Privacy Policy

Last updated: 2026-03-13

1. Introduction

SymbioForge ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this policy carefully. By using SymbioForge, you consent to the data practices described in this policy.

2. Information We Collect

Account Information

  • Email address (required for account creation)
  • Display name (optional)
  • Password (stored as a secure hash, never in plain text)
  • Profile avatar (optional)

Usage Data

  • Messages sent in project workspaces
  • Project names, descriptions, and settings
  • Artifacts generated during AI collaboration (code, documents, designs)
  • Token usage and API consumption logs

Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Cookies and similar tracking technologies

3. How We Use Your Information

  • Provide, operate, and maintain the SymbioForge platform
  • Authenticate your identity and manage your account
  • Process your messages through AI language models to generate responses and artifacts
  • Improve and optimize our platform's performance and user experience
  • Respond to your support requests and communicate with you
  • Detect, prevent, and address security issues and abuse
  • Comply with legal obligations

4. Third-Party Data Sharing

We share your data with the following categories of third-party service providers:

  • AI/LLM Providers (via OpenRouter)
    Your chat messages are sent to AI language model providers (such as Anthropic, OpenAI, Google) for processing. These providers may temporarily process your messages but do not use them for model training. We do not send your account information (email, name) to these providers.
  • Authentication (Supabase)
    Your email and encrypted password are stored with Supabase for secure authentication.
  • Cloud Storage (AWS S3 / Cloudflare R2)
    Files and artifacts you generate are stored in cloud object storage.
  • Payment Processing (Creem)
    When you make a purchase or subscribe, your payment information (name, email, billing address, and card details) is processed by Creem, our payment processor. Creem may store payment data in accordance with PCI-DSS standards. We do not store your full card details on our servers. For more information, see Creem's privacy policy at https://www.creem.io/privacy.
  • Analytics & Error Tracking (PostHog, Sentry)
    We use anonymized analytics to improve the platform and track errors. No personally identifiable information is shared with these services.

We never sell your personal data to third parties. We do not share your data for advertising purposes.

5. Data Storage & Security

  • Sensitive data (API keys) is encrypted at rest using AES-256 encryption
  • Passwords are hashed using bcrypt and never stored in plain text
  • Code execution occurs in isolated sandboxes with memory limits, time limits, and network restrictions
  • All data in transit is encrypted using TLS 1.2+
  • Access to user data is restricted to authorized personnel only

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete all your personal data, projects, messages, and artifacts within 30 days. Some anonymized usage statistics may be retained for analytical purposes.

7. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access — Request a summary of what data we hold about you
  • Right to Rectification — Update or correct your personal information
  • Right to Erasure — Request permanent deletion of your account and all associated data
  • Right to Data Portability — Export all your data in a machine-readable format (JSON)
  • Right to Restriction — Request that we limit processing of your data
  • Right to Object — Object to certain types of data processing
  • Right to Withdraw Consent — Withdraw your consent at any time

To exercise any of these rights, please visit Settings > Privacy in your account, or contact us at support@symbioforge.app. We will respond to your request within 30 days.

8. Children's Privacy

SymbioForge is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our platform or by sending you an email. Your continued use of SymbioForge after such changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us:

support@symbioforge.app

Terms of ServiceCookie Policy