← Back to Home

Privacy Policy

Last updated: February 2026

At Forge, we take your privacy seriously. This Privacy Policy explains how Forge Dev.studio collects, uses, and protects your personal information when you visit forgedev.studio, use Forge Voice (the AI receptionist), or use any custom-built software Forge ships for you.

Information We Collect

We collect information you provide directly to us, such as when you fill out a contact form, request a quote, or subscribe to our newsletter. This may include your name, email address, company name, and project details.

How We Use Your Information

We use the information we collect to maintain and improve our services, communicate with you about your project, and send you updates or marketing materials if you have opted in.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Third-Party Services

We may use third-party services like Google Analytics, Stripe (payment processing), Twilio (voice & SMS delivery), ElevenLabs (voice AI), SendGrid (email delivery), and Firebase (hosting & data storage). These services have their own privacy policies which we encourage you to review. We only share the minimum data necessary with each provider to operate our services.

AI Voice Widget and TCPA Consent Records

When you submit the voice widget intake form on this site, we collect and store your express written consent to receive AI-powered voice calls and SMS messages. The following consent flags are recorded as part of your lead record: consent_terms (agreement to Terms of Service and Privacy Policy), consent_voice (consent to receive AI-powered voice calls), consent_sms (consent to receive text messages), and consent_at (the ISO 8601 timestamp of when consent was given). These records are retained for a minimum of 4 years to comply with TCPA and 10DLC recordkeeping requirements. You can withdraw consent at any time by replying STOP to any message or by emailing support@forgedev.studio.

SMS Messaging & 10DLC

Forge sends SMS text messages to phone numbers you provide (where you have opted in) using A2P 10-Digit Long Code routes registered with The Campaign Registry. Use cases include Forge Voice call summaries, appointment confirmations, account alerts, partner program announcements, and transactional notifications.

We do not sell phone numbers. We do not share phone numbers with third-party marketers. We never send SMS without consent. You can opt out of any SMS by replying STOP to any message, or by emailing support@forgedev.studio. Full SMS terms, frequency, and opt-out instructions are on our SMS Policy page.

Your Rights

You have the right to access, correct, export, or delete your personal data, including phone numbers, email addresses, and any account data. To exercise any of these rights, email support@forgedev.studio. We respond within 30 days.

Cookies and Tracking

We use cookies and similar technologies on forgedev.studio to keep the site functional, measure traffic, and (with consent) improve marketing. We group them into three categories:

• Essential - required for the site to work, including session, security, and load balancing. Always on.
• Analytics - anonymous usage data through Google Analytics 4 (G-PT30MHS79J) so we can see which pages help and which do not. Only set if you accept.
• Marketing - used to measure ad performance and deliver relevant campaigns on third-party platforms. Only set if you accept.

You control what is set through the consent banner shown on your first visit, and you can change your choices at any time by clicking the Cookies link at the bottom-left of any page. Your preferences are stored locally under forge_cookie_consent_v1. You can also control cookies through your browser settings, though blocking essential cookies may prevent parts of the site from working.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the following rights:

• Right to know - request the categories and specific pieces of personal information we have collected about you, the sources, the business purposes for collecting or sharing it, and the categories of third parties with whom we share it.
• Right to delete - request deletion of personal information we have collected about you, subject to limited exceptions (for example, to complete a transaction, detect fraud, or comply with law).
• Right to correct - request correction of inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing - Forge does not sell personal information for money. We do not share personal information for cross-context behavioral advertising unless you have opted in through the cookie consent banner. You may change your choice at any time.
• Right to limit use of sensitive personal information - you may direct us to limit use of sensitive PII to what is necessary to provide the requested Service.
• Right to non-discrimination - we will not deny you services, charge different prices, or provide a different quality of service because you exercised a privacy right.

To exercise any of these rights, email privacy@forgedev.studio with the subject line "CCPA Request." We will verify your identity using reasonable measures (typically by matching the email on your account) before fulfilling the request. Authorized agents may submit requests with written permission and identity verification. We respond within 45 days and may extend once by an additional 45 days where reasonably necessary, with notice.

European Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation gives you the following rights with respect to your personal data:

• Right of access - obtain confirmation of whether we process your personal data and receive a copy.
• Right to rectification - have inaccurate or incomplete personal data corrected.
• Right to erasure - request deletion where the data is no longer necessary, you withdraw consent, or the processing was unlawful.
• Right to restrict processing - ask us to pause processing in specified circumstances.
• Right to data portability - receive personal data you provided in a structured, commonly used, machine-readable format, or have it transmitted to another controller where technically feasible.
• Right to object - object to processing based on our legitimate interests or for direct marketing.
• Right to withdraw consent - where processing is based on consent (for example, marketing cookies), withdraw at any time without affecting prior lawful processing.
• Right to lodge a complaint - with your local supervisory authority. For UK residents, that is the Information Commissioner's Office (ico.org.uk). For EU residents, the authority in the member state of your residence, place of work, or alleged infringement.

Our legal bases for processing include contract performance (to deliver the Services you request), legitimate interests (to secure, improve, and market our products), consent (for analytics and marketing cookies and for email marketing), and legal obligation (for tax, accounting, and compliance records).

International Data Transfers

Forge is headquartered in the United States and processes data on US-based infrastructure. When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the US or other countries that have not been found to provide an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary technical and organizational measures, to protect that data. A copy of the SCCs we use is available on request at privacy@forgedev.studio.

Data Retention

We keep personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

• Account data - retained during your active subscription and for 90 days after cancellation or account closure, after which it is deleted or anonymized, subject to backup rotation.
• Billing and tax records - retained for 7 years to comply with US tax and accounting laws.
• SMS consent logs - retained for 4 years to comply with TCPA and 10DLC recordkeeping expectations.
• Call recordings and transcripts (Forge Voice) - retained per the Customer's configuration, defaulting to 30 days, and then deleted unless the Customer exports or extends.
• Security and audit logs - retained for up to 13 months to support incident investigation.
• Marketing contact data - retained until you unsubscribe or ask us to delete.

Data Protection Officer

To raise a privacy concern, submit a rights request, or ask a question about this policy, contact our Data Protection Officer at privacy@forgedev.studio. We respond to all verifiable requests within the timeframes required by the applicable law (typically 30 days under GDPR, 45 days under CCPA).

Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@forgedev.studio.