Privacy Policy

Effective date: February 18, 2026

SessionForge Inc. ("we", "us", or "our") operates sessionforge.dev. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service you agree to the practices described here.

1. Information We Collect

Account information: When you register we collect your name, email address, and a hashed password. OAuth sign-ins share your name, email, and profile picture from the provider.

Usage data: We log API requests, session activity, machine connections, and feature usage to operate and improve the Service.

Payment information: Payments are processed by Stripe. We store only your billing plan and the last four digits of your card — never the full card number.

Technical data: We collect IP addresses, browser type, operating system, and timestamps to detect abuse and secure the Service.

Session content: Terminal I/O and agent output are stored temporarily (up to 7 days) to power the real-time dashboard. You can delete sessions at any time.

2. How We Use Your Information

Provide, maintain, and improve the Service
Authenticate you and secure your account
Send transactional emails (verification, billing receipts, security alerts)
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations
Respond to your support requests

We do not sell your personal data. We do not use your data to train AI models.

3. Third-Party Services

We share data with the following sub-processors to operate the Service:

Provider	Purpose	Location
Google Cloud	Hosting & infrastructure	US
Upstash	Redis cache & rate limiting	US
Stripe	Payment processing	US
Resend	Transactional email	US
Sentry	Error monitoring	US

4. Cookies and Tracking

We use a single session cookie (next-auth.session-token) to keep you signed in. We do not use advertising cookies or cross-site tracking pixels. We use Sentry for error monitoring, which may collect technical metadata about your browser session.

5. Data Retention

We retain your account data for as long as your account is active. Session logs are retained for up to 7 days. You may request deletion of your account and all associated data at any time by emailing privacy@sessionforge.dev. We will process your request within 30 days.

6. Security

We protect your data using industry-standard practices: TLS in transit, encrypted passwords (bcrypt), and scoped database access. We perform regular security reviews and rate-limit authentication endpoints. No system is perfectly secure; please report vulnerabilities to security@sessionforge.dev.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Export your data in a machine-readable format
Object to or restrict processing of your data

To exercise any of these rights, email privacy@sessionforge.dev.

8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

9. International Transfers

SessionForge is based in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

11. Contact

Questions about this policy? Email privacy@sessionforge.dev.