Privacy Policy

Last updated: April 2026 · Effective immediately

    Short version: FORGE generates barcodes entirely in your browser. We never see your barcode data. We collect only what's necessary to run the service — your email (if you create an account) and payment records.
  

1. What We Collect

Barcode data — nothing. All barcode generation, background removal, and reading happens client-side in your browser. Your barcode content, AAMVA data, uploaded images, and generated files are never transmitted to our servers.

Account data (if you sign up):

Email address — used to send your magic login link and to identify your account
Credit balance — how many AAMVA credits you have remaining
Subscription status — whether you have an active Dev plan

Payment data: Payments are processed by Paystack. We receive only a confirmation of successful payment and your email — we never see your card number or payment details.

Analytics: We use Plausible Analytics, a privacy-friendly tool that collects aggregate page view data with no cookies and no personal identifiers. No data is shared with advertising networks.

Local storage: The app stores your credit balance and preferences in your browser's localStorage. This data never leaves your device unless you create an account.

2. How We Use Your Data

Your email is used to authenticate you (magic link login) and to send account-related notices
Payment records are kept for accounting and to resolve support requests
Aggregate analytics help us understand which features are used
We do not use your data for advertising, profiling, or selling to third parties — ever

3. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

Paystack — to process payments (their privacy policy)
Plausible Analytics — aggregate, anonymised analytics only (their privacy policy)
Our hosting providers (Cloudflare Pages, Railway) — who process requests but do not retain your data
Law enforcement — only if required by law and only to the minimum extent required

4. Data Retention

Account data is kept as long as your account is active
Payment records are kept for 7 years for accounting compliance
You may request deletion of your account and data at any time
Magic login tokens expire after 15 minutes and are deleted

5. Security

We use HTTPS for all connections. Account authentication uses one-time magic links (no passwords stored). Your JWT session token is stored in your browser and expires after 30 days. Our database is not publicly accessible.

6. Your Rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your account and associated data
Export your data in a portable format
Opt out of any non-essential data collection

To exercise any of these rights, email privacy@forge.barcode.studio.

7. Cookies

FORGE uses no tracking cookies. We use localStorage (not cookies) to store your preferences and session. Plausible Analytics uses no cookies at all.

8. Children

FORGE is not directed at children under 13. We do not knowingly collect data from children.

9. Changes

We may update this policy as the service evolves. We will note the effective date at the top of the page. Continued use after changes constitutes acceptance.

10. Contact

Privacy questions or data requests: privacy@forge.barcode.studio

FORGE respects your privacy. Barcode data stays in your browser, always.