Privacy Policy

Last updated: January 20, 2025

InfiniteApps (“we”, “us”, or “our”) powers the Forge platform that helps teams generate, deploy, and operate multi-tenant applications. This Privacy Policy explains how we collect, use, and protect personal information processed through the landing site, dashboard, generated apps, and supporting integrations.

1. Information we collect

  • Account details: Name, email, and organization metadata captured during signup or imported from OAuth providers.
  • Usage telemetry: Forge CLI commands, domain verification events, billing workflows, and anonymized product analytics.
  • Billing records: Stripe customer identifiers, plan selections, invoices, and dunning outcomes.
  • Support interactions: Emails, chat threads, and call notes required to resolve issues or honour service commitments.

2. How we use information

  • Provide and improve the landing site, dashboard, and generated applications.
  • Authenticate users, enforce role-based access, and keep organization data isolated.
  • Operate billing, invoicing, and fraud monitoring through Stripe.
  • Deliver onboarding, support, and platform updates relevant to your subscription.
  • Comply with legal obligations and maintain audit logs for security investigations.

3. Data sharing & subprocessors

We use trusted providers—Supabase (authentication, database, storage), Vercel (hosting), Stripe (billing), Pulumi (infrastructure automation), and Doppler/1Password (secrets management)—to operate Forge. Access is restricted to the minimum required for service delivery. We never sell personal data or share it for third-party advertising.

4. Data retention

Subscription and audit records are retained while your account is active and for a reasonable period thereafter to meet contractual and regulatory requirements. Generated applications may store additional tenant data according to the configuration you define inside Supabase.

5. Your rights

Depending on your jurisdiction, you may request access to, correction of, or deletion of your personal data. We will validate the request using the email or authentication provider on file and respond within the timelines required by applicable law.

6. Security

InfiniteApps applies SOC 2-aligned controls, including least-privilege access, audit logging, vulnerability management, and encryption in transit and at rest. Refer to our security overview in the documentation set for more detail.

Questions about this policy or requests to exercise privacy rights can be directed to privacy@infiniteappsai.com. If you have an active enterprise agreement, you may also contact your Customer Success Manager for priority handling.

For data processing addendums or compliance documentation, please review the architecture & compliance overview.