Forge logoforge
// privacy policy

Privacy Policy

Last updated: May 24, 2026

This Privacy Policy explains how Forge ("we", "us") collects, uses, and protects personal data when you use our website and Service. We act as a data controller for account data, and as a data processor for data you store inside your Forge projects.

1. Data We Collect

  • Account data: email, display name, hashed password, auth provider IDs.
  • Usage data: project names, table schemas, API requests, last-seen timestamps, IP address, user agent.
  • Billing data: processed by Paddle. We receive subscription status, plan, country, and last 4 digits of the payment method — never the full card number.
  • Customer content: the rows and files you choose to store in your Forge projects.

2. How We Use It

  • Operate, maintain and improve the Service;
  • Authenticate you and prevent abuse;
  • Send transactional emails (verification, password reset, invites, billing receipts);
  • Comply with legal and tax obligations.

We do not sell your personal data and we do not use customer content to train AI models.

3. Legal Bases (GDPR)

Performance of a contract (to deliver the Service), legitimate interest (security, abuse prevention, product improvement), legal obligation (tax, accounting), and consent (optional product emails).

4. Sharing

We share data only with the sub-processors needed to run Forge:

  • Supabase / Lovable Cloud — database, authentication, file storage;
  • Cloudflare — edge runtime, CDN, DDoS protection;
  • Resend — transactional email delivery;
  • Paddle — payment processing and tax compliance (merchant of record).

5. Data Retention

We keep account data while your account is active. If you delete your account, we remove your personal data and project content within 30 days, except where retention is required by law (e.g. invoices, kept for up to 10 years).

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to processing or lodge a complaint with a supervisory authority. Most of these can be exercised from /account. For anything else email contact@forgeconsole.app.

7. International Transfers

Our infrastructure is global. When personal data is transferred outside your country, we rely on Standard Contractual Clauses or equivalent safeguards.

8. Security

Passwords are hashed with bcrypt; data in transit is encrypted with TLS; data at rest is encrypted by our cloud provider. No system is perfectly secure — use a strong, unique password.

9. Cookies

We use only essential cookies and local storage required to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.

10. Children

Forge is not directed to children under 16 and we do not knowingly collect their data.

11. Contact

contact@forgeconsole.app