This Privacy Policy explains how InOrder Forge ("we," "us," or "our") collects, uses, and protects your information when you use our platform at inorder-forge.polsia.app. We keep this short and readable on purpose.
01 Overview
Short version: We collect what we need to run the service. We don't sell your data. We use anonymized, aggregated scan data to improve our models. You can request deletion at any time.
InOrder Forge is an App Store compliance and scaffolding tool. To function, we process the app ideas you submit and the outputs we generate. We treat that data with care.
02 What We Collect
| Category |
What specifically |
Why |
| Account Data |
Email address, password hash, account creation timestamp |
Authentication and communication |
| App Submissions |
App idea/description, audience, monetization model, category you enter into Forge Studio |
Generating your scaffold and compliance scan |
| Generated Outputs |
Code scaffolds, compliance scan results, risk scores, ASO assets linked to your account |
Persisting your work history and enabling re-access |
| Usage Analytics |
Pages visited, features used, button clicks, session timestamps, session UUIDs |
Understanding how the product is used; improving UX |
| Technical Data |
IP address, browser/OS type, referring URL |
Security, fraud prevention, performance monitoring |
| Payment Data |
Subscription status, plan tier (payment card details are handled by Stripe — we never see them) |
Enforcing plan-based access controls |
We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will delete it.
03 How We Use It
We use your data to:
- Provide the Service — Process your app submissions, run compliance scans, generate scaffolds and ASO assets
- Improve the platform — Analyze anonymized, aggregated scan patterns to refine our compliance rules, scoring algorithm, and generation quality (see Section 7 of our Terms of Service)
- Communicate with you — Send transactional emails (account creation, plan changes, important updates). We do not send marketing emails without your opt-in
- Security and abuse prevention — Detect and block fraudulent activity, enforce rate limits, and protect the integrity of the Service
- Analytics — Understand which features are used, where users drop off, and what to build next — all on an aggregated basis
- Legal compliance — Comply with applicable laws and respond to lawful requests
We do not use your data for advertising, profiling for third parties, or any purpose not listed here.
04 Third-Party Sharing
We do not sell, rent, or share your personal data with third parties for their own commercial purposes.
We share data only in these narrow circumstances:
- Infrastructure providers — Hosting (Render), database (Neon PostgreSQL), and file storage providers that process data on our behalf under strict data processing agreements
- AI processing — Your app submissions are processed via OpenAI's API to generate outputs. OpenAI's data use is governed by their API privacy policies. We do not opt in to OpenAI's training on API inputs
- Payment processing — Stripe processes payment information. We do not transmit or store your full card details
- Legal obligations — When required by applicable law, court order, or government authority
- Business transfer — In connection with a merger, acquisition, or sale of assets, where you will be notified and your rights under this policy will be maintained
All third-party processors are contractually obligated to use your data only as directed by us and to maintain appropriate security standards.
05 Cookies & Tracking
InOrder Forge uses minimal tracking:
- Session cookies — Required for authentication. Without these, you cannot stay logged in
- Usage events — We log anonymous events in a
usage_events table, keyed to a session UUID. These record which features you use (e.g., "ran compliance scan," "generated scaffold") without recording personal details about you
- No third-party advertising trackers — We do not use Google Ads pixels, Meta Pixel, or similar advertising tracking on our platform
- Google Fonts — Our pages load fonts from Google Fonts, which may set a cookie or log your IP per Google's privacy policy
You can disable cookies in your browser settings. Disabling session cookies will prevent you from logging in.
06 Data Retention
We retain your data as follows:
- Account data — Retained for the life of your account, plus 30 days after deletion request (to allow for re-activation) and as required for legal compliance
- App submissions and generated outputs — Retained while your account is active; deleted within 90 days of account deletion request
- Usage analytics — Retained for up to 24 months in identifiable form, then either deleted or anonymized and aggregated indefinitely for platform improvement
- Technical logs (IP addresses, request logs) — Retained for up to 90 days for security purposes
- Payment records — Retained for 7 years as required for tax and accounting compliance
Anonymized, aggregated data derived from your activity (e.g., "compliance pass rate for apps in the Health category") may be retained indefinitely as it cannot be used to identify you.
07 Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request that we correct inaccurate data
- Deletion — Request deletion of your account and associated personal data (subject to legal retention obligations)
- Portability — Request your data in a machine-readable format
- Objection — Object to specific processing activities where you have grounds
- Opt-out of communications — Unsubscribe from non-essential emails at any time
To exercise any of these rights, email privacy@inorder-forge.polsia.app. We will respond within 30 days.
If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.
08 Security
We take data security seriously:
- All data in transit is encrypted with TLS
- Passwords are hashed using industry-standard algorithms — we never store plaintext passwords
- Database access is restricted and access-logged
- We conduct regular security reviews of our infrastructure
No system is 100% secure. If you discover a security vulnerability, please report it to security@inorder-forge.polsia.app before public disclosure.
09 Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page.
Continued use of InOrder Forge after policy updates constitutes acceptance of the revised policy.
10 Contact
Privacy questions or requests: