The short version: Your conversations are stored only on your device and are never transmitted to us. We cannot read them. We do not sell your personal information. We do not train AI models on your data.
Contents
WealthHealth AI Inc ("WealthHealth AI," "Forge AI," "we," "us," or "our") is a corporation organized under the laws of the State of California, with principal offices in San Diego, California, USA. We operate the Forge AI software application and the website at forgeai.bot.
For privacy inquiries, contact us at privacy@forgeai.bot.
When you create a Forge AI account, we collect:
Payments are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. We store only your Stripe Customer ID and subscription status. We do not store, access, or process your credit card numbers, bank account details, or other payment instrument data. Stripe's privacy policy governs their handling of your payment data: stripe.com/privacy.
We track aggregate API token consumption (volume of AI requests made under your account) through our LiteLLM proxy for the purpose of enforcing subscription plan limits and calculating billing. We do not store or analyze the content of any AI requests or responses — only the volume.
If you contact us for support, we retain the contents of that communication to resolve your issue. Support communications are retained for up to 3 years unless you request deletion sooner.
When you visit our website, we may automatically collect standard technical information including IP address, browser type, operating system, referring URL, and pages visited. This information is collected through the analytics tools described in Section 5 and is used to understand how our website is used and to improve it.
Forge's AI memory system may be powered in part by antaris-suite, developed by Antaris Analytics LLC. With your explicit opt-in consent, your AI assistant's local memory index may generate anonymous word-pair frequency statistics — aggregate counts of which words co-occur in your conversations (for example, that "meeting" frequently appears near "reschedule"). These statistics:
This feature is off by default. You may grant or revoke consent at any time in your account settings. See Section 6 for more on Antaris Analytics LLC.
We want to be explicit about the information we do not collect and, in most cases, are technically incapable of collecting:
This is not merely a policy choice — it is an architectural constraint. Forge is designed so that conversation data never leaves your device.
We use the information we collect for the following purposes:
We do not sell your personal information. We do not use your personal information to train AI or machine learning models. We do not use your data for automated decision-making that produces legal or similarly significant effects on you.
We use the following analytics and advertising tools on our website. These tools may use cookies and similar tracking technologies and may constitute "sharing" of personal information under California law (CCPA/CPRA).
We use Google Analytics 4 (GA4), deployed via Google Tag Manager (GTM container: GTM-58GSM87T), to collect anonymous website usage statistics including page views, session duration, and traffic sources. Google may process data on servers in the United States. Google's privacy policy: policies.google.com/privacy. You may opt out using Google Analytics Opt-out Browser Add-on or by enabling Global Privacy Control (GPC) in your browser.
We use the Meta Pixel (Pixel ID: 1616405492913839) to measure the effectiveness of our advertising campaigns on Meta platforms (Facebook and Instagram) and to enable retargeting advertising. The Meta Pixel collects information about your browser and website interactions and transmits it to Meta Platforms, Inc. This may constitute "sharing" of personal information for cross-context behavioral advertising purposes under California law. Meta's data policy: facebook.com/privacy/policy. To opt out of Meta's use of this information for advertising, visit facebook.com/settings/?tab=ads.
We use Microsoft Clarity to record anonymized user sessions on our website (heatmaps, session recordings) to understand usability issues and improve our website design. Microsoft Clarity does not collect or record conversation content or personal account data. Microsoft's privacy statement: privacy.microsoft.com/privacystatement.
Your opt-out rights: California residents may opt out of the sharing of personal information for cross-context behavioral advertising (including via Meta Pixel and GA4) by emailing privacy@forgeai.bot with the subject "Do Not Sell or Share My Personal Information," or by enabling the Global Privacy Control (GPC) signal in your browser. We will honor GPC signals as opt-out requests for sharing. See Section 11 for full California privacy rights.
We share your information with the following categories of third-party service providers only as necessary to operate the Service:
Payment processing. Stripe receives your billing information and processes payments on our behalf. Stripe is a PCI-DSS Level 1 service provider. stripe.com/privacy
AI model provider. When you use Forge AI, your AI agent sends requests through our managed API proxy to a third-party AI model provider. Requests are authenticated with our account credentials — our AI model provider does not receive your identity. We do not store the content of these requests. Our AI model provider's terms provide that customer API inputs and outputs are not used to train their models without explicit consent.
If you sign in with Google, Google shares your name, email address, and a unique identifier with us. Google's privacy policy governs what Google collects on their end: policies.google.com/privacy. We also use Google Analytics and Google Tag Manager as described in Section 5.
If you sign in with Facebook, Meta shares your name, email address, and a unique identifier with us. We also use the Meta Pixel as described in Section 5. Meta's data policy: facebook.com/privacy/policy.
Transactional email delivery. We use Resend to send account-related emails (receipts, password resets, notifications). Resend processes your email address and email content on our behalf. resend.com/legal/privacy-policy.
AI memory infrastructure. If you opt in to the AI Memory Improvement feature, anonymous word-pair frequency statistics from your local AI memory index are transmitted to Antaris Analytics LLC. No conversation content, personal information, or user identifiers are included in these transmissions. Antaris Analytics LLC processes this data on GDPR-compliant servers. antarisanalytics.ai/privacy.
Cloud infrastructure provider. Our servers (account data, billing data, API proxy) are hosted on DigitalOcean infrastructure in the United States. DigitalOcean's privacy policy: digitalocean.com/legal/privacy-policy.
We do not sell personal information to third parties. We do not share personal information with third parties for their own independent marketing purposes.
Forge AI is a software product that gives you access to an AI assistant powered by large language models. In accordance with applicable transparency requirements, including the EU AI Act (Article 50), we disclose the following:
We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:
You may delete your account at any time from your account settings dashboard. Deletion removes your personal data from active systems. Data may persist in encrypted backups for up to 90 days before being purged from all backup systems. Billing records are retained for the legally required period regardless of account deletion.
We implement industry-standard technical and organizational security measures to protect your personal information:
No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law (within 72 hours to GDPR supervisory authorities where required; within 30 days to affected California residents where required under CCPA).
Regardless of where you live, you may exercise the following rights with respect to your personal data by contacting privacy@forgeai.bot:
We will respond to verified rights requests within 30 days (or 45 days where a one-time extension is necessary and permitted by law). We will not discriminate against you for exercising your privacy rights.
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA: Identifiers (name, email, IP address); Commercial information (subscription status, transaction history); Internet or other electronic network activity information (website usage data via analytics tools); Inferences drawn from the above (account preferences).
We do not sell your personal information for money. However, our use of the Meta Pixel and Google Analytics may constitute "sharing" of personal information for cross-context behavioral advertising purposes under the CPRA. You have the right to opt out of this sharing.
To opt out of the sharing of your personal information for cross-context behavioral advertising: Email privacy@forgeai.bot with the subject line "Do Not Share My Personal Information," or enable the Global Privacy Control (GPC) browser signal — we honor GPC as an opt-out request. You may also opt out directly through Meta's and Google's respective privacy controls linked in Section 5.
We do not collect, use, or disclose sensitive personal information (as defined by the CPRA) beyond what is necessary to provide the Service.
To exercise these rights, contact privacy@forgeai.bot. We will verify your identity before processing requests. We do not charge a fee to process rights requests unless they are manifestly unfounded or excessive.
You may also designate an authorized agent to submit a rights request on your behalf. Authorized agents must provide written proof of their authorization.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information is processed in accordance with the General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR and Swiss FADP.
We process your personal data on the following legal bases:
Your personal data may be transferred to and processed in the United States and other countries outside the EEA. For transfers from the EEA to the United States, we rely on the EU-US Data Privacy Framework where applicable, or Standard Contractual Clauses (SCCs) pursuant to Commission Decision (EU) 2021/914. You may request a copy of the applicable transfer mechanisms by contacting us.
In addition to the rights listed in Section 10, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.
Forge AI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, you may not create an account or use the Service.
If you are between 13 and 18 years of age, you represent that your parent or legal guardian has reviewed and consented to these terms on your behalf.
If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information as promptly as possible. If you believe we have collected personal information from a child under 13, please contact us immediately at privacy@forgeai.bot.
Forge AI is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your home country. By using the Service, you consent to this transfer. EEA residents should refer to Section 12 for transfer mechanism details.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
The "Last updated" date at the top of this page reflects when the policy was last revised. We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
For privacy questions, requests, or complaints:
We aim to respond to all privacy inquiries within 5 business days. Rights requests will be fulfilled within 30 days (with up to a 45-day extension where permitted by law).