Privacy Policy
What This Covers
This Privacy Policy describes what information Forge (forgelaunch.build, the Forge smart contracts on Base, and any Forge-operated API endpoints) collects, how we use it, and how you can control it. Forge is operated as a non-custodial, open-source protocol; we collect the minimum data necessary to provide deployment, fee distribution, and X-handle resolution features.
Information We Collect
- Wallet address — your connected EVM address (external or Privy-embedded), automatically read by the browser when you connect a wallet.
- X (Twitter) account data — username, display name, profile picture URL, and a stable subject (sub) identifier, obtained via Privy OAuth. Used to render @handle attribution and verify identity when you claim handle-routed fees.
- Email address— only if you sign in via Privy email login. Stored by Privy; we don't maintain a separate copy.
- Token metadata — name, symbol, description, social links, and logo image you submit on deploy. Pinned to IPFS via Pinata and indexed in Upstash Redis keyed to the token address.
- On-chain data — token deployments, trades, fee collections, and claim transactions are public by nature. We do not control or restrict access to this data.
- Server logs — standard request logs (IP, user-agent, path, status) retained briefly for debugging and abuse prevention. Not used for advertising or sold to third parties.
How We Use This Information
- Operate the Platform — deploy tokens, route fees, resolve @handles
- Verify identity when you claim handle-routed fees (we check that your authenticated X session matches the requested handle hash)
- Render attribution + transparency UI (deployer, fee recipient, profile pages)
- Cache token metadata for fast UI loads via Upstash Redis
- Prevent abuse + diagnose bugs via brief request log retention
What We Do NOT Do
- Sell personal data to third parties
- Run advertising / analytics trackers (no Google Analytics, no Facebook pixel)
- Custody your private keys — Privy embedded wallets are exportable and remain yours
- Maintain a public "handle → address" registry (resolution is per-request, not enumerable)
Third-Party Services + Data Sharing
The following services process your data on our behalf. Each has its own privacy policy:
- Privy (privy.io) — X OAuth, embedded wallet provisioning, session verification
- Pinata (pinata.cloud) — IPFS pinning for token logos + metadata
- Upstash (upstash.com) — Redis cache of metadata + response cache for /api/v1
- Vercel (vercel.com) — application hosting + edge function execution
- Alchemy (alchemy.com) — RPC provider for reading + writing to Base
- Basescan / Etherscan — contract verification submissions
Cookies + Local Storage
We use only essential cookies + browser storage required for authentication (Privy session token) and UI state. No third-party tracking cookies, no advertising IDs.
Data Security
We implement reasonable safeguards including encrypted transit (HTTPS), minimum-privilege server credentials, and rotation of administrative keys. However, no system is 100% secure. By using the Platform you accept the residual risk of breach beyond our control.
Your Rights
- Disconnect / delete your Privy account at any time via your account dashboard — this removes your @handle ↔ wallet linkage from our resolver
- Request export of any token metadata you submitted by contacting us via X
- On-chain data (deployments, trades, vault claims) is immutable and cannot be removed retroactively
Children
The Platform is not directed at users under 18 and we do not knowingly collect data from minors. See the Terms of Service for the eligibility requirement.
Changes to This Policy
Material changes will be reflected in the "last updated" date and announced via @ForgeLaunchHQ.
Contact
Privacy questions can be directed via X to @ForgeLaunchHQ.