Legal

This Privacy Policy describes how GlobalSync LLC d/b/a AuthForge ("we," "us," "our") collects, uses, and handles information when you use the AuthForge platform at authforge.cc.

1. Information We Collect

Account Information

When you register, we collect your email address. Passwords are managed by AWS Cognito and are stored in hashed form; we never have access to your plaintext password.

Usage and API Data

We collect logs of API requests made through your applications, including timestamps, application identifiers, license key identifiers, authentication outcomes, and IP addresses. These logs are retained for 90 days and used for abuse prevention, debugging, and service integrity.

Hardware Fingerprints (HWIDs)

AuthForge stores hardware fingerprint data (HWIDs) submitted by SDKs integrated into your end users' software. This data is submitted by you (the developer/Customer) as part of your application's authentication flow. AuthForge processes this data on your behalf. You are responsible for ensuring your end users are appropriately informed about HWID collection in your own software's privacy disclosures.

Payment Information

Payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. AuthForge never receives or stores your credit card number, CVV, expiration date, or other raw payment card data. When you add a card, that information is sent from your browser directly to Stripe and does not pass through AuthForge's servers. Card details are entered in Stripe's secure hosted fields (Stripe Elements) and never touch our systems as payment card data.

To enable features such as auto-refill, we store references provided by Stripe: a Stripe customer identifier and, when you save a card, a Stripe payment method identifier. These identifiers allow Stripe to charge your saved payment method on our behalf when your credit balance drops below your configured threshold. They cannot be used by themselves to recover your full card number. You can remove your saved payment method at any time from Settings, in the Auto-refill section, by choosing Remove. We detach the payment method in Stripe and clear the payment method identifier from our database. A Stripe customer identifier may remain on your account so you can add a new card later; it does not contain your card number.

We also store transaction records (amount, date, credit pack purchased, and Stripe session or payment intent identifiers) for billing history, support, and dispute resolution purposes.

Cookies and Session Data

We use session tokens issued by AWS Cognito to keep you signed in. These are essential cookies required for the Service to function.

If you arrive via an affiliate referral link, we store a first-party cookie named authforge_referral_code for up to 30 days so we can attribute your account signup to the referring partner. The cookie is scoped to .authforge.cc (our marketing site and app subdomain) and is used only for affiliate commission bookkeeping. It is not used for advertising, cross-site tracking, or analytics.

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

2. How We Use Your Information

• To provide, operate, and maintain the AuthForge Service
• To process payments and manage your credit balance
• To detect and prevent abuse, fraud, and AUP violations
• To respond to support requests
• To send transactional emails (purchase receipts, account notices)
• To attribute signups to affiliate partners when you arrived via a referral link

We do not sell your personal data. We do not use your data for advertising.

3. Third-Party Services

We use the following third-party processors as part of providing the Service:

• Amazon Web Services (AWS): cloud hosting, database, authentication (Cognito), and email (SES). Data is processed in the US.
• Stripe: payment processing. Stripe's privacy policy applies to payment data: stripe.com/privacy.

We do not share your personal information with third parties except as necessary to provide the Service or as required by law.

4. Data Retention

• Auth logs: 90 days
• Account data: Retained while your account is active. Deleted upon confirmed account deletion request.
• Referral attribution cookie: Up to 30 days, or until signup attribution is recorded and the cookie is cleared
• Transaction records: Retained for 7 years for legal and tax compliance.
• Stripe references: The payment method identifier is removed from our database when you remove your saved card. A Stripe customer identifier may remain on your account for future card setup. Stripe may retain records per their own privacy policy.

5. Your Rights

You may request the following at any time by contacting us at support@authforge.cc:

• Account deletion: we will delete your account and associated personal data, subject to retention requirements above
• Data export: we will provide a copy of the personal data we hold about you
• Correction: we will correct inaccurate personal data upon request

6. Security

We implement industry-standard security practices including encrypted data transmission (HTTPS/TLS), hashed credential storage via AWS Cognito, and cryptographically signed API responses. However, no system is perfectly secure. We cannot guarantee absolute security of your data.

7. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or notice on the Service. Continued use of the Service after changes constitutes acceptance.

9. Contact

For privacy inquiries:
GlobalSync LLC d/b/a AuthForge
732 South 6th Street #5253, Las Vegas, NV, US
support@authforge.cc
+1 (512) 843-3470