# Privacy Policy

**Effective date: April 17, 2026**

TheContentForge ("we," "us," or "our") is a social content operations platform. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

***

## Information we collect

**Account information** When you register or are invited, we collect your email address and the role assigned to your account within your organisation.

**Billing information** For paid subscriptions, we collect billing contact details. Payment card processing is handled by our payment processor; we do not store full card numbers on our systems.

**Analytics data you upload** Editors and admins may upload CSV exports from X Analytics, Instagram Insights, and Facebook Page Insights. This data is stored per organisation and used to power the Dashboard, Patterns, and Competitor Analysis features.

**Generated content** Content generated via Content Forge, ForgeSays, or the Telegram Bot is stored in your organisation's generation history. Retention periods are determined by your plan tier.

**Telegram bot interactions** When you use the Telegram Bot, we log the command type, timestamp, and the input provided. We do not store the full message text of messages that do not trigger a command.

**OAuth tokens** When you connect a social account (X, Instagram, or Facebook) via OAuth, we store the resulting access token on your behalf. Tokens are org-scoped and encrypted at rest.

**Usage and security events** We log authentication events, role changes, and settings updates to a Security Log. No message content is stored in security events — only the event type, timestamp, and user identifier.

***

## How we use your information

* **Providing the service** — All data collected is used to operate and improve TheContentForge for you and your organisation.
* **Content generation** — Uploaded analytics, brand voice settings, and post history are passed to AI generation services (xAI/Grok) to produce contextual content drafts. Inputs are not used to train third-party models.
* **Billing and subscription management** — Billing information is used to process payments, send invoices, and manage subscription renewals and changes.
* **Security** — Security event logs are used to detect and investigate unauthorised access and misuse.
* **Communication** — We may contact you at your registered email address for account-related notices and billing alerts. We do not send marketing email without your consent.

***

## Third-party services

| Service                | Purpose                                               |
| ---------------------- | ----------------------------------------------------- |
| Supabase               | Database, authentication, storage, and edge functions |
| xAI (Grok)             | AI content generation                                 |
| X, Instagram, Facebook | OAuth for social account connections                  |
| Netlify                | Frontend hosting                                      |

***

## Data retention

Retention periods for organisation data depend on your subscription plan:

| Data type               | Starter               | Pro       | Enterprise |
| ----------------------- | --------------------- | --------- | ---------- |
| Analytics uploads       | 6 months              | 12 months | 36 months  |
| RSS / algorithm sources | 6 months              | 12 months | 36 months  |
| Competitor posts        | 90 days               | 180 days  | 365 days   |
| Security logs           | 12 months (all plans) | —         | —          |

Account and billing data is retained while your account is active. After cancellation or deletion, account data is removed from production systems within 30 days. Billing records may be retained longer as required by applicable law.

***

## Data security

All data is stored in Supabase with row-level security enforced per organisation. OAuth tokens and API keys are encrypted at rest. Access to production data is restricted to authorised administrators.

***

## Your rights

You may request access to, correction of, or deletion of your personal data at any time. Contact your organisation admin or email **<support@thecontentforge.io>**. We will respond within 30 days.

***

## Changes to this policy

We may update this policy from time to time. The effective date at the top will reflect the latest version. Continued use of the platform after changes are posted constitutes acceptance.

***

## Contact

**<support@thecontentforge.io>**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://thecontentforge.gitbook.io/thecontentforge-docs/legal/privacy-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.