Last updated: February 19, 2026
Forge is operated by NG Technologies ("we", "us", "our"), registered in Washington State, United States. We are committed to protecting privacy and being transparent about how we handle data — both yours and the data of third parties whose information may be submitted by users.
We use Google Analytics 4 to collect anonymous, aggregated usage data including: pages visited, session duration, country of origin, device type, and referral source. This data cannot identify individual users and is used solely to improve the Service.
Tone selections, settings, and preferences are stored locally on your device using browser localStorage. This data never leaves your device and is not transmitted to any server.
Forge uses Google OAuth exclusively for authentication. When you sign in, we receive your email address, display name, and profile picture from Google. We do not access your Google contacts, emails, or any other Google account data. Account data is stored securely by our authentication provider, Supabase, and is used solely for account authentication, read tracking, and subscription management.
We track the number of reads (AI analyses) you perform to enforce usage limits. We use a combination of server-side and client-side methods to identify unique users and prevent abuse of free-tier limits. These methods may include cookies, device identifiers, and other technical signals. For registered users, reads are tracked via your authenticated account. Read count data is used solely to enforce usage limits and is not shared with any third party.
If you subscribe to Forge Pro, payment is processed securely through Stripe. We do not store your credit card number, billing address, or other payment details on our servers. We receive only your subscription status and email address from Stripe for the purpose of managing your Pro access. Stripe's data handling is governed by their privacy policy at stripe.com/privacy.
If you use Forge's AI features, text or images you submit are sent to a third-party AI provider (Anthropic) for real-time processing. This content is processed in volatile memory and is NOT stored on our servers. See Section 4 for full data lifecycle details.
We do not collect, store, retain, or have the ability to retrieve: (a) your name, phone number, or government-issued identifiers (unless provided via Google OAuth display name); (b) screenshots or images you upload — these exist only in volatile memory during processing; (c) conversation text you submit; (d) names, identifiers, or personal information of any third party referenced in submitted content; (e) credit card numbers or payment details (handled by Stripe).
🔒 YOUR CONVERSATIONS ARE NOT STORED.
We do not save, retain, archive, or back up any screenshots, images, or conversation text you submit. Your content exists only in volatile memory for the seconds it takes to generate a response, then it is destroyed. We have no ability to retrieve, view, or reproduce anything you've previously submitted — it no longer exists anywhere in our systems. This is by design. Your private conversations stay private.
When you submit content for AI processing, the following occurs:
When you submit content for AI processing, the following occurs:
Step 1 — Transmission: Your content is transmitted via encrypted HTTPS connection from your browser to our API endpoint.
Step 2 — Automated Screening: Before AI processing, all submitted content undergoes automated safety screening. Text inputs are scanned by our content moderation system to detect prohibited content including references to minors, non-consensual intent, and threats of violence. Uploaded images are screened by third-party safety services to detect explicit, violent, or otherwise prohibited visual content. Content that triggers these safety checks is immediately rejected and not forwarded for AI processing. Text content may also be automatically filtered to remove slurs and hate speech before processing. This screening occurs in real-time volatile memory and no record of flagged or filtered content is retained.
Step 3 — Processing: Approved content is forwarded to Anthropic's API for AI analysis. Processing occurs in real-time volatile memory.
Step 4 — Response: The AI-generated response is returned to your browser. Responses may be automatically scanned to filter prohibited language before delivery.
Step 5 — Destruction: Upon response delivery, all submitted content is discarded. No content is written to disk, database, permanent storage, or backup systems on our servers. We retain zero copies of submitted content.
After processing is complete, we have no technical ability to retrieve, reproduce, view, or share any previously submitted content because it no longer exists anywhere in our systems.
To protect users and third parties, the Service employs automated content moderation that operates as follows:
All user-submitted content — including conversation text, context fields, custom tone inputs, and uploaded images — is screened in real-time before being sent to our AI provider. Text is scanned by our internal moderation system. Images are screened by third-party safety services for explicit, violent, or otherwise prohibited visual content.
Our moderation systems are designed to detect: (a) references to minors or underage individuals in a romantic or sexual context; (b) language indicating non-consensual intent, coercion, or sexual violence; (c) threats of physical violence or harm; (d) slurs, hate speech, and degrading language across multiple languages.
When prohibited content is detected: (a) content involving minors, non-consent, or violence results in immediate request rejection — the content is not processed and no AI response is generated; (b) slurs and hate speech may be automatically replaced with non-harmful alternatives before AI processing — the request is still processed but with modified input; (c) AI-generated responses are also scanned before delivery to filter any prohibited language that may appear in output.
For standard content moderation (slur filtering, general rejections), no content is logged, stored, or retained. These moderation actions occur in volatile memory and are destroyed immediately.
⚠️ EXCEPTION — Illegal Content
Attempts to submit content involving minors, sexual assault, non-consensual acts, child exploitation, or threats of violence trigger a separate security response. These attempts are logged, including: IP address, timestamp, visitor identifier, device information, and the category of violation. These security logs are retained indefinitely and may be shared with law enforcement upon request or proactively reported. This is the only circumstance in which any information about your request is retained.
