Privacy Policy

Last updated: May 7, 2026

ForgeApply is operated by Dripped Out Cart, LLC, a California limited liability company ("ForgeApply," "we," "us," or "our"). This Privacy Policy describes how we collect, use, and share your information when you use our website, browser extension, and related services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google, we receive your name, email, and profile picture from Google.

Resume Data

When you upload a resume, we store the file and extract structured data (skills, experience, education) using AI. This data is used solely to provide you with job matching, resume tailoring, and cover letter generation.

Job Application Data

We store the jobs you save, applications you mark as submitted, follow-up reminders you set, generated cover letters, and any notes you add. This data lets you track your job search through the Service.

Usage Data

We collect anonymized usage data including pages visited, features used, and performance metrics to improve the Service.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. We receive only the last 4 digits, card brand, and billing status from Stripe.

Browser Extension Data

The ForgeApply browser extension activates only on supported job application websites (such as Greenhouse, Ashby, LinkedIn, Indeed, Glassdoor, and Wellfound). When active, it reads the content of the job listing or application page you are viewing in order to extract job details and fill in application forms on your behalf. The extension does not read or transmit content from websites that are not job application sites.

2. How We Use Your Data

  • Provide the Service: Resume parsing, job matching, AI content generation, application tracking
  • Improve the Service: Anonymized analytics to identify and fix issues
  • Communications: Transactional emails (account confirmation, password resets, billing receipts, follow-up reminders, weekly digests), product updates (you can opt out)
  • Security: Fraud detection and account protection

3. AI Processing

To power features like resume parsing, content generation, and answering application questions, we send your resume content and job listing details to third-party AI providers. We currently use Anthropic (Claude) and Google (Gemini). Data sent to these providers is:

  • Transmitted securely via encrypted connections
  • Not used to train AI models (per our agreements with these providers)
  • Not retained by the providers beyond what is needed to generate the response
  • Used only to generate your requested output

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe: For payment processing
  • Anthropic and Google: For AI processing as described above
  • Supabase: For database hosting and authentication
  • Vercel: For application hosting
  • Resend: For transactional email delivery
  • Law enforcement: Only when legally required

5. Data Security

We protect your data with:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security policies on all database tables
  • Hashed passwords (bcrypt via Supabase Auth)
  • Regular security audits
  • Principle of least privilege for all system access

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Your personal data is deleted within 30 days
  • Uploaded resume files are deleted immediately
  • Anonymized usage data may be retained for analytics
  • Billing records are retained as required by law

7. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt out: Unsubscribe from marketing emails

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect and the right to non-discrimination for exercising these rights. We do not sell personal information.

8. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

9. Children

ForgeApply is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be communicated via email to registered users.

11. Contact

For privacy inquiries: support@forgeapply.com