F
ForgeLM
Home

Privacy Policy

Last updated: April 2, 2026

1. What We Collect

  • Account data: Email address and authentication tokens (managed by Supabase Auth). Passwords are never stored on our servers.
  • Usage data: Questions asked, conversation history, and daily usage counts to enforce plan limits.
  • Startup profile: If you choose to save one, your startup description for personalized coaching.
  • Payment data: Processed entirely by Stripe. We store your Stripe customer ID and subscription status, never your card details.
  • Analytics: Anonymous page views via Plausible Analytics (no cookies, no personal data, GDPR-compliant).
  • Technical data: IP address (for rate limiting only, not stored long-term), browser type via standard HTTP headers.

2. How We Use Your Data

  • To provide and personalize the coaching experience
  • To enforce usage limits and prevent abuse
  • To process payments and manage subscriptions
  • To improve the Service (aggregate, anonymized usage patterns)

We never use your data to train AI models. Your questions and conversations are sent to Anthropic's Claude API for real-time processing only and are not retained by Anthropic for training purposes.

3. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase (EU-West-1) — Authentication and database hosting
  • Anthropic (Claude API) — AI-powered response generation
  • Stripe — Payment processing
  • Railway — Application hosting
  • Plausible Analytics — Privacy-friendly, cookieless analytics

Each service operates under its own privacy policy. We select providers that prioritize data protection.

4. Cookies

We use minimal, essential cookies only:

  • sb-access-token / sb-refresh-token: HttpOnly, Secure session cookies for authentication. Not accessible to JavaScript.
  • forgelm_vid: Anonymous visitor ID for usage tracking. HttpOnly, Secure.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

5. Data Security

  • All data transmitted over HTTPS (TLS 1.2+) with HSTS enforced
  • Authentication tokens stored as HttpOnly/Secure/SameSite cookies
  • CSRF protection on all state-changing endpoints
  • Row-Level Security (RLS) on all database tables
  • Application runs in a non-root container

6. Data Retention

  • Conversation history is retained while your account is active
  • Rate limiting data (IP-based) is kept in memory only and cleared on server restart
  • Upon account deletion, all personal data is permanently removed

7. Your Rights

You have the right to:

  • Access your personal data
  • Delete your account and all associated data
  • Export your conversation history
  • Correct inaccurate information
  • Object to data processing

To exercise these rights, contact us at hello@forgelm.app.

8. Children's Privacy

ForgeLM is not intended for users under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use after changes constitutes acceptance.

10. Contact

Questions about your privacy? Reach us at hello@forgelm.app.

Terms of Service © 2026 ForgeLM