Privacy Policy

Last updated: 2025-10-20

1) Who we are

Forgeon (“Forgeon”, “we”, “us”, “our”) provides a platform-as-a-service that helps developers build, deploy, run, and scale applications, including supporting services such as CI, runtime orchestration, domains/SSL, logs, and managed databases.

This Privacy Policy explains how we handle personal information when you use our websites, dashboard, APIs, and related services (collectively, the “Services”).

2) Scope

This policy applies to:

• Visitors of our public sites (e.g., marketing pages, docs, blog).
• Users who create a Forgeon account and access the dashboard or APIs.
• Developers and end-users whose data may flow through applications hosted on Forgeon (to the extent we process such data as a service provider/processor on your behalf).

For data you upload or process via your own applications on Forgeon, you are the controller and Forgeon typically acts as your processor/service provider.

3) Information we collect

Account & profile — name, email, organization, role, avatar (including from identity providers like GitHub), and authentication artifacts (e.g., hashed credentials, tokens).

Usage & telemetry — app and build metadata, runtime events, logs, IP address, device/browser info, approximate location (derived from IP), pages viewed, referrers, feature usage, crash/diagnostic reports.

Billing — plan selections, subscription status, limited payment metadata (handled primarily by payment providers). We do not store full card numbers.

Support & communications — messages, tickets, survey responses, feedback, and related contact details.

Integrations — repository metadata and minimal tokens/installation IDs needed to integrate with third parties (e.g., GitHub) according to scopes you approve.

Cookies & similar tech — to remember preferences, keep you signed in, analyze traffic, and improve UX. See “Cookies” below.

4) How we use information

We use information to:

• Provide and secure the Services (auth, deploys, runtime, domains/SSL, logs, backups).
• Operate CI and build pipelines, detect frameworks, and manage artifacts.
• Maintain platform reliability (monitoring, debugging, abuse and fraud prevention).
• Improve the product (usage analytics, UX research, feature development).
• Communicate with you (service updates, security notices, onboarding, support).
• Billing & account management (subscriptions, invoices, quota tracking, entitlements).
• Compliance & enforcement (terms, policies, legal obligations).

5) Legal bases (where applicable)

Depending on jurisdiction, we rely on: contract performance (to provide Services), legitimate interests (security, product improvement, fraud prevention), consent (where required, e.g., certain cookies/marketing), and legal obligations.

6) Sharing & disclosures

We do not sell your personal information.

We share information with:

• Service providers/sub-processors (e.g., cloud hosting, email, analytics, payment processing, error tracking) strictly to operate the Services. We require appropriate contractual safeguards.
  See our current list at /legal/subprocessors (placeholder).
• Integration partners you connect (e.g., GitHub). We share only what’s necessary to enable the integration.
• Corporate transactions (merger, acquisition, financing, or sale of assets), subject to standard safeguards.
• Legal & safety (lawful requests, enforcing terms, protecting rights, security, or preventing harm).

7) International transfers

Your information may be processed in locations where we or our providers operate. We implement reasonable safeguards for cross-border transfers as required by applicable law.

8) Security

We use administrative, technical, and organizational measures to protect information (role-based access controls, encryption in transit, network isolation, logging, and monitoring). However, no system is 100% secure. If you suspect unauthorized access, contact us immediately at support@forgeon.io.

9) Data retention

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category (e.g., logs vs. billing records). We also provide tools to delete projects/resources which will schedule underlying data for removal subject to necessary backups and legal limits.

10) Your choices & rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or port certain information. You can manage much of your data via the dashboard (profile, tokens, projects). For other requests, email privacy@forgeon.io (placeholder).

If we process data as a processor on your behalf (for your end-users), we will direct data subject requests to you (the controller) or assist as required by our agreement.

11) Cookies & analytics

We use cookies and similar technologies to:

• Keep you signed in and remember preferences.
• Measure usage and improve features.
• Diagnose reliability and performance issues.

You can control cookies via browser settings. Some functionality may be limited if disabled.

12) Children’s privacy

The Services are not directed to children under 13 (or the age defined by your local law). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@forgeon.io and we will take appropriate steps.

13) Third-party links

Our sites may include links to third-party services. Their privacy practices are governed by their own policies.

14) Changes to this policy

We may update this policy to reflect changes in our Services, practices, or legal requirements. We’ll update the “Last updated” date above and, where appropriate, provide additional notice (e.g., dashboard banner or email).

15) Contact us

• Privacy & data requests: privacy@forgeon.io (placeholder)
• Support: support@forgeon.io

---

Controller: Forgeon (company details to be inserted upon incorporation).
Jurisdiction: Specify governing law and venue in your Terms of Service.