Privacy Policy
Last updated: April 2026 · Effective immediately
Short version: FORGE generates barcodes entirely in your browser. We never see your barcode data. We collect only what's necessary to run the service — your email (if you create an account) and payment records.
1. What We Collect
Barcode data — nothing. All barcode generation, background removal, and reading happens client-side in your browser. Your barcode content, AAMVA data, uploaded images, and generated files are never transmitted to our servers.
Account data (if you sign up):
- Email address — used to send your magic login link and to identify your account
- Credit balance — how many AAMVA credits you have remaining
- Subscription status — whether you have an active Dev plan
Payment data: Payments are processed by Paystack. We receive only a confirmation of successful payment and your email — we never see your card number or payment details.
Analytics: We use Plausible Analytics, a privacy-friendly tool that collects aggregate page view data with no cookies and no personal identifiers. No data is shared with advertising networks.
Local storage: The app stores your credit balance and preferences in your browser's localStorage. This data never leaves your device unless you create an account.
2. How We Use Your Data
- Your email is used to authenticate you (magic link login) and to send account-related notices
- Payment records are kept for accounting and to resolve support requests
- Aggregate analytics help us understand which features are used
- We do not use your data for advertising, profiling, or selling to third parties — ever
3. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with:
- Paystack — to process payments (their privacy policy)
- Plausible Analytics — aggregate, anonymised analytics only (their privacy policy)
- Our hosting providers (Cloudflare Pages, Railway) — who process requests but do not retain your data
- Law enforcement — only if required by law and only to the minimum extent required
4. Data Retention
- Account data is kept as long as your account is active
- Payment records are kept for 7 years for accounting compliance
- You may request deletion of your account and data at any time
- Magic login tokens expire after 15 minutes and are deleted
5. Security
We use HTTPS for all connections. Account authentication uses one-time magic links (no passwords stored). Your JWT session token is stored in your browser and expires after 30 days. Our database is not publicly accessible.
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and associated data
- Export your data in a portable format
- Opt out of any non-essential data collection
To exercise any of these rights, email [email protected].
7. Cookies
FORGE uses no tracking cookies. We use localStorage (not cookies) to store your preferences and session. Plausible Analytics uses no cookies at all.
8. Children
FORGE is not directed at children under 13. We do not knowingly collect data from children.
9. Changes
We may update this policy as the service evolves. We will note the effective date at the top of the page. Continued use after changes constitutes acceptance.
10. Contact
Privacy questions or data requests: [email protected]
FORGE respects your privacy. Barcode data stays in your browser, always.