Privacy Policy

We collect the following categories of information: Account Information: When you register, we collect your name, email address, and authentication credentials (via Clerk). If you connect third-party services (Google, GitHub, Slack, etc.), we receive OAuth tokens and any profile information returned by those services. Usage Data: We log the actions you take inside ConjureForge — builds you initiate, agents you create, connectors you activate, and prompts you send. This data is used to improve model quality, debug issues, and enforce fair-use limits. Project Data: Code, files, agent configurations, and memory stored on our platform. This data belongs to you. We access it only to execute your instructions and to provide the service. Billing Information: We use Stripe to process payments. We do not store your card details. Stripe's privacy policy governs payment data. Device and Log Data: IP addresses, browser type, referral URL, and standard HTTP request metadata. Used for security, analytics, and abuse prevention.

We use your information to: — Provide, operate, and improve the ConjureForge platform — Execute build requests and agent tasks on your behalf — Process billing and send transactional emails — Monitor for abuse, fraud, and security incidents — Comply with legal obligations We do not sell your data to third parties. We do not use your project code or agent content to train external AI models without your explicit consent.

Your data is stored on Supabase infrastructure hosted in the AWS ap-southeast-1 (Singapore) region. Backups are retained for 30 days. Account data is retained for as long as your account is active. Build logs and agent history are retained for 90 days by default. You can request deletion at any time via Settings → Data or by emailing privacy@conjureforge.app. Project files stored in our managed sandbox are ephemeral by default. Files you explicitly publish or push to GitHub are retained in those external systems under their respective policies.

We share data with the following categories of third-party services, only as necessary to operate the platform: Infrastructure: Supabase (database + storage), Vercel (hosting), Netlify (published app hosting), Cloudflare (CDN). Authentication: Clerk (login, session management). Payments: Stripe (billing, subscriptions). AI Providers: OpenRouter, OpenAI, Anthropic, Google. Prompts and responses are transmitted to these providers to execute your build requests. We use their API terms. We do not share your email or account details with AI providers. Connectors: When you activate a connector (e.g. Gmail, GitHub), your OAuth token is stored encrypted and used only to execute actions you request. All third parties are under contractual obligation to protect your data.

Depending on your location, you may have the following rights: Access: Request a copy of the personal data we hold about you. Correction: Request correction of inaccurate data. Deletion: Request deletion of your account and associated data. Portability: Request your data in a machine-readable format. Objection: Object to processing for direct marketing. Withdrawal: Withdraw consent for optional processing at any time. To exercise any right, email privacy@conjureforge.app. We will respond within 30 days.

We use session cookies for authentication (managed by Clerk). We use minimal analytics to understand aggregate usage patterns. We do not use cross-site tracking cookies or fingerprinting. You can disable cookies in your browser settings. Disabling session cookies will prevent you from logging in.

We implement industry-standard security practices: TLS encryption in transit, AES-256 encryption at rest for sensitive data, row-level security on all database tables, and regular security audits. OAuth tokens and API keys are stored encrypted. Your BYOK (Bring Your Own Key) API keys are stored using field-level encryption and are never logged. Despite our best efforts, no system is 100% secure. If you believe you have found a security vulnerability, please disclose it responsibly to security@conjureforge.app.

ConjureForge is not directed at children under 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal data, we will delete it promptly.

We may update this privacy policy. When we do, we will update the "Last updated" date at the top of this page and notify you by email if the changes are material. Continued use of the service after notification constitutes acceptance.

Privacy inquiries: privacy@conjureforge.app General contact: hello@conjureforge.app Malkarian Enterprises Pty Ltd, Australia