Roles
For data your visitors submit through your agent, you are the data controller and ChatForge is the data processor. We process personal data only on your documented instructions — which, in practice, means operating the features you enable.
Scope of processing
- ·Subject matter: providing the ChatForge service.
- ·Duration: for as long as your account is active.
- ·Data types: account info, scraped/uploaded content, conversation messages, usage metrics.
- ·Data subjects: your team members and your site's visitors.
Subprocessors
We use Supabase (hosting, database, storage, auth), Stripe (billing), and NVIDIA (model inference). We will give notice of material subprocessor changes so you can object.
Security measures
TLS in transit, encryption at rest, per-workspace row-level isolation, least-privilege access, and audit logging of administrative actions. See our Security page.
Data subject requests & breach notice
We assist you in responding to access, correction, and deletion requests, and we will notify you without undue delay after becoming aware of a personal-data breach affecting your data.
Deletion & international transfers
On termination we delete or return personal data, subject to short backup windows and legal retention. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses.
Contact
To execute a countersigned DPA or ask questions, email privacy@chatforge.app.