Privacy Policy — Forge AI LLC

Forge AI LLC ("Forge," "we," "us," or "our") provides AI-assisted operational support services to small businesses, delivered through our agent system known as "Blue." This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our website at forgefurther.ai (the "Site") and our services (the "Services").

This Policy is written for two audiences:

Part 1 addresses information about the small business owners, operators, and authorized users who engage Forge directly as customers (each, a "Customer").
Part 2 addresses information about the third parties whose data passes through Blue in the course of providing services to a Customer — for example, a Customer's own clients, vendors, employees, or contacts (each, an "End Party").

If you have questions about this Policy, contact us at [email protected].

1. Scope and Roles

Forge serves small businesses across many industries, including (but not limited to) professional services, trades, retail, hospitality, healthcare administration, consulting, and field services. The Services are designed for businesses with fewer than 100 employees.

Under applicable privacy laws including the California Consumer Privacy Act ("CCPA") and similar state laws:

With respect to information about Customers and Site visitors, Forge acts as a business (controller).
With respect to information about End Parties processed by Blue on behalf of a Customer, Forge acts as a service provider (processor) to the Customer. The Customer is the business (controller) of that information and determines the purposes and means of its processing. Forge processes End Party information only to provide the Services to the Customer, in accordance with the Customer's agreement with Forge.

Part 1 — Information About Customers and Site Visitors

2. Information We Collect from Customers

2.1 Information You Provide

When you visit the Site, request a demo, sign up for a Forge account, or use the Services, we may collect:

Identity and contact information: name, business name, email address, phone number, mailing address.
Account information: username, password (stored only as a salted hash), authentication tokens, role within your organization.
Business information: industry, business size, location, tools currently in use, deployment preferences, autonomy-level configurations selected for Blue.
Billing information: payment method details (processed by our payment processor; Forge does not store full payment card numbers), billing address, transaction history, subscription tier.
Support and communications: content of emails, support tickets, chat messages, feedback, and other communications with us.

2.2 Information Collected Automatically

When you use the Site or the Services, we may automatically collect:

Device and technical information: IP address, browser type and version, operating system, device identifiers, time zone, language preferences.
Usage information: pages viewed, links clicked, referring URLs, session duration, feature usage.
Cookies and similar technologies: see Section 11 below.

2.3 Information from Third-Party Services You Connect

When you authorize Forge to connect to third-party services on your behalf — for example, QuickBooks Online, Gmail, Google Calendar, or other business tools — we receive information from those services through the connection you authorize. This may include:

From QuickBooks Online: chart of accounts, customer and vendor lists, invoices, bills, payments, transactions, accounts receivable and payable balances, items, attachments, and other financial documents stored in your QuickBooks Online account.
From Gmail: email messages, attachments, sender and recipient information, and metadata necessary to perform the workflows you have authorized.
From Google Calendar: event titles, dates, times, attendees, and locations.
From other connected services: the data fields necessary to perform the workflows you have authorized, as disclosed at the time you connect each service.

We access these third-party services only after you expressly authorize the connection through OAuth 2.0 or an equivalent secure authorization mechanism, and only within the scopes necessary to perform the Services. You may revoke any authorization at any time as described in Section 6 and at forgefurther.ai/disconnect.

3. How We Use Customer Information

We use Customer information to:

Provide, operate, maintain, and secure the Services, including executing the workflows you have configured Blue to perform;
Process transactions and manage your account, billing, and subscription;
Communicate with you about your account, the Services, security advisories, product updates, and customer support;
Improve the Services, develop new features, conduct internal research and analytics, and monitor performance;
Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity;
Comply with legal obligations, respond to lawful requests, and enforce our agreements.

We do not use your QuickBooks data, Gmail content, calendar data, or other data accessed from third-party services for advertising, marketing to third parties, or to train artificial intelligence models for use outside of providing the Services to you.

4. How We Share Customer Information

We share Customer information only as described below:

Service providers and subprocessors: We share information with vendors who help us operate the Services. A current list of subprocessors is maintained at forgefurther.ai/subprocessors. We require subprocessors to maintain appropriate confidentiality and security safeguards.
Legal compliance: We may disclose information when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to comply with legal process or to protect the rights, property, or safety of Forge, our Customers, or others.
Business transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred to a successor or acquirer. We will provide notice of any such transfer where required by law.
With your consent: We share information with other parties when you direct us to do so.

We do not sell Customer or End Party personal information.

5. Artificial Intelligence and Model Training

The Services use third-party large language models, including those provided by Anthropic, PBC, to power Blue's reasoning. Forge does not own or train these underlying models. Our agreements with our AI subprocessors prohibit them from using your data to train their models for the benefit of other customers.

Forge does not use Customer or End Party content (including QuickBooks data, Gmail content, calendar events, or transaction records) to train artificial intelligence models. We may use aggregated, de-identified usage statistics (such as workflow completion rates, error frequencies, and average response times) to improve the Services, but only in a form that does not identify any individual Customer or End Party.

6. Your Rights and Choices

Depending on where you reside, you may have rights under applicable privacy laws, including:

Access: request a copy of the personal information we hold about you.
Correction: request that we correct inaccurate personal information.
Deletion: request deletion of your personal information, subject to legal retention requirements.
Portability: request a copy of your information in a portable format.
Opt-out: opt out of certain processing activities, including the sale or sharing of personal information (Forge does not sell personal information).
Withdraw consent: revoke any consent you previously provided.

