Private records need careful handling.

A FairForm account can store profile details, language preference, cases, uploaded evidence metadata, private file paths, timeline events, interview answers, drafts, generated outputs and review requests.

Uploaded files should be stored only in private Supabase storage buckets with row-level security and owner-only storage policies.

While the compliance gate is closed, users must only upload dummy or test evidence. Real medical records, disability evidence, benefits letters, housing evidence or identity documents should not be uploaded.

The app enforces this in the evidence upload route unless `FAIRFORM_REAL_DATA_ENABLED=true` is deliberately set after the launch gate is complete.

Users should be able to delete their account data. The current MVP has a profile deletion path that removes user-owned database rows, and can remove the auth user when the service-role key is configured.

Before real data is accepted, deletion must also be tested against private storage files, generated outputs, audit records and backup retention.

Real evidence should not be sent to an AI provider until zero-retention terms, provider agreements and data-processing arrangements are confirmed in writing.

FairForm should keep AI outputs source-linked, factual and reviewable. It must not invent facts or submit anything automatically.

FairForm needs final privacy policy review, DPIA, data-processing agreements, storage and deletion tests, logging review, cookie review and a clear support contact before handling real records.

A dedicated FairForm privacy contact must be configured before real records are accepted. Until then, use dummy or redacted evidence only.