Privacy Policy

##What This Covers

This Privacy Policy describes what information Forge (forgelaunch.build, the Forge smart contracts on Base, and any Forge-operated API endpoints) collects, how we use it, and how you can control it. Forge is operated as a non-custodial, open-source protocol; we collect the minimum data necessary to provide deployment, fee distribution, and X-handle resolution features.

##Information We Collect

• Wallet address — your connected EVM address (external or Privy-embedded), automatically read by the browser when you connect a wallet.
• X (Twitter) account data — username, display name, profile picture URL, and a stable subject (sub) identifier, obtained via Privy OAuth. Used to render @handle attribution and verify identity when you claim handle-routed fees.
• Email address— only if you sign in via Privy email login. Stored by Privy; we don't maintain a separate copy.
• Token metadata — name, symbol, description, social links, and logo image you submit on deploy. Pinned to IPFS via Pinata and indexed in Upstash Redis keyed to the token address.
• On-chain data — token deployments, trades, fee collections, and claim transactions are public by nature. We do not control or restrict access to this data.
• Server logs — standard request logs (IP, user-agent, path, status) retained briefly for debugging and abuse prevention. Not used for advertising or sold to third parties.

##How We Use This Information

• Operate the Platform — deploy tokens, route fees, resolve @handles
• Verify identity when you claim handle-routed fees (we check that your authenticated X session matches the requested handle hash)
• Render attribution + transparency UI (deployer, fee recipient, profile pages)
• Cache token metadata for fast UI loads via Upstash Redis
• Prevent abuse + diagnose bugs via brief request log retention

##What We Do NOT Do

• Sell personal data to third parties
• Run advertising / analytics trackers (no Google Analytics, no Facebook pixel)
• Custody your private keys — Privy embedded wallets are exportable and remain yours
• Maintain a public "handle → address" registry (resolution is per-request, not enumerable)

##Third-Party Services + Data Sharing

The following services process your data on our behalf. Each has its own privacy policy:

• Privy (privy.io) — X OAuth, embedded wallet provisioning, session verification
• Pinata (pinata.cloud) — IPFS pinning for token logos + metadata
• Upstash (upstash.com) — Redis cache of metadata + response cache for /api/v1
• Vercel (vercel.com) — application hosting + edge function execution
• Alchemy (alchemy.com) — RPC provider for reading + writing to Base
• Basescan / Etherscan — contract verification submissions

##Cookies + Local Storage

We use only essential cookies + browser storage required for authentication (Privy session token) and UI state. No third-party tracking cookies, no advertising IDs.

##Data Security

We implement reasonable safeguards including encrypted transit (HTTPS), minimum-privilege server credentials, and rotation of administrative keys. However, no system is 100% secure. By using the Platform you accept the residual risk of breach beyond our control.

##Your Rights

• Disconnect / delete your Privy account at any time via your account dashboard — this removes your @handle ↔ wallet linkage from our resolver
• Request export of any token metadata you submitted by contacting us via X
• On-chain data (deployments, trades, vault claims) is immutable and cannot be removed retroactively

##Children

The Platform is not directed at users under 18 and we do not knowingly collect data from minors. See the Terms of Service for the eligibility requirement.

##Changes to This Policy

Material changes will be reflected in the "last updated" date and announced via @ForgeLaunchHQ.

##Contact

Privacy questions can be directed via X to @ForgeLaunchHQ.