Privacy Policy

Effective date: 2026-04-24 · Last updated: 2026-05-04 · Controller: ForgeRift LLC · [email protected]

Short version. ForgeRift operates on a two-layer architecture. The plugin layer — the open-source code that runs on your machines — transmits one piece of data to ForgeRift: your license key, sent at startup to verify your active subscription (a timestamped validation record is retained for 90 days — see Section 6). No command history, file contents, command output, or in-product usage telemetry ever leave your machine. This is an auditable property of the public source code. The subscription service layer — forgerift.io, Stripe billing, and Resend email — collects the minimum data needed to operate a paid service: your email address, billing information (held by Stripe), and transactional email records (held by Resend). This Privacy Policy explains both layers in detail.

1. Scope

This Privacy Policy explains how ForgeRift handles personal data in connection with:

The forgerift.io website,
The local-terminal-mcp and vps-control-mcp plugins and their repositories on GitHub,
Our support channels (email and GitHub issues),
Paid Subscriptions (current and future), including billing via Stripe and transactional email via Resend.

It does not cover third-party platforms (Anthropic, GitHub, Stripe, Resend, Supabase, Cloudflare, Let's Encrypt / sslip.io) except to describe how we use them. Those platforms have their own privacy practices and policies, linked in Section 5, which you should review directly.

2. What we collect — the two-layer architecture

2.1 Plugin layer — minimal data, locally contained

The plugin layer is the open-source software distributed in each repository. It runs entirely on infrastructure you own or control — your local Windows machine for local-terminal-mcp, your Linux VPS for vps-control-mcp. ForgeRift has no network access to your machines, no visibility into your commands, and no telemetry pipeline.

Neither plugin transmits usage data, command history, output, credentials, filesystem contents, telemetry, crash reports, or any other data to ForgeRift or any third party under ForgeRift's control. There are two narrow exceptions:

License validation: The plugin sends your license key to ForgeRift's subscription service (Cloudflare Worker fronting Supabase) solely to verify your active subscription. The key is transmitted as a POST request body (JSON) over HTTPS to payments.forgerift.io/validate, alongside a SHA-256-hashed machine identifier and the plugin's product ID and version. The key never appears in URL query parameters, request paths, or HTTP referrers, and accordingly never appears in standard HTTP access logs. ForgeRift's license validation log retains only the hashed license key, hashed machine ID, and timestamp; entries are deleted 90 days after creation. local-terminal-mcp performs this validation once per plugin startup; vps-control-mcp validates differently â€” see Section 2.1.1.
Optional AI safety classification (all run_command invocations): If you choose to supply an Anthropic API key at setup, the command text and accompanying user-provided justification (a required parameter describing the task intent) for every shell command submitted via run_command — not only AMBER-tier commands — are sent to Anthropic's API on your behalf for AI-assisted safety classification before execution. No environment variables, working directory, or other system context is included. A high-risk classification result may independently block execution before the re-confirmation step — the AI review is not purely advisory. This is automated processing within the meaning of GDPR Article 22, but it does not produce legal or similarly significant effects: its only outcome is whether a single shell command is blocked or proceeds to the manual re-confirmation step. You can opt out at any time by removing your Anthropic API key in Claude Desktop's extension settings, after which the AI classification layers are skipped and AMBER commands fall back to the manual dry-run-and-confirm flow. This processing is governed by Anthropic's own privacy policy. Without an API key, the plugin works fully and the AI classification layers are bypassed.

Audit logs are written to logs/audit.log within the extension's install directory (managed by Claude Desktop). When audit.log reaches 10 MB it is renamed to audit.log.old, overwriting any prior backup. Maximum on-disk storage is approximately 20 MB of recent activity at any given time. Logs never leave your machine. You may delete them at any time.

