Privacy Policy

Information We Collect

Information You Provide

• Account Information: Email address, name, and company name when you sign up
• Payment Information: Processed securely through Stripe (we don't store card details)
• API Usage Data: API keys, request logs, and usage metrics (API products only)
• Uploaded Files: Temporarily processed files for analysis (DupeCheck)
• Support Communications: Information you provide when contacting support

Information Collected Automatically

• Log Data: IP addresses, browser type, operating system, and request timestamps
• Usage Analytics: Feature usage, response times, and error rates
• Device Information: Anonymous device identifiers for usage tracking
• Local Storage: Authentication tokens and user preferences

Product-Specific Data Handling

Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

• Contract Performance: To provide the services you've subscribed to
• Legitimate Interests: For fraud prevention, security, and service improvement
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications (where applicable)

How We Use Your Information

We use the collected information for:

• Providing and maintaining our services
• Processing payments and managing subscriptions
• Sending service updates and technical notices
• Responding to support requests
• Monitoring and analyzing usage patterns to improve our services
• Detecting and preventing fraud or abuse
• Complying with legal obligations

Information Sharing

We do not sell, trade, or rent your personal information. We may share information with:

• Service Providers:
  • Stripe - Payment processing
  • Railway - Application and database hosting
  • Cloudflare - CDN and security
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Your Consent: When you explicitly agree to sharing
• Aggregated Data: We may share anonymized, aggregated data that cannot identify you

Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data transmission is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt (never stored in plain text)
• API keys are encrypted and securely stored
• Regular security audits and vulnerability assessments
• Limited access to personal data on a need-to-know basis
• Secure data centers with physical security controls
• Rate limiting to prevent abuse

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

DupeCheck Specific:

• Analysis Summaries: 90 days (automatically deleted)
• Anonymous Usage: 7 days (automatically deleted)
• Uploaded Files: Immediately deleted after processing

General:

• Account Data: Active account + 90 days after closure
• API Request Logs: 30 days
• Payment Records: 7 years (legal requirement)
• Support Communications: 2 years after resolution
• Password Reset Tokens: 1 hour

Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request restriction of processing
• Withdraw Consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@forgeapis.com.

GDPR Compliance

For users in the European Economic Area (EEA) and United Kingdom:

• We process data based on legitimate interests, contract fulfillment, or consent
• You have additional rights under GDPR including data portability and erasure
• We respond to all valid requests within 30 days
• You have the right to lodge a complaint with your supervisory authority
• We maintain records of processing activities as required
• Data transfers outside the EEA use Standard Contractual Clauses

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, California residents can contact privacy@forgeapis.com.

Cookies & Local Storage

We use minimal browser storage for functionality:

DupeCheck:

• Authentication: JWT tokens in localStorage
• Device Tracking: Anonymous identifier for free usage limits
• User Preferences: Email for display purposes
• No tracking cookies: We don't use analytics or advertising cookies

API Products:

• APIs don't use cookies - authentication via headers
• Dashboard may use session cookies for login

Age Restrictions

Data Breach Notification

In the event of a data breach that poses risk to your rights and freedoms:

• We will notify affected users within 72 hours of discovery
• We will notify relevant supervisory authorities as required by law
• We will document all breaches and measures taken
• We will provide information about the nature and impact of the breach
• We will advise on steps you can take to protect yourself

Changes to This Policy

• Current Version: 1.2
• Effective Date: January 2025
• Material changes will be notified via email to registered users
• Continued use after changes constitutes acceptance
• Previous versions available upon request

Contact Information

For questions about this Privacy Policy or our data practices:

• Email: privacy@forgeapis.com
• General Inquiries: hello@forgeapis.com
• Website: forgeapis.com
• Response Time: Within 48 hours