Privacy Policy | GabForge

1. At a glance

Question	Answer
Do you sell my data?	No. Never. Not to advertisers, not to data brokers, not to AI-training partners.
Do you use my chats to train your models?	No by default. Training uses opt-in donated data only.
Where does my data live?	Germany — app data and our self-hosted GPU servers for AI inference are both in Germany.
If I use BYOK, does my data pass through you?	We orchestrate the call (prompt assembly, plugin execution) and then forward to your provider using your key. We don't store the AI response beyond what your session needs.
How long do you keep it?	See §8 Retention. Account data for as long as you're a user; chats until you delete them; logs ≤ 90 days.
How do I delete my account?	Settings → Account → Delete. One-click, 30-day grace window, then hard delete.
Who do I contact?	`privacy@` on the TLD you used. India users: additionally `grievance@gabforge.in`.

2. Who we are (data controllers)

All GabForge domains are operated by a single company, GABFORGE UNLIMITED, which is the data controller for every GabForge product:

Site	What it's for	Contact
`gabforge.ai`, `gabforge.live`, `gabforge.in`	The GabForge Everyday app and subsite hosting	`privacy@gabforge.ai`
`gabforge.org`	Open-source projects, community forum, donations	`privacy@gabforge.org`
`gabforge.com`	Company site (investor / press / careers)	`privacy@gabforge.com`

One GabForge account. You have a single GabForge account that works across all of these products. You sign in once with GabForge OAuth — the same simple "sign in with GabForge" button, just like signing in with Google — and you're signed in everywhere. There is no separate per-site account and nothing to link up. GABFORGE UNLIMITED is the data controller across the board. If the company is ever sold or reorganised, your data moves with the product it belongs to (see the Terms of Service for the details).

For India users: GABFORGE UNLIMITED has appointed Founder and CEO T. V. Rao as the Interim Grievance Officer under IT Rules 2021 §3(2). Contact: grievance@gabforge.in. The role is filled by the founder in the interim pending a dedicated hire. As an early-stage startup, we are not currently classified as a Significant Data Fiduciary and do not maintain a statutory Data Protection Officer (DPO).

3. What we collect

3.1 Account data (you give us this at signup)

Email address — required for login and critical notifications.
Password — stored only as an Argon2id hash (memory=64MB, iter=3, parallelism=4). We literally cannot recover it; reset requires email verification.
OAuth identifier — if you sign in with Google / GitHub / Apple, we receive your provider user ID and email from that provider. No other profile data is pulled.
Display name — whatever you choose. Optional.
Country / region — inferred from signup IP for pricing-localisation; you can override.

3.2 Usage data (generated as you use the product)

Chat messages (both yours and the AI's replies) — stored to power conversation history. You can delete individual messages, full conversations, or all history at any time.
Personas and customisations — the personas, agents, and instructions you configure during onboarding and in settings.
Files you upload — documents, images, audio. Retained until you delete them or the account is closed.
Task queue items — scheduled reminders, morning-briefing preferences.
Plugin configurations — which plugins you've installed and their per-plugin settings (never credentials they store — those are encrypted and opaque to us).
Subscription state — tier (free / Pro / Family Caregiver), any active Boosters, billing cycle markers. Payment card numbers are never stored by us — see §5 Payments.

3.3 BYOK credentials (if you add them)

API keys for third-party AI providers (OpenAI, Anthropic, Google, Mistral, Groq, DeepSeek, xAI, Cohere, Together, OpenRouter) — stored AES-256-GCM encrypted, key-wrapped via KMS. Never logged, never displayed back to you after save. To rotate, you paste a new key.
BYOK keys are tied to your GabForge account and used only to run the AI calls you route through them. They are never shared, displayed back, or used for anything else.

3.4 Technical and security logs

Auth events — sign-in, sign-out, password change, failed-login counters (for rate limiting). PII-scrubbed; retained ≤ 90 days.
Request logs — HTTP path, timestamp, response code, IP address (truncated to /24 for IPv4, /48 for IPv6 after 7 days). Retained ≤ 90 days.
Crash / error reports — stack traces with request IDs only; no message content. Retained ≤ 30 days then aggregated.

3.5 Telemetry (opt-in)

If you enable the gabforge.privacy.telemetry toggle (off by default), the client sends one ping every 24 hours containing:

Anonymous install ID (UUID v4, generated locally)
App version, OS platform, CPU architecture, locale
Which built-in models are active
Timestamp

No prompts, no responses, no file contents, no account identifiers are transmitted. See ../Research/Telemetry_Install_Tracking for the full payload spec.

3.6 What we do NOT collect

We do not track you across the web with advertising pixels, fingerprinting, or third-party trackers on signed-in pages.
We do not buy user data from brokers.
We do not read user subsite content (hosted on gabforge.live) for AI training or profiling.
We do not collect biometric data, precise location, health data, or children's data.

4. How we use it (and why we're allowed to)

Purpose	Data used	Legal basis (GDPR)	DPDP equivalent
Provide the product (answer your chats, store your personas, run your tasks)	Account + usage	Contract (Art. 6(1)(b))	Consent + legitimate use
Security (rate limiting, abuse detection, fraud prevention)	Auth events + request logs	Legitimate interests (Art. 6(1)(f))	Legitimate use
Billing (process your subscription and Boosters)	Account + subscription state	Contract (Art. 6(1)(b))	Consent + legitimate use
Legal compliance (retain records where law requires)	As mandated	Legal obligation (Art. 6(1)(c))	Legal obligation
Service improvement (aggregate, anonymised metrics)	Telemetry (if opted in), de-identified logs	Consent (Art. 6(1)(a)) / legitimate interests	Consent
Email us for support	Whatever you send	Consent (Art. 6(1)(a))	Consent

We do not process your data for:

Behavioural advertising
Automated decisions that produce legal effects (no AI-based account bans without human review)
Selling or renting to third parties

Consent Audit-Trail: When you provide explicit consent (e.g., agreeing to these terms or opting into telemetry), the consent event is logged and stored securely in the GabForge database with a UTC timestamp for compliance auditing.

5. Payments

We do not store payment card numbers, CVVs, or bank account numbers. Payments are processed by:

Razorpay (all regions — INR domestic and USD/EUR/GBP via International Payments; UPI / cards / netbanking) — see razorpay.com/privacy

From those providers we receive only: a payment token, transaction status, amount, and the last 4 digits of the card for your receipt. Refund and dispute contact: refunds@ / billing@ on your TLD.

6. One GabForge account across all products

You sign in to every GabForge product with a single GabForge account using GabForge OAuth — the "sign in with GabForge" button that works the same way as signing in with Google. One sign-in covers gabforge.ai, gabforge.live, gabforge.in, gabforge.org, and any product we add later.

There is no separate account per site and nothing you need to "link up."
Your session is protected with secure, httpOnly cookies; sign-in across sites uses the standard OAuth 2.1 redirect, not shared cookies.
You can sign out of all GabForge products from Settings → Security, and delete your account (which removes it everywhere) from Settings → Account → Delete.

7. AI inference — where your chats actually go

This section matters more than any other, so we've written it in plain language.

7.1 Default path (self-hosted GF Everyday v1)

When you chat with GF Everyday on the free tier or on Pro without BYOK, your message goes to our own GPU servers in Germany. The model runs on hardware we own and operate ourselves. Your message and its response are:

Processed in memory only. Not written to a third-party AI vendor's servers.
Stored in your account's conversation history on our Hetzner (Germany) database.
Never used for model training unless you explicitly opt in to "donate this conversation for model improvement" (off by default; can be revoked).

7.2 BYOK path

If you've added a third-party API key (OpenAI, Anthropic, Google, etc.) and selected that provider for a chat, your message is:

Assembled into a prompt on our servers (so plugins, tools, and your persona instructions are applied).
Sent from our server to your chosen provider's API, authenticated with your key.
The response comes back to us, is returned to you, and saved in your chat history.

What this means for you: that message is now subject to the chosen provider's privacy policy too. OpenAI, Anthropic, and Google each have their own data-handling terms for API usage — most do not train on API inputs by default, but please verify your provider's settings. We cannot speak for them.

7.3 Plugins and tools

Plugins that call third-party APIs (e.g., a weather plugin calling OpenWeather, a calendar plugin calling Google Calendar) send only the data necessary for that call. Each plugin declares what it transmits in its manifest; you can review this in Settings → Plugins → [plugin] → Permissions.

8. Retention

Category	Retention
Account profile	Until you delete the account
Chat history	Until you delete it (per-message, per-conversation, or bulk)
Uploaded files	Until you delete them
Deleted account data	30-day grace window, then hard-deleted from live databases. Backup purge within 90 days.
Request logs	≤ 90 days
Auth logs (success / failure)	≤ 90 days
Crash reports	≤ 30 days then aggregated
Telemetry (if opted in)	≤ 13 months, then aggregated
Billing records	8 years (Companies Act 2013 §128 — statutory minimum for books of account)
Legal-hold data	For the duration of the hold

9. Your rights

Everyone, regardless of jurisdiction, has the following rights with us:

Access — download all your data via Settings → Privacy → Export My Data.
Correction — edit profile fields; for fields you can't self-edit, email privacy@.
Deletion — Settings → Account → Delete, or email privacy@.
Portability — export is a machine-readable JSON + original files.
Opt out — telemetry and any email beyond critical-account notices.

9.1 EU / UK residents (GDPR + UK GDPR)

In addition to the above:

Right to object to processing based on legitimate interests.
Right to restrict processing while a complaint is open.
Right to lodge a complaint with your supervisory authority (e.g., Irish DPC, UK ICO).

Controller-of-record for EU/UK: GABFORGE UNLIMITED. Please note that GabForge primarily targets the India and Global markets and does not actively target the European Union. We therefore do not maintain an EU Representative under GDPR Art. 27.

