AuthForge
Legal

Privacy Policy

Effective date: June 21, 2026 · Version 1.0

This Privacy Policy explains how EactiveNet, Inc., the provider of AuthForge (“AuthForge”, “we”, “us”, or “our”), collects, uses, discloses, and safeguards personal information in connection with the authforge.dev website and our paid support and subscription services (the “Services”). AuthForge is self-hosted software: the identities, credentials, and session data processed by your deployment are never transmitted to us. Accordingly, this Policy addresses only the personal information we ourselves process when you visit our website, contact us, or purchase a subscription.

Contents

1. Scope and our role

For personal information processed through our website and commercial Services — for example, the details of a prospective or paying customer — we act as a “controller” (or “business”). For personal information processed inside your Self-Hosted Deployment, including data about your End Users, you are the controller and we are neither a controller nor a processor, because that data does not reach our systems. Where you purchase a paid plan under which we may incidentally process limited personal data on your behalf, our Data Processing Addendum governs that processing.

2. Information we collect

We practice data minimization and collect only what we need to operate our business:

  • Account and billing information — your name, business email, company name, and billing details provided when you register or purchase a Subscription. Payment-card details are collected and processed directly by our payment processor; we do not store full card numbers.
  • Communications and support information — the contents of messages, logs, or diagnostics you choose to share when you contact us for sales or support.
  • Website and technical information — limited information necessary to deliver and secure the Site, such as IP address and request metadata recorded in server logs. Our public marketing pages load no third-party analytics, advertising, or tracking technologies.

We do not knowingly collect special categories of personal data through our website, and we ask that you not submit such data to us in support communications.

3. How we use information

We use personal information to: provide, maintain, and bill for the Services; authenticate account holders and prevent fraud or abuse; respond to your inquiries and provide support; send administrative and service communications, and, where permitted, relevant product updates from which you may opt out; maintain the security, integrity, and availability of our systems; and comply with our legal, tax, and accounting obligations. We do not sell personal information, and we do not use it for cross-context behavioral advertising.

4. Legal bases for processing

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases: performance of a contract, to provide the Services you request; legitimate interests, to secure, operate, and improve our Services and communicate with our business customers, balanced against your rights; consent, where required, such as for certain marketing communications, which you may withdraw at any time; and compliance with legal obligations, such as tax and recordkeeping requirements.

5. How we disclose information

We disclose personal information only as described in this Policy: to service providers and sub-processors acting on our behalf under written contracts; to professional advisors such as auditors and counsel; to comply with applicable law, regulation, legal process, or enforceable governmental request; to protect the rights, property, or safety of the Company, our customers, or others; and in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy. We do not sell or rent personal information to third parties.

6. Service providers and sub-processors

We engage a limited set of vetted service providers — for example, payment processing, invoicing, email delivery, and customer-support tooling — that process personal information on our behalf and are contractually bound to protect it and to use it only to provide their services to us. A current list of sub-processors used for paid Services is available on request and is maintained in connection with our Data Processing Addendum.

7. International data transfers

We may process and store personal information in countries other than the one in which you reside, including the United States. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with supplementary measures where required.

8. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including for the duration of your relationship with us and thereafter as required to comply with our legal, tax, accounting, and recordkeeping obligations, to resolve disputes, and to enforce our agreements. When information is no longer required, we delete it or de-identify it using commercially reasonable measures.

9. Your privacy rights

Subject to applicable law and verification of your identity, you may have the right to access, correct, update, port, restrict, or delete your personal information, to object to certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact us at privacy@authforge.dev. We will respond within the timeframes required by applicable law. If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local supervisory authority. Where your personal data resides within a Self-Hosted Deployment operated by a customer, please direct your request to that customer, who is the controller of that data.

10. U.S. state privacy disclosures

If you are a California resident, the California Consumer Privacy Act, as amended, affords you the rights to know, access, correct, and delete personal information, and to opt out of the “sale” or “sharing” of personal information and of certain profiling. We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information for purposes requiring a right to limit. We will not discriminate against you for exercising your rights. Residents of other U.S. states with comprehensive privacy laws have comparable rights, which you may exercise using the contact details below.

11. How we protect information

We maintain administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including encryption in transit, access controls on a least-privilege basis, and the practices described in our Security Policy. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

12. Children’s privacy

The Services are intended for businesses and are not directed to children under sixteen (16). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so that we can take appropriate action.

13. Changes to this Policy

We may update this Policy from time to time. We will indicate material changes by updating the effective date above and, where appropriate, by providing additional notice. We encourage you to review this Policy periodically.

14. How to contact us

For privacy questions or to exercise your rights, contact our privacy team at privacy@authforge.dev. See also our Cookie Policy and Terms of Service.