What does Formatly actually do?

Formatly formats your document — margins, spacing, fonts, headings, page layout, and structure — all matched to your chosen style (APA, MLA, Chicago, etc.). We don't edit your writing, check grammar, or validate citations. You write it; we make it look right.

Which citation styles are supported?

Formatly supports APA 7th edition, MLA 9th edition, Chicago Manual of Style, Harvard, and Turabian. We continuously evaluate new styles based on user requests.

How long does formatting take?

Most documents are formatted in about 30 seconds. The time depends on document size and length, but our engine is optimised for speed without sacrificing accuracy.

Yes. Your documents are processed in real-time and only you can access them. We never see, store, or share your content — your work stays yours.

Privacy Policy - Formatly

1. Introduction & Scope

Formatly Inc. ("we," "our," or "us") is deeply committed to safeguarding your privacy and ensuring the security of the data you entrust to us. This Comprehensive Privacy Policy details exactly how we collect, use, process, share, and protect your personal data and proprietary documents when you access our website, application programming interfaces (APIs), and AI-driven formatting platform (collectively, the "Services").

By registering an account or utilizing our Services in any capacity, you acknowledge that you have read, understood, and unreservedly agree to the terms prescribed in this Privacy Policy.

2. Exhaustive List of Information We Collect

To provide, maintain, and secure our Services, we collect specific categories of data, classified below:

2.1 Information You Provide Directly to Us

Account Credentials: Full name, email address, strictly encrypted passwords, and profile avatars.
OAuth Data: If you authenticate via Google or another third-party Single Sign-On (SSO) provider, we collect your basic profile information (name, email) as permitted by those providers and your privacy settings with them.
Financial Data: For paid subscriptions, we collect billing addresses and payment histories. Note: We do NOT store full credit card numbers or CVV codes within our internal databases. All financial transactions are tokenized and processed securely by our PCI-DSS compliant payment gateways (e.g., PayPal, Stripe, Paddle).
Direct Communications: Any inquiries to our support desk, feedback forms, feature requests, or legal correspondence.

2.2 Automatically Collected Telemetry & Usage Data

Device & Network Metrics: IP addresses, browser agents, operating system versions, and unique device identifiers (e.g., UUIDs).
Application Telemetry: Features accessed, exact timestamps of API calls, document parse durations, error logs, and stack traces resulting from application crashes.
Cookies & Local Storage: Cryptographic session tokens, JWTs, and tracking beacons necessary for user authentication and preserving application state across sessions.

2.3 User-Provided Content (The "Document Payload")

When utilizing our formatting engines, you upload raw text files, PDFs, or word processing documents. This payload includes your raw intellectual property, bibliographic metadata, and any embedded data within the file structure.

3. Our Strict Policy on AI Training & Document Processing

We recognize that academic and professional documents are highly sensitive. This section explicitly defines our handling of your Document Payload.

Ephemerality & Processing: Document Payloads are transferred over TLS 1.3 encryption directly into our secure, isolated processing pipelines. They reside in volatile memory briefly during active parsing and formatting before being outputted back to you. They are then securely stored within segregated cloud buckets utilizing strict Row-Level Security (RLS) policies.
Zero Foundation Model Training: Under absolutely no circumstances do we harvest, mine, scrape, or otherwise utilize your Document Payload to train, fine-tune, or calibrate our foundational Large Language Models (LLMs) or heuristics algorithms.
Isolation Guarantee: Your Document Payload is exclusively tied to your authenticated user identity. Our architectural design prohibits cross-tenant data spillage. No other user on the Formatly platform can query, access, or derive insight from your stored documents.

4. How We Utilize Non-Document Information

Excluding the Document Payload, we utilize Account, Financial, and Telemetry data strictly for:

Fulfilling the core contractual obligations of our Services.
Processing invoices, handling disputes, and preventing systemic payment fraud.
Detecting and mitigating catastrophic security threats, DDoS attacks, blocklisting malicious IP ranges, and auditing system integrity.
Aggregating anonymized cohort analytics to dictate future feature roadmaps (e.g., determining the percentage of users requiring Chicago Style versus APA).
Compliance with explicit legal subpoenas issued by courts of competent jurisdiction.

5. Third-Party Subprocessors

We lack vertical integration on all hardware stacks. Therefore, we utilize trusted third-party enterprise vendors ("Subprocessors"). We only share the minimal amount of data required for them to perform their specific function. Current subprocessors include:

Supabase Inc.

Authentication & Database

Vercel Inc.

Edge Infrastructure & CDN

PayPal / Stripe

Payment Infrastructure

Resend / SendGrid

Transactional Email

We execute binding Data Processing Agreements (DPAs) with all subprocessors ensuring their data security standards align with or exceed our own.

6. Data Security Architectures

We implement defense-in-depth strategies:

Encryption in Transit: 100% of data traveling to and from our domains is protected by mandatory HTTPS (TLS 1.2+ minimum, TLS 1.3 default).
Encryption at Rest: Database volumes and cloud storage buckets are encrypted utilizing AES-256 standard encryption before physical write to disk.
Access Control: Administrative access to production databases requires multi-factor authentication (MFA) and is strictly limited on a principle-of-least-privilege basis to essential DevOps personnel only.

7. International Data Transfers

Formatly operates primarily out of servers located in the United States and the European Union. By using the Services, you consent to the transfer of your data to these regions. For users originating in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) to ensure adequacy mechanisms are met during transatlantic data flows.

8. Your Absolute Data Rights

Subject to verified identity and local law, you hold actionable rights concerning your data:

Access & Portability: Request a machine-readable export of all metadata associated with your account.
Rectification: Correct erroneous profiling data via your dashboard.
Erasure ("Right to be Forgotten"): Purge your profile, billing history, and stored Document Payloads entirely.

To trigger any of these formal actions, email your request directly to formatlyapp@gmail.com with the subject line "Formal Data Request." We process authenticated requests within 30 calendar days.

9. Explicit No Sale Statement

Formatly Inc. does not sell your personal data or document payloads to third parties for monetary or other valuable consideration.

10. Contact Details & Privacy Officer

For escalations, formal GDPR Article 27 inquiries, or concerns regarding systemic privacy vulnerabilities, you must contact our dedicated compliance desk:

Formatly Data Protection Officer

C/O Legal & Compliance

formatlyapp@gmail.com

If you suspect a security breach, email formatlyapp@gmail.com directly.