Optional Anthropic API key, if supplied, is stored by Claude Desktop in your local extension configuration and is provided to the plugin process as an environment variable at startup so the plugin can send AI-assisted safety classification requests to Anthropic's API on your behalf for every run_command invocation. The plugin does not log, persist, or transmit this key to any party other than Anthropic. It is never transmitted to ForgeRift. Each classification call consumes API tokens billed to your Anthropic account at Anthropic's rates.

Verifiability: The source code is publicly available for inspection at github.com/ForgeRift. Official .mcpb releases are published on GitHub with SHA-256 checksums. To verify your installation, compute the SHA-256 of the .mcpb file you received (PowerShell: Get-FileHash local-terminal.mcpb -Algorithm SHA256) and compare it to the checksum published on the GitHub releases page for that version.

Note on the user-provided justification: The plugin requires Claude to attach a justification string to each run_command call. Claude generates this automatically from your conversation — you do not type it directly. This means any sensitive information you include in your chat (such as passwords, API keys, or personal data) may appear in the justification field and, if an Anthropic API key is configured, be sent to Anthropic's API for safety classification. Treat your Claude conversation the same as any other AI chat: do not paste production secrets or credentials into the conversation.

License key security: License keys are scoped exclusively to subscription validation — they grant no access to your machine and carry no account credentials. A leaked key would allow only redundant subscription-check requests. Because the key is transmitted only in the POST body (not in the URL or query string), it is not present in HTTP access logs at any layer. A future release may move to Authorization: Bearer header transport for additional defense in depth.

2.2 Subscription service layer — collects minimum necessary data

When you interact with forgerift.io or create a paid Subscription, ForgeRift (or its sub-processors on our behalf) collects:

Email address — collected at sign-up; used to identify your account, send transactional emails (receipts, renewal reminders, support replies), and communicate material service changes.
Billing information — payment is processed by Stripe, Inc. ForgeRift receives a Stripe Customer ID, last-four card digits, card brand, and billing country from Stripe. We do not receive or store your full card number, CVC, or bank account details — those are held by Stripe under their PCI-DSS Level 1 certification.
Subscription and invoice records — plan type, billing period, invoice dates, and payment status, retained for accounting and support purposes.
Transactional email records — delivery and open events for receipts and system notifications, processed by Resend, Inc. on our behalf. Email open events are recorded via a standard 1×1 tracking pixel embedded in transactional emails; you can prevent open tracking by disabling automatic image loading in your email client.

The free tier does not require an account — no email address is collected from you unless you create a paid Subscription or contact us for support.

2.3 When you email support

If you email [email protected] or any other ForgeRift address, we receive: the email address you send from, any name or signature you include, the body and attachments of your message, and standard email metadata. We use this only to respond to you and to maintain a support history in case of follow-up.

2.4 When you use our GitHub repositories

If you open an issue, discussion, or pull request on a ForgeRift repository at github.com/ForgeRift/*, GitHub processes your GitHub username, any personal data you include in the post, and standard GitHub metadata. This content is public. We review, respond to, and retain that content to support the project.

2.5 When you visit forgerift.io

The forgerift.io website is a static site served by GitHub Pages. GitHub logs standard web-server information (IP address, user agent, request path, referrer) in accordance with the GitHub Privacy Statement. GitHub Pages may set functional cookies necessary for serving the static site (e.g., session or load-balancing cookies set by GitHub's infrastructure). ForgeRift does not add any analytics, advertising pixels, fingerprinting, or session recording scripts to forgerift.io. If we introduce privacy-respecting analytics in the future (e.g., Plausible or Fathom — no cookies, aggregated IPs only), we will update this Policy and disclose the processor before enabling it. See also our Cookie Policy for our complete cookie disclosure.

2.6 When you contact us for security disclosure

If you email [email protected] or use GitHub's private vulnerability reporting, we receive your report and any contact detail you provide. We treat security correspondence confidentially and use it only to triage and remediate.

3. How we use your data

We use the data described in Section 2 only to:

Operate, bill, and support your paid Subscription,
Respond to your support requests, security reports, and GitHub activity,
Send transactional emails (receipts, renewal reminders, payment failure notices, material service changes),
Maintain a support history for continuity if you contact us again,
Comply with legal obligations and defend against legal claims.

