Privacy Policy — ForgeBaaS

1. What we collect

Account data: email address, name, and password hash.
Project data: the rows you store via our API and your project metadata.
Usage data: API request logs (method, endpoint, status code, timestamp).
Billing data: handled by Stripe — we never see your card number.

2. How we use your data

We use your data to operate the service: authenticating you, serving your API requests, billing you for paid plans, sending essential service emails, and preventing abuse. We do not sell your data to third parties.

3. Data isolation guarantee

Every row of your project data is tagged with your project_id and protected by row-level security policies. Customers can never read or write each other's data. Service-role API keys are restricted to your own projects.

4. Data deletion

Deleting your account from the Settings page permanently removes your profile, all projects, all API keys, all tables, all rows and all logs from our database. Backups are purged within 30 days.

5. Service providers

We rely on these processors: Supabase (database hosting), Stripe (payments) and Cloudflare (edge runtime). All process data only on our behalf.

6. Cookies

We use a single session cookie for authentication and localStorage for UI preferences (theme, layout). No third-party tracking or advertising cookies.

7. Your rights

You can access, export, or delete your data at any time. For GDPR/CCPA requests beyond what's available in the dashboard, email privacy@forgebaas.com.

8. Contact

Privacy questions: privacy@forgebaas.com.