Privacy Policy

Last updated: February 28, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google, we receive your name, email, and profile picture from Google.

Resume Data

When you upload a resume, we store the file and extract structured data (skills, experience, education) using AI. This data is used solely to provide you with job matching, resume tailoring, and cover letter generation.

Usage Data

We collect anonymized usage data including pages visited, features used, and performance metrics to improve the Service.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. We receive only the last 4 digits, card brand, and billing status from Stripe.

2. How We Use Your Data

  • Provide the Service: Resume parsing, job matching, AI content generation
  • Improve the Service: Anonymized analytics to identify and fix issues
  • Communications: Transactional emails (password resets, billing), product updates (you can opt out)
  • Security: Fraud detection and account protection

3. AI Processing

Your resume text is sent to our AI provider (Anthropic) for parsing and content generation. This data is:

  • Transmitted securely via encrypted connections
  • Not used to train AI models (per our agreement with Anthropic)
  • Not stored by the AI provider beyond the request
  • Used only to generate your requested output

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe: For payment processing
  • Anthropic: For AI processing (resume text only, not stored)
  • Supabase: For database hosting and authentication
  • Vercel: For application hosting
  • Law enforcement: Only when legally required

5. Data Security

We protect your data with:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security policies on all database tables
  • Hashed passwords (bcrypt via Supabase Auth)
  • Regular security audits
  • Principle of least privilege for all system access

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Your personal data is deleted within 30 days
  • Uploaded resume files are deleted immediately
  • Anonymized usage data may be retained for analytics
  • Billing records are retained as required by law

7. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt out: Unsubscribe from marketing emails

8. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (Plausible) that do not track individual users. See our Cookie Policy for details.

9. Children

ForgeApply is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be communicated via email to registered users.

11. Contact

For privacy inquiries: privacy@forgeapply.com