Automated content moderation is not perfect. It may not detect all prohibited content, and it may occasionally flag or filter content that does not violate our Terms. The presence of automated moderation does not create a guarantee or obligation that all harmful content will be detected or prevented. Users remain solely responsible for their compliance with our Terms of Service.
We recognize that content submitted to Forge may contain messages, images, names, or personal information of third parties — including people who have not consented to their data being processed by this Service. This section addresses how we handle this situation.
NG Technologies does not solicit, request, or require the personal information of third parties. Users choose what content to submit. We have no ability to verify the identity of any person referenced in submitted content, nor do we attempt to do so.
We do not store, retain, index, profile, catalog, or build any record of any third party whose information may appear in submitted content. No third-party data is written to any permanent storage. No third-party profiles, records, or datasets are created. After AI processing is complete, all third-party data is destroyed along with all other submitted content as described in Section 4.
We do not attempt to identify, contact, target, track, or surveil any third party whose information may appear in submitted content. AI-generated analysis is returned exclusively to the submitting user and is not shared with, transmitted to, or made accessible to any other person.
Users are solely responsible for: (a) ensuring they have the legal right to submit content containing third-party information under applicable laws in their jurisdiction; (b) complying with all applicable privacy laws including but not limited to GDPR, CCPA, and local privacy regulations; (c) any consequences arising from submitting third-party content to the Service. We strongly encourage users to obscure or redact personally identifying information before submitting content, though this is not technically required.
If you are a third party and believe your personal information has been processed through our Service: (a) we want you to know that we do not store any data — if your information was processed, it no longer exists in our systems; (b) we cannot retrieve, view, or produce any previously processed content; (c) your concern is with the user who submitted the content, not with NG Technologies, as we are a data processor, not a data controller of third-party content; (d) if you have been harassed using content generated by our Service, please contact law enforcement — we will cooperate fully with any lawful investigation. You may contact us at forge@builtnotborn.app with any concerns.
AI-generated content is powered by Anthropic's Claude API. When you submit content, it is transmitted to Anthropic's servers for processing. Anthropic's data handling is governed by their privacy policy at anthropic.com/privacy. Importantly: Anthropic does not use API inputs to train their models, and API data is retained for a limited period for trust and safety purposes as described in their policies.
We use Google Analytics 4 for anonymous usage statistics. Google's data handling is governed by their privacy policy. No personally identifiable information is sent to Google Analytics. You can opt out using browser extensions or privacy settings.
Users may sign in using Google OAuth. When you sign in with Google, we receive your email address, display name, and profile picture. We do not request or receive access to your Google contacts, Gmail, Drive, or any other Google services. Google's data handling is governed by their privacy policy at google.com/privacy.
User accounts and read tracking are managed through Supabase. Supabase stores your email address, encrypted password (if applicable), and usage data. Data is stored in cloud infrastructure with encryption at rest. Supabase privacy policy: supabase.com/privacy.
Pro subscription payments are processed through Stripe. Stripe handles all payment data including credit card information. We do not store payment details on our servers. Stripe's data handling is governed by their privacy policy at stripe.com/privacy.
Our site is hosted on Vercel. Vercel may collect standard server logs including IP addresses and request metadata subject to their privacy policy. These logs are not accessible to us and are managed by Vercel.
Uploaded images are screened for prohibited content using Google Cloud Vision API before AI processing. Images are transmitted to Google's servers solely for real-time safety classification and are not stored by us. Google's data handling is governed by their privacy policy at cloud.google.com/terms/cloud-privacy-notice.
We use the following cookies:
Usage tracking cookies: We use persistent cookies to enforce usage limits and prevent abuse. These cookies contain randomly generated identifiers that cannot be used to determine your identity, location, or browsing habits. They are used solely for rate limiting and service integrity.
Authentication cookies: Session cookies managed by Supabase for maintaining your signed-in state after Google OAuth authentication.
Google Analytics cookies: Used for anonymous, aggregated usage statistics. You can opt out using browser extensions or privacy settings.
We do not use advertising cookies, retargeting pixels, or third-party marketing cookies.
If you are located in the EU/EEA, you retain all rights under GDPR including the right to access, rectification, erasure, and data portability. However, because we do not store personal data on our servers beyond account information, there is minimal personal data for us to access, modify, export, or delete. Account data can be deleted upon request. Local browser data can be cleared by you at any time. For GDPR purposes, NG Technologies acts as a data processor for content submitted to our AI features. The user submitting content acts as the data controller. If you believe a user has submitted your personal data in violation of GDPR, your recourse is with that user as the data controller.
If you are a California resident, you retain all rights under CCPA. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Because we do not store personal data beyond account information, there is minimal data to disclose, delete, or opt out of.
Forge is strictly for adults aged 18 and older. We do not knowingly collect, process, or store data from or about minors. Users are prohibited from submitting any content involving minors. The Service employs automated systems designed to detect and reject content referencing minors in romantic or sexual contexts. If you believe a minor's information has been processed through our Service, please contact us immediately at forge@builtnotborn.app.
Because we do not store user-submitted content or personal data beyond account information, the risk of a data breach involving user content is minimal. In the unlikely event of a security incident affecting our infrastructure, we will notify affected parties as required by applicable law.
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.
For privacy-related questions, concerns, or requests — including third-party inquiries — contact us at: NG Technologies — forge@builtnotborn.app