rotate the token or delete your account |
| IP-based approximate-location (city/country) | Password-change email recognition signal | (f) legitimate interest | Not stored after the password-change email is sent |
| Subscription state | Gate AI features behind your paid subscription | (b) contract performance | Subscription lifetime + 30 days for fraud-investigation audit |
| Account-deletion audit log | Fraud investigation + GDPR audit trail | (f) legitimate interest | 30 days from deletion confirmation |
What we do NOT collect: location coordinates, contacts, photos, files outside Forra, advertising identifiers, browsing history, or behavior on other apps. We do not embed third-party analytics or tracking pixels in our mobile app or this website.
3. Sub-processors
Forra uses these third-party services to deliver the product. Each has a signed Data Processing Agreement with Forra under GDPR Art. 28. Transfers to US-based sub-processors rely on the EU Standard Contractual Clauses (Art. 46) and supplementary measures as required by the Schrems II ruling.
| Sub-processor | Country | Role | DPA |
|---|---|---|---|
| Supabase, Inc. | EU (Frankfurt) | Database, authentication, edge functions, file storage | supabase.com/legal/dpa |
| OpenAI, LLC | United States | Voice transcription (Whisper) + intent extraction (GPT-4o-mini) | openai.com/policies/data-processing-addendum |
| Resend, Inc. | United States | Transactional email delivery | resend.com/legal/dpa |
| Functional Software, Inc. (Sentry) | United States | Crash reporting (opt-out anytime) | sentry.io/legal/dpa |
| RevenueCat, Inc. | United States | Subscription billing receipts + webhook delivery | revenuecat.com/dpa |
| ipapi.co | United States | IP-based approximate location for password-change emails | ipapi.co/privacy |
4. Voice input and AI (EU AI Act Art. 50)
When you use Forra's voice input feature:
- Your microphone audio is sent to OpenAI Whisper for speech-to-text transcription.
- The resulting text transcript is sent to OpenAI GPT-4o-mini to extract structured intent (e.g., "add milk to shopping list" → a `shopping_item_added` action).
- The audio recording is not retained by OpenAI or Forra after transcription completes.
- You always confirm or edit the parsed result before Forra writes anything to your data.
- You can revoke consent for voice anytime in Settings → Privacy → Voice & AI.
Voice input is part of Forra's optional paid subscription (€4.99/month or €49.99/year). If you do not subscribe, the voice button does not appear.
5. Account deletion
You can delete your account anytime from Settings → Account → Delete account inside the Forra app. We commit to:
- Confirming your deletion with your password.
- Completing the deletion cascade within 24 hours of your confirmed request.
- Sending you a confirmation email when deletion completes (no clickable recovery link in that email — see /delete-account).
- Retaining only what Austrian law requires us to keep: invoice records (7 years per Tax Code § 132 BAO) and a 30-day account-deletion audit log entry for fraud investigation.
6. Your rights under GDPR
You have these rights regarding your personal data:
- Access (Art. 15): request a copy of all data we hold about you.
- Rectification (Art. 16): correct any inaccurate data.
- Erasure (Art. 17): delete your account and all associated data (see § 5).
- Portability (Art. 20): receive your data in a machine-readable format.
- Objection (Art. 21): object to processing based on legitimate interest (e.g., turn off crash reports).
- Withdrawal of consent (Art. 7(3)): revoke your consent at any time. Withdrawal does not affect processing that was lawful before withdrawal.
To exercise any of these rights, email support@forrafamily.app. We will respond within 30 days per Art. 12(3).
7. Right to complain
If you believe Forra is mishandling your data, you can lodge a complaint with the Austrian data protection authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Austria
www.dsb.gv.at
8. Breach notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, Forra commits to notifying:
- The Austrian Datenschutzbehörde within 72 hours of becoming aware (GDPR Art. 33).
- You directly, without undue delay, if the breach is likely to result in a high risk to your rights and freedoms (Art. 34).
9. Automated decision-making
Forra does not make any solely-automated decisions about you that produce legal or similarly significant effects. The AI recap is informational only and does not change any state without your action; voice input always returns a transcript for your manual confirmation before writing to your data.
10. Changes to this policy
When we materially update this policy, we will notify you in-app and via email at least 30 days before the changes take effect, per Art. 13(3). The current version + "Last Updated" date appears at the top of this page.