We do not sell, rent, or share your personal data with third parties for their own marketing. ForgeRift does not use your data to train machine-learning models. We do not profile you for advertising. Sub-processors handle data per their own privacy policies, linked in Section 5.

Note on Claude prompt content. When you interact with Claude Desktop, the prompts and responses in your conversation are processed by Anthropic PBC's servers, not ForgeRift's. ForgeRift does not receive, store, or process your conversation content. Anthropic's use of your prompt data is governed solely by Anthropic's Privacy Policy and their applicable usage policies.

4. Legal bases (GDPR / UK GDPR)

For users in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing are:

Performance of a contract (Art. 6(1)(b) GDPR): operating and billing your paid Subscription, handling support requests you initiate.
Legitimate interests (Art. 6(1)(f) GDPR): maintaining support history, handling security reports, defending legal claims, operating and improving forgerift.io. We balance these interests against your rights and provide the objection right in Section 7.
Legal obligation (Art. 6(1)(c) GDPR): responding to valid legal process, retaining records for tax and accounting law.
Consent (Art. 6(1)(a) GDPR): used only if we later add an opt-in marketing list. Consent is not used for any processing today.

5. Sub-processors

We use the following sub-processors:

Sub-processor	Purpose	Location	Data categories	Privacy policy
Google LLC (Gmail / Google Workspace)	Support inbox for inbound email at [email protected] and [email protected]	U.S. (global infrastructure)	Email content, sender address, attachments	policies.google.com/privacy
GitHub, Inc.	Source code hosting, issue tracker, static site hosting (GitHub Pages), private vulnerability reporting	U.S. (global infrastructure)	GitHub username, post content, standard web-server logs	GitHub Privacy Statement
Stripe, Inc.	Payment processing, subscription management, invoicing	U.S. (global infrastructure)	Email address, Stripe Customer ID, billing country, card brand and last four digits, invoice records	stripe.com/privacy
Resend, Inc.	Transactional email delivery (receipts, renewal reminders, payment failure notices)	U.S.	Email address, delivery and open events for system notifications	resend.com/legal/privacy-policy
Supabase, Inc.	Subscription record storage and license key validation for paid plugins (forgerift-payments service)	U.S. (AWS us-east-1)	Email address, license key, subscription plan, subscription status, Stripe Customer ID, Stripe Subscription ID, trial and grace-period timestamps	supabase.com/privacy

International transfers rely on Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. We will update this list before adding a new sub-processor that materially expands processing of personal data.

5.1 Transit-only service providers

The following providers handle data in transit only and do not store personal data on ForgeRift's behalf:

Cloudflare, Inc. — Email routing. Inbound support emails are forwarded to ForgeRift's inbox via Cloudflare Email Workers. Cloudflare does not persistently store email content on ForgeRift's behalf. Cloudflare also provides DNS proxy and TLS edge termination for payments.forgerift.io: every license-validation HTTPS request transits Cloudflare's edge. Because the license key is transmitted in the POST request body (not in the URL or query string), it is not present in Cloudflare's standard request-line, referrer, or query-string logs. Cloudflare processes the encrypted request to terminate TLS but does not persistently store request bodies on ForgeRift's behalf beyond standard edge log retention. cloudflare.com/privacypolicy

5.2 Third-party platforms (not sub-processors)

The following platforms have an independent controller relationship with you. ForgeRift is not party to their processing and does not have a sub-processing agreement with them. You should review their privacy policies directly.

