Privacy Policy - RedForge

                TL;DR: RedForge is built security-first. We don't store your API keys, scan data, or personal information unless you explicitly opt-in. Everything runs locally or in your controlled environment.
            

1. Information We Collect

1.1 What We DON'T Collect

API Keys: Never stored, transmitted, or logged
Scan Results: All processing happens locally
Prompts & Responses: Stay in your environment
Personal Files: Zero access to your codebase

1.2 What We DO Collect (Optional)

Email Address: Only if you subscribe to updates
Usage Analytics: Anonymous CLI usage stats (opt-in only)
Error Reports: Crash logs without sensitive data (opt-in only)
Payment Information: Processed securely by Stripe (never stored by us)

2. How We Use Your Information

2.1 Email Communications

If you provide your email address, we use it to:

Send security tips and best practices
Notify you of important updates
Provide customer support
Share early access to new features

2.2 Anonymous Analytics

With your explicit consent, we collect anonymous usage data to:

Improve RedForge performance and reliability
Understand which features are most valuable
Fix bugs and enhance user experience
Plan new security modules

3. Data Storage & Security

3.1 Local-First Architecture

RedForge is designed with a "local-first" philosophy:

All scanning happens on your machine or infrastructure
Reports are generated and stored locally
No scan data ever leaves your environment
Self-hosted deployment options available

3.2 Cloud Service (Optional)

If you choose our cloud service ($29/month):

Scans run in isolated, encrypted containers
Results are encrypted in transit and at rest
Data is automatically deleted after 30 days
SOC 2 Type II compliant infrastructure

3.3 Security Measures

End-to-end encryption for all data transmission
Zero-trust architecture with least privilege access
Regular security audits and penetration testing
GDPR and CCPA compliant data handling

4. Third-Party Services

4.1 Payment Processing

Stripe: We use Stripe for secure payment processing. Stripe's privacy policy applies to payment data: stripe.com/privacy

4.2 Email Marketing

ConvertKit: We use ConvertKit for email newsletters. You can unsubscribe anytime. ConvertKit's privacy policy: convertkit.com/privacy

4.3 Analytics

Anonymous Usage: We use privacy-focused analytics that don't track individuals or store personal data.

5. Your Rights & Controls

5.1 Opt-Out Anytime

Analytics: redforge config --telemetry=false
Email: Click unsubscribe in any email
Account: Contact us to delete your data

5.2 Data Rights (GDPR/CCPA)

Access: Request a copy of your data
Rectification: Correct inaccurate information
Erasure: Delete your personal data
Portability: Export your data

6. Children's Privacy

RedForge is not intended for users under 13 years old. We don't knowingly collect personal information from children under 13.

7. International Data Transfers

RedForge operates globally. Data may be processed in the United States and other countries where we or our service providers operate. We ensure appropriate safeguards are in place for international transfers.

8. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes via:

Email (if you're subscribed)
In-app notifications
GitHub repository updates

Questions or Concerns?

Contact our Data Protection Officer:

privacy@solvas.ai

Or reach out via: dev@solvas.ai

Last updated: January 21, 2025

Effective date: January 21, 2025

🛡️ Privacy Policy