Privacy Information
A grounded starter summary of the kinds of data Forge currently uses and why. This is designed to be edited as the platform grows.
What this page is for
This page reflects Forge's current product behavior rather than making broad legal claims. It is based on the platform's existing account system, role and permission controls, session and 2FA flows, persisted notifications, profile features, issue handling, changelogs, client and project workspaces, and vault-related secure record handling.
Overview
This Privacy page is a practical starter summary of the kinds of data Forge currently uses and stores based on the platform as implemented today.
Forge is an account-based work platform. Depending on how the platform is used, it can process account information, session and security data, permissions, notifications, project and client-related records, issue reports, profile settings, and other operational platform activity.
What Data May Be Collected Or Stored
Forge may store information that users or administrators provide directly, along with system-generated records created while the platform is operating.
That can include identity and profile details, account status information, access-control mappings, project and client workspace records, issue and comment activity, changelog content, notifications, and security-related event data where applicable.
Account And Profile Data
Forge accounts currently use data such as email address, username, password hash, profile photo, language, role assignments, and self-service profile settings.
Depending on permissions and visibility rules, some profile information may be shown to the account owner, administrators, or other users with scoped access to relevant data.
Session, Authentication, And Security Data
Forge uses PHP sessions, remember-me restoration, and second-factor authentication flows. The platform may process session identifiers, remember-me tokens, pending authentication state, second-factor challenge records, password reset requests, and lockout-related records.
Security-related data can include timestamps, IP addresses, challenge state, resend and failure counts, and audit-style entries needed to enforce login security and account protection.
Operational And Platform Usage Data
Forge may store or generate operational records connected to normal use of the platform, including notifications, issue activity, comments, mentions, changelog publication events, access requests, and other platform actions.
Depending on the feature, the platform can also maintain timestamps, record ownership, created-by or updated-by references, and activity context needed to keep workflows working correctly.
Notifications And Preferences
Forge uses persisted notifications so users can review important events such as access changes, issue updates, lockouts, manual unblocks, changelog publication, habit sharing, and vault-access changes.
The platform may also store user-facing preferences or settings related to profile behavior, notification state, or similar operational choices where the current feature set supports them.
Client, Project, Workspace, And Vault-Related Data
Where Forge is used for work management, it can store client records, workspace membership, project structure, tasks, notes, reports, comments, and related collaboration data.
Forge also includes secure vault functionality for certain client-scoped sensitive records. Vault entries are handled differently from ordinary text records and are intended for controlled access and protected storage rather than broad visibility.
How Data Is Used
Forge uses data to authenticate users, enforce permissions and workspace access, render the interface, route notifications, operate issue and changelog workflows, maintain user profiles, support collaboration, and keep platform records connected to the correct users and workspaces.
Data may also be used for security review, troubleshooting, access recovery, misuse prevention, and general platform administration.
Data Access And Permissions
Access to data in Forge is not uniform. What a user can view or change may depend on global permissions, assigned roles, client workspace access, ownership, and record-level rules.
Some information may be visible only to the account owner, some only to administrators or managers, and some only within the client or project scope where the user has access.
Security And Retention
Forge uses practical security measures such as authenticated sessions, permission checks, second-factor verification flows, and protected handling for sensitive vault records. Even so, no platform can promise perfect security or zero risk.
Retention can vary by feature and operational need. Some records are kept as part of ongoing platform history, notifications, issue trails, access governance, or security review. Specific retention rules may be refined later as Forge matures.
Policy Updates
This page is starter content and may be updated as Forge changes. New features, revised workflows, or different operational requirements may lead to updates in how this summary is written.
Where relevant, platform changes may also be reflected through changelogs, in-product updates, or other communication channels used by Forge.
Contact
If you have a Forge account, use the support or issue-reporting path made available to you for product or account questions where appropriate.
For privacy-related questions tied to your workspace or platform usage, contact the platform operator, workspace owner, or administrator through the communication channel provided to you.