Privacy Policy

Last updated: June 9, 2026

Overview

Forjari is operated as a solo product. This policy explains what data we collect when you use Forjari, why we collect it, and how it's handled. We don't collect data we don't need and we don't sell your data.

What we collect

When you create an account, we collect:

  • Your email address and, if you sign in with Google, your Google account name and profile picture (via Google OAuth / Supabase Auth)
  • The conversations you have with Forjari, including all messages
  • A distilled "user model" — a structured JSON summary Forjari builds across sessions to maintain continuity
  • Session summaries and action items generated at the end of each session
  • Basic subscription data (plan tier, billing status) via Stripe

We do not collect your name, phone number, physical address, or any demographic data beyond what you voluntarily provide in conversation.

How your data is used

Your conversation data is used to:

  • Generate Forjari's responses during sessions (sent to Anthropic's API)
  • Build and maintain your user model across sessions
  • Display your session history and open commitments in the dashboard

Your data is not used to train AI models. Anthropic's API is used in passthrough mode — Anthropic's own data retention policies apply to API calls, which you can review at anthropic.com.

What your expert can see

If you joined Forjari through an expert's invite link, that expert can see your name, email, plan tier, session counts, session summaries, and the commitments you've made and completed. Your expert can not see your raw conversation transcripts or your distilled user model — those stay private to you.

If you're an expert, the methodology, voice, and materials you configure are used only to power your own clone. They are never shared with other experts or used to train AI models.

Data storage and security

All data is stored in Supabase (PostgreSQL). Row-level security (RLS) is enforced at the database level — your data is scoped to your user ID and inaccessible to other users. Supabase encrypts data at rest. Connections are encrypted in transit via TLS.

Billing is handled by Stripe. We store only your subscription tier and Stripe customer/subscription IDs — not card numbers or payment details. Stripe's privacy policy governs their handling of payment data.

Data retention

Your account data (conversations, user model, session summaries) is retained as long as your account is active. If you delete your account, your data is deleted from our database within 30 days.

To request account deletion, email [email protected].

Third-party services

We use the following third-party services:

  • Supabase — database and authentication (including Google OAuth)
  • Google — optional sign-in via Google OAuth 2.0. We request only your email address, name, and profile picture. We do not access any other Google account data, Google Drive, Gmail, or any other Google service.
  • Anthropic — AI inference (your messages are sent to Anthropic's API)
  • Stripe — payment processing and subscription management
  • Cloudflare — hosting and CDN

Cookies and tracking

Forjari uses a single session cookie to maintain your authenticated state (managed by Supabase). We do not use advertising cookies, analytics trackers, or any third-party pixel tracking.

Your rights

You can request a copy of your data, request correction of inaccurate data, or request deletion of your account at any time. Email [email protected].

If you're in the EU/EEA, you have rights under GDPR. If you're in California, you have rights under CCPA. We will fulfill these requests within 30 days.

Changes to this policy

We'll update this page if our data practices change materially. If the changes affect how we use your existing data, we'll notify you by email.

Google Sign-In

You may optionally sign in to Forjari using your Google account. When you do, Google shares the following data with us: your email address, display name, and profile picture. This data is used solely to create and identify your Forjari account.

We do not share your Google account data with any third party except as necessary to operate the service (Supabase for auth storage). We do not use Google user data for advertising, profiling, or any purpose beyond providing Forjari to you.

Our use of data received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Forjari's access to your Google account at any time via your Google account permissions. Revoking access does not delete your Forjari account — to delete your account and data, email [email protected].

Contact

Questions about this policy: [email protected]