Anthropic PBC — the Claude AI platform that processes your conversation and invokes plugin tools. Conversation content (prompts, responses, and any command output Claude reads as part of its context) is processed directly between you and Anthropic under their terms; ForgeRift does not receive or store this data. If you supply an optional Anthropic API key, the command text and user-provided justification for every run_command invocation (not only AMBER-tier commands) are additionally sent to Anthropic's API on your behalf for AI-assisted safety classification before execution and are subject to Anthropic's data handling. Anthropic Privacy Policy
sslip.io — vps-control-mcp only: sslip.io provides DNS for TLS certificates on the VPS you operate yourself — this is not ForgeRift's infrastructure and is not relevant to local-terminal-mcp subscribers. sslip.io is a public DNS service that does not collect or process personal data beyond the DNS resolution request. sslip.io
Let's Encrypt / ISRG — used for TLS certificate issuance on vps-control-mcp installations on your own VPS (not relevant to local-terminal-mcp subscribers). Your domain name and certificate requests are processed by Let's Encrypt; no personal data passes through ForgeRift in this flow. Let's Encrypt Privacy Policy

6. Retention

The table below shows, for each data category, where the data actually lives, how long it is kept, and how you can get a copy or request deletion.

Data category	Actual keeper	Retention duration	Export / deletion path
Anthropic API key (optional)	Claude Desktop local extension configuration (on your machine)	As long as you keep it configured; never transmitted to ForgeRift; used locally by the plugin to authenticate AI-assisted safety classification requests to Anthropic's API for every `run_command` invocation (not only AMBER-tier commands)	Remove via Settings → Extensions in Claude Desktop at any time.
Audit logs (local-terminal-mcp / vps-control-mcp)	Your local machine / VPS (not ForgeRift)	Rotated at 10 MB (renamed to `audit.log.old`, overwriting prior backup); maximum ~20 MB on-disk at any time; user controls deletion	Delete the `logs/` folder within the plugin's install directory at any time.
License key validation logs	Supabase, Inc. (ForgeRift-operated)	Each record is deleted 90 days after it is created. Because the plugin validates at each startup, an active subscriber will typically have a rolling 90-day window of records on file at any given time — not a single 90-day deletion event.	Request deletion via [email protected].
Support email (inbound and our replies)	Gmail (Google Workspace)	Up to 3 years after last correspondence	Email [email protected] to request deletion. Gmail export available on request.
GitHub issues, PRs, and discussions	GitHub, Inc.	As long as the repository exists; public content remains public unless the post is deleted	Delete your post via GitHub, or contact GitHub to remove your data under their privacy policy.
Security reports (via email or GitHub)	Gmail / GitHub	Up to 5 years to defend against legal claims or as required by applicable law	Contact [email protected] or GitHub. Deletion may be limited where retention is required by law.
Subscription and account records (email, plan, status)	Supabase, Inc. (ForgeRift-operated database) + Stripe, Inc.	Until Subscription ends, then 7 years for tax/accounting compliance	Request deletion via [email protected]. Stripe Customer Portal for billing records.
Billing and payment data (card brand, last four, invoices)	Stripe, Inc.	Per Stripe's retention policy (typically 7 years for tax records)	Managed via Stripe Customer Portal or request via [email protected].
Transactional email delivery records	Resend, Inc.	Per Resend's retention policy (typically 90 days of event logs)	Request deletion via [email protected].
forgerift.io web-server logs	GitHub Pages (GitHub, Inc.)	Controlled by GitHub's standard logging policies	Governed by GitHub's Privacy Statement; contact GitHub directly.
Cookies on forgerift.io	GitHub Pages (set by GitHub infrastructure, not ForgeRift)	Per GitHub's cookie policy; ForgeRift sets no first-party cookies	Manage via your browser settings; see Cookie Policy for details.

Shutdown / service closure. If ForgeRift ceases operations, we will give at least 30 days' notice, delete or anonymize all personal data we directly hold within 90 days of closure, and assist subscribers in requesting deletion from Stripe and Resend as applicable.

