Overview: At Forge APIs ("we", "our", or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API services, website, and related products.
By using our services, you agree to the collection and use of information in accordance with this policy.
Information You Provide
- Account Information: Email address, name, and company name when you sign up
- Payment Information: Processed securely through Stripe (we don't store card details)
- API Usage Data: API keys, request logs, and usage metrics
- Support Communications: Information you provide when contacting support
Information Collected Automatically
- Log Data: IP addresses, browser type, operating system, and request timestamps
- API Analytics: Endpoint usage, response times, and error rates
- Cookies: Essential cookies for authentication and analytics (see our Cookie Policy)
Legal Basis for Processing (GDPR)
We process personal data based on the following legal grounds:
- Contract Performance: To provide the API services you've subscribed to
- Legitimate Interests: For fraud prevention, security, and service improvement
- Legal Obligation: To comply with applicable laws and regulations
- Consent: For marketing communications (where applicable)
How We Use Your Information
We use the collected information for:
- Providing and maintaining our API services
- Processing payments and managing subscriptions
- Sending service updates and technical notices
- Responding to support requests
- Monitoring and analyzing usage patterns to improve our services
- Detecting and preventing fraud or abuse
- Complying with legal obligations
Data Processed Through Our APIs
Important for RiskScore and Other API Users
When you submit data through our APIs:
- We process data ONLY as instructed by you (as a data processor)
- You remain the data controller for all submitted data
- We do NOT store submitted data beyond 30 days (for debugging purposes only)
- We do NOT use submitted data for any other purpose
- We do NOT share submitted data with third parties
- We do NOT verify the accuracy or legality of submitted data
- You warrant you have legal basis to submit all data
- We are NOT responsible for the content you submit
RiskScore Specific Privacy Notice
- Risk scores are generated using pattern analysis algorithms
- We do NOT create persistent profiles of individuals
- We do NOT make automated decisions about individuals
- Customers are solely responsible for how they use risk scores
- We do NOT determine or verify actual ages or identities
Information Sharing
We do not sell, trade, or rent your personal information. We may share information with:
- Service Providers: Stripe for payments, Cloudflare for hosting and security, Railway for infrastructure
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- Your Consent: When you explicitly agree to sharing
- Aggregated Data: We may share anonymized, aggregated data that cannot identify you
International Data Transfers
Your data may be transferred to and processed in countries other than your own:
- Our primary servers are located in the United States
- We use Standard Contractual Clauses for EU/UK data transfers
- We ensure appropriate safeguards are in place for all transfers
- By using our services, you consent to these transfers
Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data transmission is encrypted using HTTPS/TLS 1.3
- API keys are hashed using industry-standard algorithms
- Regular security audits and vulnerability assessments
- Limited access to personal data on a need-to-know basis
- Secure data centers with physical security controls
- Regular backups with encrypted storage
However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active plus 90 days
- API Request Logs: Retained for 30 days for debugging and security
- Payment Records: Retained for 7 years as required for tax and accounting
- Support Communications: Retained for 2 years after resolution
- Submitted API Data: Automatically deleted after 30 days
Your Rights
Depending on your location, you may have certain rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal requirements)
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
- Restriction: Request restriction of processing
- Withdraw Consent: Where processing is based on consent
To exercise these rights, please contact us at privacy@forgeapis.com.
GDPR Compliance
For users in the European Economic Area (EEA) and United Kingdom:
- We process data based on legitimate interests, contract fulfillment, or consent
- You have additional rights under GDPR including data portability and erasure
- We respond to all valid requests within 30 days
- You have the right to lodge a complaint with your supervisory authority
- We maintain records of processing activities as required
California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do NOT sell personal information
- Right to Non-Discrimination: Equal service regardless of privacy choices
To exercise these rights, California residents can contact privacy@forgeapis.com.
Age Restrictions
Our services are strictly for users 18 years and older.
We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@forgeapis.com for deletion.
Data Breach Notification
In the event of a data breach that poses risk to your rights and freedoms:
- We will notify affected users within 72 hours of discovery
- We will notify relevant supervisory authorities as required by law
- We will document all breaches and measures taken
- We will provide information about the nature and impact of the breach
- We will advise on steps you can take to protect yourself
Cookie Consent
- EU/UK visitors will be asked for consent before setting non-essential cookies
- Essential cookies do not require consent as they're necessary for service operation
- You can withdraw cookie consent at any time
- See our Cookie Policy for details
API Note
Our API endpoints do not use cookies. Authentication is handled via API keys in request headers, making our APIs privacy-compliant by design.
Data Protection Contact
For privacy concerns or to exercise your rights, contact our data protection team:
- Email: privacy@forgeapis.com
- Response Time: Within 30 days
- Postal Address: Forge APIs, London, England, United Kingdom
Changes to This Policy
- Current Version: 1.1
- Effective Date: August 17, 2025
- Material changes will be notified via email to registered users
- Continued use after changes constitutes acceptance
- Previous versions available upon request
For questions about this Privacy Policy or our data practices:
- Email: privacy@forgeapis.com
- General Inquiries: hello@forgeapis.com
- Website: forgeapis.com
- Location: London, England, United Kingdom
Final Important Notice
By using Forge APIs services, you acknowledge that:
- You have read and understood this Privacy Policy
- You agree to our data processing practices
- You are responsible for the data you submit through our APIs
- You will comply with applicable privacy laws for your own users