Last updated 29 May 2026

Privacy Policy

This policy explains the personal data The Forge uses to provide free website previews, Host My HTML review, optional static hosting, account support, and platform security.

What We Collect

  • Account details such as name, email address, password hash, login/session metadata, verification/reset metadata, and account role.
  • Website request details such as business name, niche, services, location, contact details, selected template, inspiration links, notes, and review/change requests.
  • Uploaded files such as logos, website images, inspiration files, HTML files, ZIP packages, SVGs, and change-request attachments.
  • Hosting and billing records such as Stripe customer/subscription identifiers, subscription state, complimentary hosting credits, invoices or payment status, and hosted site/domain details.
  • Operational records such as email delivery logs, audit logs, rate-limit/security events, generated-site versions, and basic site analytics.

How We Use It

  • Create private previews, review requested changes, host approved static sites, provide downloadable files, and support your account.
  • Send transactional emails such as request confirmations, preview notices, change-request updates, payment/hosting notices, password reset messages, and support replies.
  • Process optional hosting payments through Stripe and decide when DNS/live-hosting instructions should be available.
  • Protect the platform from abuse, unsafe uploads, unauthorised access, spam, and excessive automated requests.
  • Maintain audit records so admin actions, publishing, credits, cleanup, and support decisions can be understood later.

Processors And Services

  • The Forge runs on VPS/infrastructure hosting and local platform storage for generated sites, uploads, logs, and backups.
  • Stripe handles payment checkout, card processing, subscriptions, invoices, and customer billing portal services. The Forge does not store full payment card details.
  • Resend is used for transactional email delivery when configured.
  • DNS, TLS, and domain providers may process domain names, hostnames, IP addresses, and certificate information when a hosted site is connected.
  • Internal build tooling may process your request details and uploads to prepare website drafts, previews, and repairs before admin release.

Retention And Deletion

  • Released previews are visible for 48 hours. Unpaid generated preview files are retained for a short recovery window and then removed according to the cleanup policy.
  • Uploaded images may be compressed or resized into web-ready variants. Abandoned uploads, failed drafts, old versions, and expired previews may be cleaned up.
  • Account deletion removes active generated site files where possible and anonymises account/request records needed for security, billing, fraud prevention, or audit history.
  • Some logs, billing identifiers, email delivery records, and audit events may be retained where legally or operationally required.

Your Choices

  • You can request access, correction, export, or deletion of account data from account settings or by contacting support@the-forge.co.uk.
  • You can cancel optional hosting through the billing portal or support. Cancellation does not automatically delete audit, invoice, or security records.
  • You control what business information and files you submit, and you should only upload content you have the right to use.

Security

  • Passwords are stored as hashes, not plain text.
  • Admin-only pages require an admin account, and customer dashboards require login.
  • Forms, auth, contact forms, uploads, and admin actions use rate limits and server-side permission checks.
  • Secrets and API keys are kept in server environment files and should not appear in public pages or client-side code.