9.2 India residents (DPDP Act 2023)

In addition to the above:

Right to grievance redressal — contact grievance@gabforge.in. We will respond within 15 days per IT Rules 2021 §3(2).
Right to nominate — you may nominate another person to exercise your rights in case of incapacity (process documented at gabforge.in/legal/nominate).
Right to consent withdrawal — at any time, with the same ease as giving consent.

Interim Grievance Officer: T. V. Rao (Founder & CEO), contactable at grievance@gabforge.in or by mail at 142, Spanzilla, Gulam Ali Guda, Parvathapur Road, Medipally, Hyderabad 500098.

9.3 California residents (CCPA / CPRA)

We do not "sell" or "share" personal information as defined under CCPA. You still have the right to know, delete, correct, and limit use of sensitive personal information — exercise via Settings → Privacy or privacy@gabforge.ai.

10. International transfers

EU users: data is processed in Germany (app data and our self-hosted GPU servers). Germany is inside the EU — no transfer mechanism needed. No US processors handle EU user content by default.
India users: data is processed in the EU (Germany). The DPDP Act permits cross-border transfer unless the Central Government restricts a country; Germany is not currently restricted.
BYOK users: when you bring an API key for a US provider (OpenAI, Anthropic, Google), prompts you route to that provider are transferred to that provider's jurisdiction — by your instruction, under that provider's terms.

11. Cookies and similar

We use the minimum necessary:

Essential cookies — session cookies (__gfss, auth tokens). Cannot be disabled; without them, sign-in breaks.
Functional cookies — your theme preference, last-used persona. Can be disabled in Settings → Privacy.
Analytics cookies — none on signed-in pages. Marketing pages (/, /about, /pricing) may use privacy-respecting analytics (Plausible or similar, no cross-site tracking). Disabled under Do-Not-Track headers.
Advertising cookies — none, ever.

A cookie banner is shown on first visit where legally required (EU, UK, India).

12. Security

TLS 1.3 on every endpoint; HSTS preloaded.
Passwords hashed with Argon2id; never reversible.
BYOK keys encrypted at rest (AES-256-GCM) with KMS-wrapped keys.
2FA available (TOTP) for all users; highly recommended for Pro users and required for admin roles.
Security.txt published per RFC 9116 at /.well-known/security.txt on every TLD, pointing to security@ for responsible disclosure.
Suspected breach: reported to affected users and the relevant supervisory authorities within 72 hours per GDPR; per DPDP Act, notified to the Data Protection Board of India in the manner prescribed.

13. Children

GabForge is not intended for children under 18. We do not knowingly collect data from children under 18. If you believe a child has created an account, email privacy@ and we will delete the account and its data.

The Student persona in our onboarding is written for post-secondary students (college, university, graduate). Primary/secondary school students should use the product only under a parent or guardian's account and supervision, with all data subject to that adult's control.

14. Changes to this policy

Material changes are announced by email (to the account email) at least 30 days before taking effect.
Non-material changes (typos, clarification, new contact addresses) are published with an updated "Last modified" date.
You can review the policy's edit history via the public CHANGELOG section below.

15. Contact

Purpose	Address
General privacy questions, access / deletion requests	`privacy@` on the TLD you used
India Interim Grievance Officer (T. V. Rao)	`grievance@gabforge.in`
Copyright / DMCA takedown	`dmca@` on the TLD hosting the content
Security vulnerabilities	`security@` on any TLD
Legal notices	`legal@` on the TLD of incorporation

Note: As an early-stage startup, we do not require a statutory Data Protection Officer (DPO) or Nodal Contact Person under current Indian regulations.

Full list with scope and SLA: Email_Addresses. Physical correspondence: GABFORGE UNLIMITED, 142, Spanzilla, Gulam Ali Guda, Parvathapur Road, Medipally, Hyderabad 500098.

Which sections apply to which users

This Privacy Policy is the same across every GabForge site that publishes it. Every user gets the same policy; the table below is a reader's guide to which sections materially apply to which user group.

User group	Sections that apply in addition to the baseline
Any user (global baseline)	§1–§8 (collection, use, retention), §9.1 (universal rights), §10–§12 (transfers, security, incidents), §13–§16 (children, updates, contact)
India residents / `gabforge.in` users	+ §9.2 (DPDP Act 2023 rights), Interim Grievance Officer contact at `grievance@gabforge.in` (T. V. Rao), IT Rules 2021 §3(2) SLAs
EU / UK residents	+ §9.4 (GDPR / UK GDPR rights); Art. 27 representative not currently appointed (see §9.4)
California residents	+ §9.3 (CCPA / CPRA rights and non-sale attestation)
`gabforge.live` subsite publishers	+ §7.3 (user-as-controller for subsite content), DMCA path at `dmca@gabforge.live`
`gabforge.org` users	OSS-specific: Pro / Booster sections do not apply; donations are governed separately — see Donation_Page
`gabforge.com` visitors	Corporate-only scope: no user-product data collected; investor / press / careers contact applies