Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

Account Information: Email address and password when you create an account (passwords are hashed by Supabase Auth — we never see them).

Profile Information: Display name, username, and Forge Score (optional fields you control).

Assessment Data: Challenge attempts, answers submitted, scores, time spent per question, and pass/fail outcomes.

Security Data: IP address, browser user agent, and tab-switch counts. Collected solely for anti-fraud and credential integrity purposes.

Usage Data: Pages visited and features used (aggregated, never sold).

Public Credential Data: Credential pages at forgecoach.ai/credentials/[id] are publicly accessible by design. Public data includes skill name, level, score, verification date, and your display name or username. Your email address is never public.

2. How We Use Your Information

  • To provide and personalize the Service
  • To generate AI-powered assessment questions and scoring
  • To track your credentials and Forge Score over time
  • To improve and develop new features
  • To communicate with you about the Service
  • To send optional email reminders and updates (which you can disable)

3. Data Storage and Security

Your data is stored securely using:

  • Supabase: For account and application data (encrypted at rest and in transit)
  • Row Level Security: Database policies ensure users can only access their own data

We implement industry-standard security measures including encryption, secure authentication, and access controls. However, no system is 100% secure. You use the Service at your own risk.

4. Data Sharing

We do NOT sell your personal information. We may share data with:

  • Service Providers: Third parties that help us operate the Service — Supabase (database/auth), Vercel (hosting), Resend (email), Anthropic (AI question generation; no PII is sent to Anthropic), PostHog (product analytics and A/B testing; see Section 7)
  • Legal Requirements: If required by law or to protect our rights

5. AI and Data Processing

We use Anthropic's Claude API to generate scenario-based assessment questions. Only the skill category and difficulty level are sent to Anthropic — no personally identifiable information is included in API requests. Anthropic's privacy policy applies to their processing of this data. We do not use your data to train AI models.

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Delete: Request deletion of your account and data
  • Correct: Update inaccurate information
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from email communications

To exercise these rights, contact us at hello@forgecoach.ai

7. Cookies and Tracking

We use essential cookies for authentication and session management. We also use the following analytics tools:

  • Vercel Analytics: Anonymous, aggregated usage statistics with no personally identifiable information.
  • PostHog: Product analytics and A/B testing. PostHog may collect your anonymized user ID, pages visited, feature interactions, and experiment variant assignments. This data is used to improve the product and measure feature effectiveness. No raw personal information (name, email) is sent to PostHog. You can opt out by contacting us at hello@forgecoach.ai.

You can disable cookies in your browser settings, but some features may not work properly.

8. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children under 18. If you believe we have collected such information, contact us immediately.

9. International Users

Your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

11. European Users (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

12. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email.

14. Contact Us

For privacy-related questions or requests:

Email: hello@forgecoach.ai

← Back to Home