← Back home

Privacy Notice

Last updated: May 31, 2026

1. Who we are

This Privacy Notice explains how Mouamal Jarallah ("we", "us") collects and uses personal data when you use Forge.AI (the "Service"). Mouamal Jarallah is the data controller for personal data we collect through the Service.

2. Personal data we collect

  • Account data: name, email address, login credentials, profile image.
  • Content data: prompts you submit, sites you generate, and related metadata.
  • Usage and device data: pages viewed, features used, approximate IP-based location, browser type, device identifiers, log timestamps.
  • Support data: messages you send to us and our responses.
  • Billing data: collected and processed by Paddle (see below); we receive limited metadata such as plan, transaction reference, and renewal dates.

3. Why we use it and our legal basis

  • To create your account and provide the Service — performance of a contract.
  • To process payments and manage subscriptions through our Merchant of Record — performance of a contract and legal obligation.
  • To prevent fraud, abuse and security incidents — legitimate interests.
  • To improve our product (aggregated analytics, debugging) — legitimate interests.
  • To provide customer support — performance of a contract.
  • To send service-related communications and, where you opt in, marketing — legitimate interests or consent.

4. Who we share data with

  • Paddle, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance and invoicing.
  • Service providers and subprocessors that help us run the Service (hosting, analytics, customer support tooling, AI model providers).
  • Professional advisers (legal, accounting) where reasonably required.
  • Authorities where we are required to disclose by law.

We do not sell your personal data.

5. Retention

We keep personal data only as long as we need it for the purposes described above, to comply with legal obligations, and to resolve disputes or enforce our agreements. When no longer needed, data is deleted or anonymised.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw any consent you have given. UK/EEA users also have the right to lodge a complaint with their supervisory authority. We aim to respond to requests within one month. Contact us through the support channel inside the app to exercise these rights.

7. International transfers

Some of our service providers operate outside your country. Where personal data is transferred outside the UK/EEA we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

8. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls and audit logging to protect personal data. No method of transmission or storage is completely secure, but we work to maintain industry-standard protections.

9. Cookies

We use cookies and similar technologies that are strictly necessary to run the Service (for example, to keep you signed in) and, where permitted, for analytics. You can control non-essential cookies through your browser settings.

10. Changes

If we make material changes to this notice we will post the updated version on this page and update the "Last updated" date above.