FORGE, Privacy Policy

Effective date: May 27, 2026 · Last updated: June 1, 2026

This Privacy Policy explains how Forge ("FORGE", "we", "us", or "our") collects, uses, shares, and protects information when you use the FORGE service at forgeyourbusiness.ai and any related applications, dashboards, APIs, or services (collectively, the "Service"). By using the Service you agree to the practices described here.

1. Who we are

FORGE is an AI call-center and lead-management platform operated by Forge, based in the United States. For privacy questions contact [email protected].

2. Information we collect

You give us

Account information, name, business name, email, phone number, role, password (stored hashed), business address.
Payment information, collected and processed by our payment provider (Stripe). We do not store full card numbers; we retain only the last four digits, brand, expiry, and a payment-method identifier supplied by the processor.
Customer content, anything you put into FORGE: contact records, leads, notes, agent personas, scripts, call lists, schedules, uploads.
Communications, emails you send us, support tickets, in-app chat with our assistant.

We collect through the Service

Calls and SMS, recordings of calls placed through your FORGE numbers where recording is enabled, transcripts and call summaries, call metadata (numbers, duration, outcome), and SMS content. FORGE's default compliance safeguard records only where the contact's state on file permits one-party-consent recording; recording is automatically disabled for contacts in all-party-consent states and whenever the contact's state is unknown (see Section 7).
Usage data, pages viewed, actions taken, agent activity, lead-generation queries, feature usage. Used to operate, secure, and improve the Service.
Device + network, IP address, browser type, device, time zone, referring page, approximate location (country/region) for security and analytics.
Cookies and similar, see Section 14.

We collect from third parties

Identity and lead enrichment, public business data (e.g., from Google Places) returned by the Lead Generator.
Payment processors, subscription status, charge results, fraud signals.
Identity verification, if required for A2P 10DLC, KYC, or fraud prevention.

3. How we use information

To provide and operate the Service (placing calls, sending SMS, generating leads, running agents, sending email).
To bill you and process payments through Stripe.
To send transactional and lifecycle email (welcome, receipts, plan changes, alerts).
To improve the Service (aggregated analytics, debugging, model evaluation, never used to train third-party AI models without your consent).
To prevent fraud, abuse, spam, and violations of our Terms or Acceptable Use Policy.
To comply with legal obligations and respond to lawful requests.

4. Legal bases (EEA / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases are: performance of contract (delivering the Service you signed up for), legitimate interests (security, fraud prevention, service improvement), consent (where required, e.g., marketing cookies), and legal obligation.

5. Service providers and sharing

We share information only with vendors who help us operate the Service, under contract, and only as needed:

Cloudflare, hosting, DNS, WAF, edge functions, D1 database, R2 storage.
Stripe, payment processing, billing, tax calculation.
Twilio (or equivalent), voice + SMS carrier services.
xAI, voice agent and post-call language services.
Anthropic, assistant ("Flint") language services.
Microsoft Graph / Google APIs, email and calendar integration when you connect your account.
Resend, transactional and lifecycle email delivery.
Google Places / Geocoding, business data for the Lead Generator.

We do not sell your personal information. We do not share it with advertisers or data brokers. We may disclose information when legally required (subpoena, court order, lawful government request) or to protect rights, safety, or property.

6. International transfers

Our service providers process data in the United States and other countries. Where required, transfers from the EEA/UK rely on Standard Contractual Clauses or other approved mechanisms.

7. Call recording and AI disclosure

FORGE may use AI agents to converse with callers, and can record inbound and outbound calls placed through your numbers. Some U.S. states require all-party consent to record calls; others require only one party's consent. FORGE's default safeguard decides per contact: calls are recorded only when the contact's state on file is a one-party-consent state; recording is automatically disabled for contacts in all-party-consent states and whenever the contact's state is unknown (fail-closed). A master control in your dashboard can turn recording off entirely. Where recording is disabled, FORGE retains a written summary and operational notes rather than audio or a stored verbatim transcript. You remain responsible for the accuracy of your contact data, for any configuration changes you make, and for any additional disclosures the law requires for your use (e.g., AI identity). Legal compliance for your campaigns remains the customer's obligation under the Terms of Service.

8. SMS and A2P 10DLC

If you send outbound SMS through FORGE, you must comply with the TCPA, A2P 10DLC carrier rules, and obtain proper consent from recipients before texting them. Your A2P brand and campaign registration must be active.

9. Children

The Service is not directed to anyone under 18, and we do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact [email protected] and we will delete it.

10. Retention

We keep account information for the life of your account and for a reasonable period after closure (typically up to 24 months) to comply with legal and tax obligations. Call recordings and transcripts are kept for 12 months by default; you can request earlier deletion. Aggregate, de-identified data may be kept indefinitely.

11. Your rights

Depending on your location, you may have rights to:

Access the personal information we hold about you.
Correct inaccurate or incomplete information.
Delete your information ("right to be forgotten").
Export your information in a portable format.
Object to or restrict certain processing.
Withdraw consent at any time (without affecting prior processing).
Opt out of "sale" or "sharing" (we do not sell or share for cross-context advertising) and limit use of sensitive personal information, applicable to California residents under the CCPA/CPRA.
Lodge a complaint with your local data protection authority.

Submit requests to [email protected]. We will respond within the timeframes required by applicable law.

12. Security

We use TLS encryption in transit and encryption at rest for stored data. We delegate card storage to Stripe (a PCI Level 1 service provider) and never directly handle card numbers. We enforce per-tenant isolation, role-based access control, audit logging, and multi-factor authentication via Cloudflare Access. No system is perfectly secure, but we work to maintain commercially reasonable safeguards. If we learn of a breach affecting your personal information we will notify you and the relevant authorities as required by law.

13. Customer data (when you are an end-user of one of our customers)

If you interact with a FORGE customer (for example, a contractor's AI receptionist answers your call), that customer is the data controller of your information for that interaction. FORGE acts as a data processor on the customer's behalf. Direct privacy requests to that customer; we will assist them in responding.

14. Cookies

We use a minimal set of cookies: essential (authentication, security), and analytics (privacy-preserving page metrics through Cloudflare Web Analytics and Microsoft Clarity for behavior insight). We do not use advertising cookies. Where required we will present a cookie banner; you may decline non-essential cookies.

15. Third-party links

Our site may link to third-party sites we don't control. Their privacy practices are governed by their own policies.

16. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-app at least 14 days before they take effect. The "Effective date" above tells you the version currently in force.

17. Contact

Forge AI, LLC (FORGE)
1200 Lake Saint Louis Blvd #1060
Lake Saint Louis, MO 63367, United States
Email: [email protected]
Legal: [email protected]

← Back to forgeyourbusiness.ai · Terms of Service