Privacy Policy

FORGR is operated by Vibeyard LLC, a State of Wyoming, United States limited liability company. When this policy says “Vibeyard,” “we,” “us,” or “our,” we mean Vibeyard LLC. When it says “you” we mean the individual or entity using FORGR.

For the purposes of the EU/UK General Data Protection Regulation (GDPR), Vibeyard LLC is the data controller for personal data collected through our marketing site at forgr.ai and the FORGR application at app.forgr.ai.

You can contact us at any time about this policy at [email protected].

This policy applies to personal data we collect when you:

• visit our marketing pages, blog, or documentation;
• create an account or sign in to FORGR;
• use the FORGR application to generate images, video, or other media;
• purchase or manage a subscription, or contact us for support.

It does not cover third-party websites we link to, model providers you may access through FORGR, or content you choose to publish outside our service. Those are governed by their own terms.

Information you give us

• Account details, name, email address, password (hashed by our identity provider), and any profile information you choose to add.
• Billing details, when you subscribe, our payment processor collects your name, billing address, and a token representing your payment method. We do not store full card numbers on our servers.
• Prompts and reference uploads, the text, images, videos, characters, and other inputs you submit to generate outputs.
• Generated content, the images, videos, and other media our pipelines produce in response to your prompts.
• Support correspondence, messages, files, and any other context you share when contacting us.

Information collected automatically

• Device and connection data, IP address, browser type, operating system, device identifiers, language preference, and approximate location derived from your IP.
• Usage data, pages viewed, features used, generations requested, the AI model selected for a generation, error events, and timestamps.
• Cookies and similar technologies, see section 12 for details.

Information from third parties

• Authentication providers, if you sign in with Google, Apple, or another OAuth provider, we receive your name, email, and a unique identifier from that provider.
• Payment processors, status of your subscription, last four digits of your card, expiration date, and country of the issuing bank.
• Anti-abuse and analytics partners, signals that help us detect bots, abuse, and product performance issues.

We use personal data to:

• provide, operate, and maintain the FORGR service;
• route your prompts to the AI model you selected and return the generated output to your account;
• authenticate you, secure your account, and prevent fraud, abuse, and unauthorized access;
• process payments, manage subscriptions, and send transactional receipts;
• respond to support requests, surveys, and other communications you initiate;
• monitor the health, performance, and reliability of our infrastructure;
• detect and enforce against content that violates our Terms of Service or applicable law;
• improve FORGR by analyzing aggregated, de-identified usage patterns;
• send you product updates, feature announcements, and marketing messages where you have opted in or where we are otherwise permitted by law, you can unsubscribe at any time;
• comply with our legal and regulatory obligations.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following bases under Article 6 of the GDPR:

• Performance of a contract, to deliver the FORGR service you have subscribed to, including generating and storing your outputs.
• Legitimate interests, to secure our service, prevent abuse, improve our product, and conduct limited direct marketing of features similar to those you already use, balanced against your rights and expectations.
• Consent, for non-essential cookies, for promotional emails where required, and for any optional sharing of generated content with public galleries.
• Legal obligation, to comply with tax, accounting, and law-enforcement requirements that apply to us.

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

FORGR is a thin, secure layer on top of leading generative models from third-party providers (for example Google, OpenAI, ByteDance, Kling, and Flux). Two principles drive how we handle the inputs and outputs that flow through that layer.

We do not train models on your content

Vibeyard does not use your prompts, reference uploads, or generated outputs to train, fine-tune, or evaluate machine learning models, whether our own or anyone else’s. Where a model provider offers an enterprise zero-retention or no-training option for our category of API traffic, we enable it by default.

How prompts reach the model

• When you submit a prompt, we transmit it, along with the minimum metadata needed to route the request, to the provider that operates the model you selected.
• Providers may retain that data briefly for abuse monitoring per their own policies. We surface the active provider for each model in our documentation.
• We store your prompts and outputs in your account so that you can browse, edit, and re-use them. You can delete any item from your library at any time.

Safety and moderation

We run automated checks against prompts and outputs to detect categories of content that are prohibited under our Terms of Service, including child sexual abuse material, non-consensual intimate imagery, and content that targets identifiable individuals without consent. Confirmed violations may be reported to the relevant authorities and can result in account termination.

