Privacy Policy
Effective: March 28, 2026 · ForjeGames LLC
Questions? Contact us at privacy@forjegames.com
ForjeGames LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use ForjeGames (the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described here.
1. Information We Collect
A. Information You Provide
- Account data: email address, username, display name, profile photo
- Payment data: billing address, payment method (processed by Stripe — we never store raw card numbers)
- Prompts & inputs: text, images, and files you submit to the AI generation system
- Communications: support tickets, emails, feedback
- Age verification data: date of birth (for COPPA compliance) and, for users under 13, parent/guardian email and consent records
B. Information Collected Automatically
- Usage data: pages visited, features used, generation history, token consumption
- Device data: browser type, operating system, screen resolution, IP address
- Log data: server logs, error reports, timestamps
- Cookies & tracking: session cookies (required), analytics cookies (optional, consent-gated in EU)
C. Information from Third Parties
- Clerk (authentication): OAuth profile data if you sign in with Google or other providers
- Stripe: payment status, subscription state
- Roblox: if you connect your Roblox account, we receive your Roblox username and user ID
2. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| AI generation (processing your prompts) | Contract performance |
| Improve AI models and Service quality | Legitimate interest / Consent |
| Send transactional emails (receipts, alerts) | Contract performance |
| Send marketing emails (newsletters, promotions) | Consent (opt-in) |
| Detect fraud and ensure security | Legitimate interest |
| Comply with legal obligations (COPPA, GDPR, CCPA) | Legal obligation |
| Respond to support requests | Legitimate interest / Contract |
| Analytics and usage insights | Legitimate interest / Consent |
3. How We Share Your Information
We do not sell your personal information. We share data only as follows:
- Service providers: Stripe (payments), Clerk (auth), Anthropic (AI), Meshy (3D generation), Fal.ai (image generation), Sentry (error tracking), PostHog (analytics), Resend (email), Vercel (hosting). These processors handle data on our behalf under Data Processing Agreements.
- Legal requirements: We may disclose data when required by law, subpoena, court order, or to protect our legal rights.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and subject to different privacy policies.
- With your consent: Any other sharing requires your explicit consent.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Generation history / prompts | 2 years or until deletion request |
| Payment records | 7 years (tax/legal requirement) |
| COPPA parental consent records | 5 years (FTC requirement) |
| Security/fraud logs | 2 years |
| Analytics data | 13 months (PostHog default) |
| Marketing consent records | Until withdrawn + 3 years |
5. Security Measures
We implement industry-standard safeguards including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Hashed passwords (we never store plaintext passwords)
- Role-based access controls for internal staff
- Regular security audits and dependency scanning (Sentry)
- Stripe PCI DSS Level 1 compliance for payment data
No system is 100% secure. In the event of a data breach that affects your rights, we will notify you within 72 hours as required by GDPR Article 33, and within timeframes required by applicable state laws.
EU / EEA / UK Residents — GDPR Rights
If you are in the EU, EEA, or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies. You have the following rights:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
- Right to Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON/CSV export available in account settings).
- Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time without affecting prior processing.
- Right to Lodge a Complaint: You may lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France).
To exercise any right, contact us at dpa@forjegames.com. We will respond within 30 days. Identity verification may be required.
International transfers: We transfer data from the EU/UK to the US. We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as our legal transfer mechanism.
Data Protection Agreement: Enterprise and B2B customers may request a Data Processing Agreement (DPA) at dpa@forjegames.com.
California Residents — CCPA / CPRA Rights
The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants California residents the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, and sold in the past 12 months.
- Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising without consent. You may still opt out via our Cookie Settings.
- Right to Limit Sensitive PI Use: Limit our use and disclosure of sensitive personal information to permitted purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.
To submit a CCPA request, contact us at privacy@forjegames.com with subject "CCPA Request." We will respond within 45 days (extendable by 45 days with notice). An authorized agent may submit on your behalf with written permission.
Do Not Sell or Share My Personal Information: We do not sell personal information. Contact us at privacy@forjegames.com to opt out of any sharing.
Children Under 13 — COPPA Compliance
The Children's Online Privacy Protection Act (COPPA) applies to children under 13 in the United States. We take the following steps to protect children's privacy:
- Verifiable parental consent required: Before a child under 13 may use the Service, we collect verifiable parental consent via email verification and payment card confirmation (FTC-approved methods).
- Data minimization: We collect only the minimum data necessary to provide the Service. For under-13 accounts, we do not collect location, behavioral advertising data, or unnecessary profile information.
- No behavioral advertising to children: We do not serve targeted advertising to users under 13.
- No AI training on children's data: Prompts and outputs from under-13 accounts are excluded from AI model training.
- Parental rights: Parents may at any time: (a) review the child's data; (b) request correction or deletion; (c) revoke consent and close the account. Contact privacy@forjegames.com to exercise these rights.
- Consent record retention: Parental consent records are retained for 5 years per FTC guidance.
- Third-party disclosure: We do not disclose children's personal information to third parties except as necessary to provide the Service, and only to processors that agree to COPPA-compliant data handling.
If you believe we have inadvertently collected personal information from a child under 13 without consent, contact privacy@forjegames.com immediately. We will delete the information promptly.
9. Cookies & Tracking Technologies
| Cookie Type | Purpose | Can Opt Out? |
|---|---|---|
| Strictly necessary | Auth sessions, CSRF protection | No — required |
| Functional | Preferences, language settings | Yes |
| Analytics (PostHog) | Usage stats, feature improvement | Yes (EU: consent required) |
| Error tracking (Sentry) | Crash reports | Yes |
EU/UK users are shown a cookie consent banner on first visit. You can update your preferences at any time via Cookie Settings in your account.
10. Contact & Data Controller
ForjeGames LLC is the data controller for personal data processed by the Service.
Company: ForjeGames LLC
Owner: Dawsen Porter
Privacy inquiries: privacy@forjegames.com
DPA / GDPR inquiries: dpa@forjegames.com
Last updated: March 28, 2026