Privacy Policy

Privacy Policy

Last updated: March 12, 2026

1. Information We Collect

We collect API request logs (timestamps, IP addresses, endpoints called), account metadata (name, email, organization), billing information, and aggregate usage analytics. We do not collect personal data about end-users of your application unless you send it to us.

2. How We Use Your Information

We use collected data to: (a) operate and improve the Service; (b) send billing and account notifications; (c) prevent fraud and abuse; (d) analyze aggregated trends (anonymized). We do not sell your data to third parties.

3. Data Storage and Security

Your data is stored encrypted at rest. Backups are encrypted and stored redundantly across geographically distributed data centers. We implement role-based access controls and audit logs for internal data access.

4. Data Residency

By default, EU user data is processed and stored in Frankfurt. UK users: London. APAC users: Singapore. Enterprise customers may request custom residency arrangements.

5. Retention

API logs are retained for 90 days. Account data is retained while your account is active and for 7 days after deletion. Billing records retained per legal requirements (typically 7 years).

6. Compliance

Forge complies with GDPR, CCPA, and regional privacy laws. You have the right to access, correct, or delete your personal data. Submit requests via support@forge-api.dev. EU data subjects have rights under GDPR Article 15-22.

7. Third-Party Services

We use AWS for cloud infrastructure, Stripe for payments, and Sentry for error monitoring. These providers have their own privacy policies. We do not authorize them to use your data beyond service provision.

8. Contact Us

Questions about this policy? Contact privacy@forge-api.dev.