7. Your rights

Depending on where you live, you may have rights under GDPR, UK GDPR, the California Consumer Privacy Act / CPRA, and other laws:

Access the personal data we hold about you,
Correct inaccurate data,
Delete personal data ("right to be forgotten") subject to exceptions,
Restrict or object to certain processing,
Port your data in a machine-readable format,
Withdraw consent at any time (where processing relies on consent),
Not be subject to discrimination for exercising your rights (CCPA),
Lodge a complaint with a supervisory authority (for EU/UK users — typically the authority in your country of residence).
Appeal a denial of a privacy rights request (Virginia, Colorado, Connecticut, and other state residents where applicable law grants this right — email [email protected] with subject "Privacy Rights Appeal").

To exercise any of these rights, email [email protected]. We will respond within thirty (30) days as required by GDPR Art. 12(3). The response period may be extended by up to sixty (60) additional days for complex or numerous requests, in which case we will inform you of the extension and the reasons within the first thirty (30) days.

Additional U.S. state privacy rights. Residents of states with comprehensive consumer privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (SB 6), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Iowa (ICDPA), Indiana (INCDPA), and Delaware (DPDPA) — have similar rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of certain processing. Many of these states additionally grant a right to appeal a denied privacy rights request: if we deny your request, you may submit an appeal to [email protected] with the subject line "Privacy Rights Appeal" and we will respond within the timeframe required by applicable law, along with a written explanation of our decision. If your appeal is denied, you may contact your state Attorney General.

CCPA/CPRA categories collected in the preceding 12 months. As required under the California Consumer Privacy Act, the categories of personal information we have collected from California consumers in the preceding 12 months are: identifiers (email address, license key), commercial information (subscription plan, billing history), and internet or other electronic network activity (license validation timestamps, GitHub interaction data). We collect these solely for the purposes described in Sections 2 and 3 of this Policy. We do not sell or share these categories for cross-context behavioral advertising.

We do not sell personal data, do not share it for cross-context behavioral advertising, and do not engage in automated decision-making that produces legal or similarly significant effects on you. The "do not sell or share" disclosure required under CCPA and equivalent state laws applies trivially here — there is nothing to opt out of.

Business customers requiring a Data Processing Agreement may request one — see Section 5.2 of the Terms of Service.

8. Children

The Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If we learn we have collected such data, we will delete it promptly. Contact us at [email protected] if you believe a child under 13 has provided us personal data.

9. Security

We use industry-standard measures to protect data we hold: account credentials are stored with reputable providers (Gmail, GitHub, Stripe, Resend) that enforce two-factor authentication and role-based access controls, administrative access is limited to ForgeRift personnel, and security correspondence is handled confidentially. No system is perfectly secure. If we learn of a breach affecting your personal data, we will notify affected users as required by applicable law.

10. International transfers

ForgeRift operates in the United States. If you are outside the U.S., your data may be transferred to and processed in the U.S. and other countries where our sub-processors operate. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Accessibility

ForgeRift is committed to making forgerift.io reasonably accessible to people with disabilities. We aim to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA on a best-effort basis. This is an ongoing effort — if you encounter an accessibility barrier on forgerift.io, please contact us at [email protected] and we will work to address it. This commitment applies to the forgerift.io website; accessibility of third-party platforms listed in Section 5 is governed by those platforms' own policies.

12. Do Not Track

Our website does not respond to Do Not Track signals. We do not track you across sites for advertising purposes, so there is nothing meaningful to respond to.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated Policy at forgerift.io/privacy and revise the "Last updated" date. For changes that materially reduce your privacy rights, we will give at least thirty (30) days' advance notice through the Services or by email (if we have it). Your continued use of the Services after an update means you accept the updated Policy.

14. Contact and complaints

For privacy questions, requests, or complaints, email [email protected].

EU / EEA users: you may also complain to your local data protection authority. A list is at edpb.europa.eu/about-edpb/about-edpb/members_en.
UK users: you may complain to the Information Commissioner's Office at ico.org.uk.
California users: you may contact the California Privacy Protection Agency or California Attorney General.

ForgeRift LLC
5821 W Mineral St, West Allis, WI 53214, U.S.A.
Email: [email protected]
Security: [email protected]
Website: https://forgerift.io

End of Privacy Policy.