You may also disconnect Forge from any third-party service at any time. For step-by-step instructions on revoking Forge's access to QuickBooks Online, Gmail, Google Calendar, or other connected services, see forgefurther.ai/disconnect.

To exercise any of these rights, contact [email protected]. We will respond within the timeframes required by applicable law.

7. Data Retention

We retain Customer information for as long as your account is active and for a period afterward as follows:

Account information — retained for the duration of your subscription and for up to seven (7) years after termination, to comply with tax, audit, and legal recordkeeping obligations.
Operational data and logs — retained for ninety (90) days in active form, then archived in a reduced form for up to two (2) years for security, audit, and incident response purposes.
Data accessed from connected third-party services — Forge does not maintain a permanent copy of your QuickBooks, Gmail, or calendar data on our central infrastructure. We process this data in memory and in transient working storage on the deployed hardware to perform the Services. Workflow outputs (such as draft invoices, scheduled reports, and communication drafts) are stored locally on the deployed unit at your premises.
On request deletion — when you request deletion of your account or data, we will delete personal information within thirty (30) days, except for information we are required to retain by law or for legitimate business purposes (such as fraud prevention, dispute resolution, or compliance with tax obligations).

We store information in the United States.

8. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

Encryption — TLS 1.2 or higher for data in transit; full-disk encryption (FileVault) on deployed hardware for data at rest.
Access controls — role-based access, multi-factor authentication for administrative access, and least-privilege principles.
Credential management — OAuth tokens and API credentials stored in macOS Keychain or equivalent secure credential storage; never in plaintext.
Network security — encrypted network access for remote management via Tailscale; firewall and stealth mode enabled on deployed units.
Monitoring and logging — health checks every five minutes; structured transaction logs; anomaly detection on integration activity.
Incident response — we will notify affected Customers of any data breach affecting their personal information within seventy-two (72) hours of discovery, where required by law and to the extent we are able to identify the scope of impact.

No system is perfectly secure. You are responsible for protecting your account credentials and for promptly notifying us of any suspected unauthorized access.

Part 2 — Information About End Parties

9. Information Forge Processes on Behalf of Customers

When a Customer uses the Services, Blue may process information about End Parties — that is, the Customer's own customers, vendors, employees, contacts, or other third parties whose data appears in the Customer's connected business systems. Examples include:

A small business engages Forge. Blue reviews the small business's invoicing in QuickBooks, identifies overdue invoices, and drafts follow-up emails to the small business's clients. The clients' names, email addresses, invoice amounts, and payment status are End Party information.
A small business asks Blue to draft replies to inbound customer inquiries. The inquiry contents and customer email addresses are End Party information.
A small business connects its calendar to Blue. Meeting attendees' names and email addresses are End Party information.

For all End Party information, Forge acts as a service provider (processor) to the Customer, not as a business (controller). The Customer determines what data Blue accesses, what workflows Blue performs, and how outputs are used. Forge processes End Party information solely to provide the Services to the Customer in accordance with the Customer's agreement with Forge.

10. Information for End Parties

If you are an End Party — for example, a customer of a Forge Customer — and you have questions about how your information is being used:

Contact the Customer first. The Customer (the small business that engages Forge) is the controller of your information and is the appropriate point of contact for access, correction, deletion, or other requests.
Forge's role is limited. We process End Party information only on instructions from the Customer. We do not use End Party information to market to End Parties, do not sell End Party information, and do not use it to train AI models (subject to the aggregated and de-identified exception in Section 5).
You may also contact us. If you cannot reach the Customer or believe we may be processing your information improperly, contact [email protected]. We will refer your request to the appropriate Customer and assist where required by law.

11. Cookies and Tracking Technologies

The Site uses cookies and similar technologies to operate the Site, remember your preferences, and analyze usage. You can control cookies through your browser settings. Essential cookies are required for the Site to function; optional analytics cookies are subject to your consent where required by law.

We do not use cookies for cross-context behavioral advertising. We honor Global Privacy Control ("GPC") signals as opt-out preference signals where applicable.

12. Children's Privacy

The Services are designed for business use by adults. We do not knowingly collect personal information from children under sixteen (16) years of age. If you believe a child has provided us with personal information, please contact [email protected] and we will take appropriate steps to delete it.

13. International Users

Forge operates from and stores data in the United States. If you are accessing the Services from outside the United States, you understand that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you consent to this transfer.

14. Third-Party Links

The Site may contain links to third-party websites or services not operated by Forge. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal information.

15. Changes to This Policy

We may update this Policy from time to time. We will post any changes on this page and update the "Last Updated" date at the top. If we make material changes, we will provide additional notice (such as by email to your account contact). Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

16. Contact Us

If you have questions, requests, or concerns about this Policy or our privacy practices, contact:

Forge AI LLC
4392 Fox Hunt Drive
Bargersville, Indiana 46106
[email protected]

For California residents, the contact above also serves as our designated address for CCPA inquiries.

This Privacy Policy applies to Forge AI LLC and the Services described above. It does not apply to third-party websites, products, or services, including Intuit's QuickBooks Online, Google Workspace, or any other connected third-party platform, each of which is governed by its own privacy policy.