ForgeBack to Forge

Privacy Policy

Last reviewed: June 13, 2026

Draft pending review by outside counsel. Do not rely on this page as legal advice until this notice is removed.

1. Introduction

Forge (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our ownership operating system platform.

By using Forge, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically, and information from third-party sources.

2.1 Information You Provide

  • Account information: name, email address, and authentication credentials
  • Entity data: company names, incorporation details, ownership structures
  • Stakeholder information: names, contact details, equity holdings
  • Document uploads: cap tables, agreements, vesting schedules
  • Communications: support requests, feedback, and correspondence

2.2 Automatically Collected Information

  • Log data: IP addresses, browser type, pages visited, timestamps
  • Device information: operating system, hardware model, unique identifiers
  • Usage data: feature interactions, session duration, error reports
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve Forge’s services
  • To authenticate users and secure account access
  • To process and visualize ownership data, cap tables, and vesting schedules
  • To communicate with you about updates, security alerts, and support
  • To analyze usage patterns and optimize platform performance
  • To comply with legal obligations and enforce our terms

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted at rest and in transit using TLS 1.3
  • Row-level security (RLS) policies enforce per-organization data isolation at the database layer, so accounts cannot read or write each other’s data
  • Access is scoped by role (Owner, Admin, Advisor, Viewer) within each organization

Forge is in private beta. Formal third-party certifications such as SOC 2 are on our roadmap but not yet completed — see our Security page for current status.

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, we remove your data within 90 days, except where legal obligations require longer retention.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following limited circumstances:

  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • To comply with legal requests, court orders, or regulatory requirements
  • In connection with a merger, acquisition, or sale of assets (with continued privacy protections)
  • With your explicit consent or at your direction

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal obligations)
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request limitation on how we process your data
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@forge.app.

7. Cookies and Tracking

We use cookies and similar technologies to authenticate users, remember preferences, analyze usage, and improve our services. You can control cookie settings through your browser preferences. Disabling essential cookies may affect platform functionality.

8. International Data Transfers

Forge operates primarily in the United States. If you access our services from outside the United States, your data may be transferred to and processed in the U.S. We use appropriate safeguards, including Standard Contractual Clauses, to ensure your data receives adequate protection.

9. Children’s Privacy

Forge is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notifications. Continued use of Forge after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Forge Data Protection Officer
Email: privacy@forge.app
Address: 100 First Street, Suite 1000, San Francisco, CA 94105