LEGAL

Privacy Policy

Last updated: . Castforge is a desktop app. Your projects, your code, your prompts, and your AI replies live on your machine, we never see them. Here's the full disclosure of what we do collect, why, and how to control it.

Who we are

Castforge is operated by 9569-2893 Québec inc. (NEQ 1182230160), which acts as the data controller for the personal data described in this policy. Registered address: Saint-Bruno-de-Montarville, Québec, Canada. See our Legal notice for full corporate details.

What you put into Castforge stays local

Your code, prompts, and AI responses never leave your machine via Castforge. The Castforge app sends them directly to your AI provider's CLI, which talks to Anthropic, OpenAI, or Google over its own TLS connection. We never see, log, or store any of it. Conversation history is stored locally in SQLite under your Castforge data directory.

Account data (Supabase)

We store your email and a Castforge-generated UUID in Supabase to authenticate you across the desktop app and the web companion. Retention: until you delete your account.

Billing data (Stripe)

Castforge is free during early access, so there is no billing today. If and when paid plans are introduced and you subscribe, we store your Stripe customer ID, subscription state, and masked card details (last 4 + brand). Stripe holds the full card details, never us. Retention: active subscription + 7 years for accounting + tax-law compliance.

Integration tokens (encrypted at rest)

OAuth tokens for connected integrations (GitHub, Vercel, Supabase) are stored encrypted at rest in Supabase with AES-GCM, then transparently decrypted at request time. We never log token contents in plaintext.

Optional telemetry (default OFF, both toggles)

Castforge ships with two telemetry toggles, both default OFF. You set them in the TelemetryBanner on first run, and you can change them anytime in Settings → Privacy & data.

  • PostHog, anonymous product analytics (feature usage counts, agent picks, button clicks). PII-scrubbed for emails and file paths. No content of prompts, code, or AI responses.
  • Sentry, crash + error reports with stack traces and app version. PII-scrubbed via regex wrapper that strips email addresses and file-path patterns. No replay, no session recording.

Operational telemetry (cannot be disabled)

Castforge sends a single “version_alive” ping 30 seconds after each app launch, containing: {version, anonymous Castforge-generated UUID, status}. This is operational telemetry, not product analytics, it allows us to detect broken releases within minutes and auto-pause distribution. The UUID is generated by your installation and is not linked to your email, account, or any project data.

If you object to operational telemetry on principle, Castforge is not the right tool for you and we'll happily refund you under our 14-day no-questions-asked refund pledge.

Third-party providers we use

We rely on the following vendors to run the service, Supabase (auth + database), Stripe (billing), PostHog (optional analytics), Sentry (optional crash reports), Resend (transactional email), Vercel (hosting), and Cloudflare (DNS + CDN + status page). We have, or will have, a signed Data Processing Agreement (DPA) with each. Email privacy@castforge.ai with the vendor name in the subject (e.g. “Request DPA: Supabase”) to receive a copy.

Your rights, how to exercise them

You have the right to access, export, or delete the data we hold about you. Full self-serve flows ship post-launch; for now, email us and we'll handle each request within 7 days:

  • Access - Request access: JSON dump of your account row, subscription state, integration metadata (token contents are never returned in plaintext).
  • Export - Request export: same as Access, plus any associated billing receipts.
  • Deletion - Request deletion: we erase your row + integration tokens within 30 days. Billing records retained the legal minimum (7 years).

Changes to this policy

We'll email you and show an in-app notice at least 30 days before any material change to this policy. The last-updated stamp at the top of this page reflects the most recent revision.

Questions?

Reach out to privacy@castforge.ai · or support@castforge.ai.

Typical response: within 7 days for rights requests; 2 business days for general questions