Privacy Policy

Last updated: February 21, 2026

1. Overview

Caelator ("we", "us", "our") respects your privacy. This policy explains what data we collect when you use ForgeSolo ("Service"), how we use it, and your rights regarding that data.

The short version: We collect the minimum data needed to run the Service. We don't sell your data. Your specifications are processed in isolation and never used for training or shared with third parties.

2. Information We Collect

Data	Purpose	Retention
Email and name	Account identification	Until account deletion
Password (hashed)	Authentication	Until account deletion
IP address	Rate limiting, security	Session duration
Tool usage logs	Usage tracking, quotas	Per your tier (7-90 days)
Payment information	Billing	Processed by payment provider

3. Information We Do Not Collect

The content of your specifications (processed in isolated environments)
Your API keys or third-party credentials
Browser fingerprints or tracking cookies
Third-party analytics data (we use no external analytics services)

4. How We Use Your Information

We use the information we collect to:

Provide and maintain the Service
Authenticate your identity and manage your account
Enforce usage quotas and rate limits
Process payments
Send transactional emails (verification, password reset)
Detect and prevent abuse

We do not use your data for advertising, profiling, or training AI models.

5. Data Storage and Security

Your data is stored on Cloudflare's global infrastructure, encrypted at rest and in transit. Passwords are hashed using PBKDF2 with 310,000 iterations. Session tokens are stored as cryptographic hashes.

We implement the following security measures:

HTTPS/TLS encryption for all connections
Content Security Policy (CSP) headers
HttpOnly, Secure, SameSite cookies for session management
Rate limiting to prevent brute-force attacks
Parameterized database queries to prevent injection attacks

6. Third-Party Services

We use the following third-party services:

Cloudflare: Infrastructure, CDN, and DNS (required for Service operation)
Resend: Transactional email delivery (verification, password reset only)
Hyperswitch: Payment processing (card payments)
Flexa: Cryptocurrency payment processing

These providers process data only as necessary to perform their stated functions and are bound by their own privacy policies.

7. Data Retention

Usage history is retained according to your subscription tier:

Free: 7 days
Pro: 90 days
Enterprise: 1 year (customizable)

Account data is retained until you request deletion. You can delete your account at any time through the Settings page.

8. Your Rights

You have the right to:

Access your personal data through the Settings page
Correct inaccurate personal data
Delete your account and associated data
Export your usage history (Pro and Enterprise tiers)
Object to processing of your data

To exercise any of these rights, contact us at [email protected].

9. Cookies

We use a single essential cookie (refresh_token) for authentication. This cookie is:

HttpOnly (not accessible to JavaScript)
Secure (only sent over HTTPS)
SameSite=Strict (not sent in cross-site requests)

We do not use analytics cookies, tracking cookies, or advertising cookies.

10. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates when changes were last made.

12. Contact

Questions about this Privacy Policy? Contact us at [email protected].

← Back to ForgeSolo