Privacy Policy

AnyForge (“we”, “our”, “us”) operates anyforge.ai and the AnyForge platform, including AnyForge Control and AnyForge Crew. We are responsible for the personal data you provide to us and are committed to protecting it.

Questions about this policy may be directed to privacy@anyforge.ai.

We collect information you give us directly and information generated by your use of the platform:

• Account data — name, email address, and organisation name when you sign up or apply for early access.
• Usage data — agent runs, token consumption, crew activity, audit events, and HIL decisions within your account.
• Billing data — payment method details are handled by our payment processor (Stripe) and are not stored on our servers.
• Log data — IP address, browser type, pages visited, and timestamps, collected automatically via server logs and analytics.
• Communications — emails or messages you send us, including pilot application responses.

We do not knowingly collect personal data from individuals under 18.

We use the data we collect to:

• Provide, operate, and improve the platform
• Authenticate users and maintain account security
• Generate usage reports and billing statements
• Respond to support requests and pilot applications
• Send product updates, security notices, and relevant announcements (you may opt out of marketing emails at any time)
• Comply with legal obligations and enforce our Terms

We do not sell your personal data to third parties.

For users in the European Economic Area and United Kingdom, our legal bases for processing are:

• Contract performance — processing necessary to deliver the services you have signed up for
• Legitimate interests — security, fraud prevention, product improvement, and analytics
• Legal obligation — where processing is required by law
• Consent — where you have given explicit consent (e.g. marketing emails), which you may withdraw at any time

We use the following sub-processors to deliver the platform. Each is bound by a data processing agreement:

• Google Firebase / Firestore — authentication, real-time database, cloud functions
• Google Analytics — anonymous website analytics
• Stripe — payment processing
• AI model providers — prompts routed through AnyForge Control or submitted through Crew agents are forwarded to third-party model APIs (OpenAI, Anthropic, Google, OpenRouter) for inference. Do not include personal data in agent instructions or prompts.

We retain your account data for as long as your account is active or as required to provide services. Audit logs are retained for a minimum of 7 years to support compliance and regulatory requirements. You may request deletion of personal data by contacting us at privacy@anyforge.ai; deletion requests are subject to our legal retention obligations.

We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, and cryptographic audit trails. No system is perfectly secure — if you discover a vulnerability, please disclose it responsibly to privacy@anyforge.ai.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data (“right to be forgotten”)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact privacy@anyforge.ai. We will respond within 30 days.

We use essential cookies to maintain session state and a small number of analytics cookies (Google Analytics, consent-gated) to understand how visitors use the site. You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect platform functionality.

We may update this policy periodically. Material changes will be notified by email to registered users or by a prominent notice on the platform. The “last updated” date at the top of this page reflects the most recent revision.