Privacy Policy
This Privacy Policy explains how Quiet Forge collects, uses, and protects personal data when you use our Service or visit our website.
1. Data we collect
Account data
Email, name, hashed password, organization name. Required to create and operate your account.
Usage data
Pages viewed, actions performed, IP address, browser/OS metadata, timestamps. Used for analytics, abuse prevention, and product improvement.
Billing data
Stripe processes all card details; we never see them. We store the customer ID, last 4 digits, billing email, and invoice history.
Customer Data
Project, task, and team data you upload. Stored encrypted at rest in EU (Frankfurt).
2. How we use data
To operate the Service, process payments, send transactional and (with your consent) marketing emails, prevent abuse, comply with legal obligations, and improve the product.
3. Sub-processors
We share limited data with the following processors, each bound by a DPA:
- Supabase (US/EU) — managed Postgres + auth.
- Stripe (US/EU) — payments.
- Sentry (US) — error tracking.
- PostHog (EU) — product analytics.
- Crisp (FR) — customer support chat.
- Resend (US) — transactional email.
4. Your GDPR rights
You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data. To exercise any of these rights, email legal@quietforge.tech. We respond within 30 days.
5. Data retention
Account data: retained while your account is active and for 90 days after deletion. Backups: retained 30 days, encrypted. Audit log: per plan (7–365 days, unlimited on Enterprise). Billing records: 7 years (legal obligation).
6. Cookies
We use essential cookies for session management and consent-based analytics cookies. See our Cookie Policy for details.
7. International transfers
Some processors are based in the US. Transfers are protected by Standard Contractual Clauses (SCCs).
8. Changes
We will notify you of material changes by email at least 30 days in advance.
9. Contact
For privacy questions, email legal@quietforge.tech.