Privacy Policy

Last updated: April 9, 2026

1. Overview

Forge is operated by Rebase Labs (“we”, “us”, “our”). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Information

When you create an account via Clerk (our authentication provider), we receive your name, email address, and profile image. Clerk handles password storage — we never see or store your password.

API Keys

If you provide API keys for AI providers (Anthropic, OpenAI, Google AI), they are encrypted at rest using AES-256-GCM. Keys are only decrypted in memory to process your generation requests and are never logged, shared, or used for any other purpose.

Generated Content

We store the code and files you generate through the Service so you can access them in your dashboard. Generated content is associated with your account and is not shared with other users.

Usage Analytics

We collect first-party, privacy-respecting page view analytics. This includes: page URL, referrer, viewport size, and an opaque session identifier stored in sessionStorage (not cookies). We do not collect IP addresses, fingerprints, or any personally identifiable information through analytics. No third-party tracking scripts are used.

3. How We Use Your Data

  • To provide and improve the Service
  • To process your generation requests using your API keys
  • To communicate with you about your account
  • To analyze aggregate usage patterns (no individual tracking)

4. Data Sharing

We do not sell your data. We share data only with:

  • Clerk — authentication provider (processes your login credentials)
  • AI Providers — your prompts are sent to the AI provider whose key you provided (Anthropic, OpenAI, or Google). This happens only when you initiate a generation. Review each provider's own privacy policy for how they handle API requests.

5. Data Security

We use industry-standard security measures including: encrypted data at rest (AES-256-GCM for API keys), HTTPS for all connections, and secure authentication via Clerk. Database access is restricted and audited.

6. Data Retention

Your account data and generated content are retained as long as your account is active. You can delete your API keys at any time from your Account settings. To delete your account and all associated data, contact us.

7. Cookies

Forge uses only essential cookies required for authentication (set by Clerk). We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your generated content

To exercise any of these rights, contact us at the email below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new “Last updated” date.

10. Contact

Questions about this Privacy Policy? Contact us at appcreator@rebaselabs.online.

← Back to Forge