Last updated: March 12, 2026
We collect API request logs (timestamps, IP addresses, endpoints called), account metadata (name, email, organization), billing information, and aggregate usage analytics. We do not collect personal data about end-users of your application unless you send it to us.
We use collected data to: (a) operate and improve the Service; (b) send billing and account notifications; (c) prevent fraud and abuse; (d) analyze aggregated trends (anonymized). We do not sell your data to third parties.
Your data is stored encrypted at rest. Backups are encrypted and stored redundantly across geographically distributed data centers. We implement role-based access controls and audit logs for internal data access.
By default, EU user data is processed and stored in Frankfurt. UK users: London. APAC users: Singapore. Enterprise customers may request custom residency arrangements.
API logs are retained for 90 days. Account data is retained while your account is active and for 7 days after deletion. Billing records retained per legal requirements (typically 7 years).
Forge complies with GDPR, CCPA, and regional privacy laws. You have the right to access, correct, or delete your personal data. Submit requests via support@forge-api.dev. EU data subjects have rights under GDPR Article 15-22.
We use AWS for cloud infrastructure, Stripe for payments, and Sentry for error monitoring. These providers have their own privacy policies. We do not authorize them to use your data beyond service provision.
Questions about this policy? Contact privacy@forge-api.dev.