Privacy Policy

Last updated: February 5, 2026

Jason Brannon ("we," "us," or "our") operates the Forged mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using Forged, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (or Apple relay email if you use Sign in with Apple and choose to hide your email)
• Display name and username (chosen by you)
• Profile photo (optional)
• Unique user identifier generated by Firebase Authentication

1.2 Habit and Activity Data

When you use the App, we collect:

• Habit names, descriptions, icons, colors, and schedules you create
• Habit completion records and timestamps
• Momentum scores and progress history
• Challenge participation data, scores, and leaderboard rankings
• Social interactions (friend connections, challenge activity, reactions)

1.3 Photo Proof

If you participate in challenges that require photo proof, photos you upload are stored in Firebase Storage and are visible to other participants in that challenge.

1.4 Device and Technical Data

We automatically collect:

• Device type and model
• Operating system version
• App version
• Push notification tokens (for delivering notifications)
• IP address (logged by our infrastructure providers)

1.6 Purchase Data

If you subscribe to Forged Pro, Apple processes all payments. We receive:

• Subscription status (active, expired, etc.)
• Transaction identifiers
• Product identifiers for your subscription tier

We do not collect or store your credit card number, billing address, or other payment details. All payment processing is handled by Apple.

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the App
• Create and manage your account
• Track your habits and calculate momentum scores
• Enable social features (challenges, leaderboards, friend connections)
• Send push notifications (reminders, challenge updates, friend activity)
• Process and manage your subscription
• Respond to support requests
• Improve and develop new features

3. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

3.1 With Other Users

If you participate in challenges or add friends, the following is visible to those users:

• Your display name and username
• Your profile photo
• Your challenge scores, streaks, and rankings
• Your challenge activity (completions, milestones)
• Photo proof you upload (visible to challenge participants)

3.2 Service Providers

We use the following third-party services:

• Firebase (Google) — Authentication, cloud database (Firestore), file storage, and push notifications. Firebase processes data on our behalf under Google's Data Processing Terms.
• Apple — Sign in with Apple authentication and payment processing through StoreKit.

3.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Data Storage and Security

Your data is stored on Firebase servers operated by Google, which may be located in the United States. We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/SSL)
• Firebase Security Rules restricting data access
• Authentication required for all data operations

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

• Your account record and authentication data are deleted immediately
• Your habit data, progress history, and profile information are deleted within 30 days
• Challenge data you contributed to may be retained in anonymized form for the duration of the challenge
• Photo proof uploads are deleted within 30 days

6. Your Rights

6.1 All Users

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data (see Account Deletion)
• Withdraw consent for optional data collection (push notifications) at any time through iOS Settings

6.2 European Economic Area (GDPR)

If you are in the EEA, you have additional rights:

• Legal basis for processing: We process your data based on contract performance (providing the App service), consent (notifications), and legitimate interest (improving the App).
• Right to data portability: Request a copy of your data in a machine-readable format.
• Right to restrict processing: Request that we limit how we use your data.
• Right to object: Object to data processing based on legitimate interest.
• Right to lodge a complaint: File a complaint with your local data protection authority.
• Data transfers: Your data may be transferred to the United States where Firebase servers are located. These transfers are governed by Google's Standard Contractual Clauses.

6.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information
• Correct inaccurate personal information
• Non-discrimination for exercising your privacy rights

We do not sell or share your personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than providing the App.

To exercise any of these rights, contact us at forgedhabits@gmail.com. We will respond within 45 days.

7. Children's Privacy

Forged is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us personal information, please contact us.

8. Third-Party Services

Forged does not use third-party analytics, advertising networks, or tracking SDKs. The only third-party services are:

• Firebase (authentication, database, storage, push notifications)
• Apple frameworks (StoreKit, Sign in with Apple)

9. Account Deletion

You can delete your account at any time from within the App under Settings > Account > Delete Account. For more information, see our Account Deletion page.

When you delete your account, we also revoke your Sign in with Apple token if applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the App and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: