LEGAL
Privacy Policy
Effective date: June 1, 2026 · Last updated: June 1, 2026
1. Information We Collect
Account information
When you sign up, we collect your email address via Supabase authentication. We support magic link (passwordless) and Google OAuth sign-in — no password is ever stored by Forge.
Project data
When you submit a build request, we store your project prompt, build status, evaluation results, and any output metadata. This is necessary to provide the service and display your project history in the dashboard.
Billing information
Payment is handled entirely by Stripe. We store only your Stripe customer ID and subscription status — never your card number, CVV, or full billing details. Those remain with Stripe and are subject to their privacy policy.
Usage data
We log standard server-side information such as build timestamps, success/failure status, and your builds-remaining count. We do not use client-side analytics, tracking pixels, or third-party ad networks.
What we do NOT collect
- Passwords (we use passwordless auth)
- Browser fingerprints or device identifiers
- Location data beyond what Stripe requires for billing
- Data from third parties for advertising purposes
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Email address | Account authentication, magic link delivery, build status notifications, important service announcements |
| Project prompts | Processing your build request through the AI agent pipeline; displaying your project history |
| Stripe customer ID | Managing your subscription, opening the billing portal, processing renewals |
| Build status & quota | Enforcing plan limits, displaying remaining builds, triggering renewal resets |
We do not use your data for advertising, sell it to third parties, or share it with anyone except the service providers listed in Section 4.
3. AI Processing & Your Prompts
Your prompts are transmitted to third-party LLM providers to generate the evaluation and build output. Current providers include:
- Groq — groq.com/privacy-policy
- Google Gemini — policies.google.com/privacy
- OpenRouter — openrouter.ai/privacy
We recommend you do not include passwords, private API keys, personally identifiable information about third parties, or trade secrets in your project descriptions.
4. Third-Party Service Providers
We share data only with providers necessary to operate Forge:
| Provider | Role | Data shared |
|---|---|---|
| Supabase | Authentication & database | Email, project data, profile |
| Stripe | Payment processing | Email, subscription details |
| Amazon Web Services | Cloud compute (Lambda, S3, CloudFront) | Build processing, static file hosting |
| Resend | Transactional email | Email address, notification content |
| Groq / Gemini / OpenRouter | LLM inference | Project prompts (see Section 3) |
Each provider is contractually obligated to use your data only to provide their services and is prohibited from using it for their own advertising or selling it to others.
5. Cookies & Local Storage
Forge uses only the cookies and local storage necessary to keep you signed in:
- Supabase auth session — stores your authentication token so you don't need to sign in on every visit. This expires when you sign out or after 1 hour of inactivity.
We do not use advertising cookies, tracking pixels, analytics SDKs (no Google Analytics, Mixpanel, etc.), or any third-party cookies that follow you across sites.
6. Data Retention
We retain your account data and project history for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes, which are kept for 7 years).
Build logs (server-side, not tied to your identity) may be retained for up to 90 days for debugging and security purposes.
7. Security
We take reasonable technical and organizational measures to protect your data, including:
- HTTPS/TLS encryption for all data in transit
- Row-level security (RLS) in Supabase — each user can access only their own data
- Stripe handles all payment data under PCI DSS compliance
- AWS services protected by IAM policies with least-privilege access
- No card numbers or credentials stored by Forge directly
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to hello@ssforge.cloud.
8. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — request deletion of your account and associated data
- Portability — receive your data in a machine-readable format
- Opt-out of communications — unsubscribe from non-essential emails at any time via the link in any email
To exercise any of these rights, email us at hello@ssforge.cloud. We will respond within 30 days.
California residents (CCPA)
Under the California Consumer Privacy Act, California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, contact hello@ssforge.cloud.
EU / UK residents (GDPR)
If you are located in the European Economic Area or United Kingdom, our lawful basis for processing your data is performance of a contract (providing the service you signed up for). For questions about cross-border data transfers or to lodge a complaint, contact us at hello@ssforge.cloud.
9. Children's Privacy
Forge is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For any privacy-related questions, data requests, or concerns:
SSForge AI LLC
hello@ssforge.cloud
California, United States