Privacy Policy

We built Forge Dynamics to be trustworthy with your business data. This policy explains exactly what data we collect, how we use it, and how you can control it.

Effective date: April 12, 2026 · Last updated: April 12, 2026

1. Who We Are

Forge Dynamics AI Ops ("Forge Dynamics", "we", "us") is an AI-powered operational intelligence platform for SaaS founders. We provide automated weekly reporting, playbook-driven recommendations, and operational memory across your Stripe and GitHub integrations.

Questions about this policy: privacy@forgedynamicsai.com

2. Data We Collect

STRIPE (READ-ONLY)

Subscription & billing metadata

Via OAuth read-only access: subscription statuses, invoice events, payment outcomes, and dunning metadata. We never access credit card numbers, bank account details, or any PCI-regulated payment data. We cannot initiate charges, refunds, or any write operation.

GITHUB (READ-ONLY)

Issue & pull request metadata

Via OAuth read-only access: issue counts, PR statuses, milestone data, and velocity metrics. We do not access, store, or transmit source code. Access is programmatically restricted to issue/PR and activity metadata.

OPERATIONAL DATA

Platform usage and operational records

Weekly operational reports, AI-generated recommendations, playbook outcomes, confidence scores, audit log entries, and memory pages generated by our agents. This data lives in our database (Supabase) and is scoped to your tenant.

ACCOUNT DATA

Account and configuration

Your email address, tenant settings, and integration configuration. We use OAuth exclusively — no passwords are stored.

3. How We Use Your Data

To generate weekly operational reports, metrics, and CEO/Advisor recommendations for your business.
To build and maintain your operational memory (memory pages, playbooks, confidence calibration).
To produce vector embeddings from operational summaries for semantic memory search.
To detect patterns across your historical data and match relevant playbooks.
To maintain your audit log — every recommendation and system action is recorded.
To send your weekly digest (Slack or email) if configured.

We do not use your data for advertising, profiling, or to train AI models. All LLM processing uses Google Gemini via Paid Services, governed by Google's Data Processing Addendum, under which customer data is not used to train or improve Google's models.

4. Data Minimization & AI Processing

Our AI agents receive aggregated operational metrics and memory summaries — not raw Stripe records or GitHub issue contents. We apply pseudonymization where practicable. Financial metrics (MRR, churn, unit economics) are calculated using deterministic Python code and are never passed raw through a language model.

Vector embeddings are generated from operational summaries and stored in our database at 768 dimensions (Gemini embedding-001). Raw Stripe or GitHub records are not embedded.

5. Data Sharing & Sub-Processors

We do not sell your data. We do not share your data with other customers — row-level security is enforced at the database layer. We share data only with the following sub-processors, all operating under appropriate data processing agreements:

Supabase — Database hosting. All data encrypted at rest (AES-256). United States.

Google (Gemini) — LLM inference and embeddings. Paid Services only — not used for model training. United States.

Railway — Agent compute and execution. United States.

Vercel — Dashboard hosting (static frontend only). United States.

6. Data Retention & Deletion

Your data is retained for the duration of your active subscription.
After cancellation, you have 30 days to export your data.
Backup copies are purged within 90 days of cancellation.
You may request an immediate hard purge at any time — production data is deleted immediately upon confirmation.
Before any purge, the system generates a full deletion manifest showing exactly which rows will be deleted. You must review and confirm before the purge proceeds.

To request data deletion: privacy@forgedynamicsai.com

7. Your Rights

Depending on your jurisdiction, you may have rights to:

Access — request a copy of the data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data
Portability — export your operational data in machine-readable format
Objection — object to certain processing activities

To exercise any of these rights: privacy@forgedynamicsai.com — we respond within 30 days.

8. Security

All data in transit uses TLS/HTTPS. All data at rest is encrypted (AES-256). OAuth tokens for Stripe and GitHub are stored encrypted. All 26 database tables have row-level security enforced. We conduct adversarial red team testing across 8 attack vectors. See our Security page for full details.

9. Cookies & Tracking

The Forge Dynamics dashboard does not use tracking cookies. We do not use analytics that identify individual users. Session state is maintained via Supabase's authentication system.

10. Changes to This Policy

We will notify you of material changes to this policy via email or the dashboard. Continued use of Forge Dynamics after the effective date constitutes acceptance of the updated policy.

11. Contact

Privacy inquiries, data requests, DPA negotiations:
privacy@forgedynamicsai.com
We respond within 30 days. Enterprise customers may request a negotiated DPA.