← Back

Privacy Policy

Last updated June 27, 2026

Forge is operated by Jonathan Moreno, a sole proprietor doing business as "Forge", who acts as the data controller for personal data processed through the Service. This Privacy Policy explains what data we collect, why we collect it, and how we handle it. By using the Service you agree to the practices described here.

What we collect

  • Account data: name, email, password hash, authentication provider identifiers.
  • Profile & health inputs: goal, gender, age, height, weight, activity level, training frequency, unit preferences, and similar information you enter.
  • Usage data: meals logged, weight logs, streaks, favorites, and analytics events used to operate the product.
  • Payment data: billing data is collected and processed by Paddle, our merchant of record. Forge stores only a subscription identifier, plan, status, and renewal date — not your card number.
  • Technical data: device, browser, IP address, log data, and cookies used for security and basic analytics.

How we use data

  • to provide and personalize the Service (e.g. protein targets, progress);
  • to operate authentication, billing, and customer support;
  • to monitor reliability, prevent abuse, and improve the product;
  • to send service-related messages (you can opt out of marketing email).

Sharing

We share data only with the processors required to run Forge:

  • Supabase — database, authentication, storage.
  • Paddle — payments, subscription management, tax compliance. Paddle is the merchant of record for purchases and has its own privacy policy.
  • Hosting / infrastructure providers used to deliver the app.

We do not sell personal data.

Retention

We retain account and health data while your account is active. When you delete your account, personal data is removed within 30 days, except records we are required to retain for legal, tax, or fraud-prevention purposes.

Your rights

Depending on your jurisdiction (including the EU/UK under GDPR and California under the CCPA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Contact us through the in-app support channel to exercise these rights.

Security

Data is encrypted in transit (TLS) and access is restricted via row-level security policies on the database. No system is perfectly secure; please use a strong, unique password.

Children

Forge is not directed at children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

International transfers

Data may be processed in countries other than your own. We rely on standard contractual clauses and our processors' safeguards where required.

Changes

We may update this policy. Material changes will be communicated in-app or by email.

Contact

For privacy questions or data requests, contact us through the in-app support channel.