We share personal data only with the categories of recipients listed below, and only to the extent reasonably necessary:

• Service providers (processors), vendors we rely on to run the service, including:
  • identity and authentication (Clerk), account creation, sign-in, multi-factor authentication;
  • payments and billing (Stripe), subscription management, invoicing, tax calculation;
  • model providers, Google, OpenAI, ByteDance, Kling, Flux, and other selected partners that execute the generation you requested;
  • cloud hosting, storage, and content delivery to host the application and serve your media globally;
  • product and security analytics, error monitoring, and customer support tooling.
• Affiliates, companies under common ownership with Vibeyard, where applicable and subject to this policy.
• Legal and safety, courts, regulators, and law enforcement when we are legally required to respond, or where disclosure is necessary to protect rights, property, or safety.
• Business transfers, an acquirer, successor, or investor in connection with a merger, financing, reorganization, or sale of assets, provided that recipient honors commitments at least as protective as this policy.

We do not sell personal data for money, and we do not engage in “sharing” or cross-context behavioral advertising as those terms are defined under the California Privacy Rights Act (CPRA).

Vibeyard LLC is based in the United States. To deliver FORGR globally we and our service providers process personal data in the United States and other countries that may not provide the same level of protection as your home country.

For personal data originating in the EEA, UK, or Switzerland we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), supplemented by additional technical and organizational safeguards such as encryption in transit, access controls, and minimization. You can request a summary of the safeguards in place by writing to [email protected].

We retain personal data only for as long as we have a legitimate business or legal reason to keep it. In practice:

• Account data, for the life of your account and for a reasonable period after closure to handle disputes, tax, and security needs (typically up to 24 months).
• Prompts and outputs, until you delete them. Deleting an item removes it from your library immediately; backups are overwritten on a rolling basis within 30 days.
• Billing records, for the period required by tax and accounting law, generally seven years.
• Logs and telemetry, for up to 90 days for security and operational diagnostics, in aggregate or de-identified form thereafter.
• Support correspondence, for up to 36 months from the last interaction.

We use administrative, technical, and physical safeguards proportionate to the sensitivity of the data we process, including:

• encryption in transit (TLS) and at rest;
• hardened cloud infrastructure with isolated environments for production and development;
• role-based access control, least-privilege principles, and audited access to production systems;
• secrets management and short-lived access credentials;
• continuous logging, intrusion detection, and routine vulnerability scanning;
• security training for everyone with access to user data and periodic third-party reviews.

No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify affected users and the relevant authorities within the timeframes required by applicable law.

Rights available to everyone

Regardless of where you live, you can access, export, or delete most of your data directly from your FORGR account settings, and you can email [email protected] if you need help.

EEA, UK, and Switzerland (GDPR)

You have the right to:

• access the personal data we hold about you;
• have inaccurate or incomplete data corrected;
• have your data erased (the “right to be forgotten”) where the legal grounds for doing so apply;
• restrict or object to certain types of processing, including processing based on legitimate interests and direct marketing;
• receive a portable copy of data you provided to us in a structured, machine-readable format;
• withdraw consent where processing is based on consent;
• lodge a complaint with your local supervisory authority, we’d appreciate the chance to address your concerns first.

California (CCPA / CPRA)

If you are a California resident, you have the right to:

• know the categories and specific pieces of personal information we have collected about you and the sources, purposes, and recipients;
• delete personal information, subject to legal exceptions;
• correct inaccurate personal information;
• opt out of any “sale” or “sharing” of your personal information, we do not engage in either, so there is nothing to opt out of, but we honor Global Privacy Control signals where required;
• limit the use of sensitive personal information, we use such information only for the limited purposes permitted under the CPRA;
• be free from discrimination for exercising any of these rights.

You may designate an authorized agent to submit a request on your behalf. We will verify all requests using account credentials or other reasonable means before responding.

Other US states

Residents of states with comprehensive privacy laws, including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others, have substantially similar rights and can exercise them through the same channels.

We use a small set of cookies and similar technologies to make FORGR work. We group them into three categories:

• Strictly necessary, required to keep you signed in, remember your theme, and protect against cross-site request forgery. These cannot be turned off.
• Performance and analytics, help us understand which features are used, where people get stuck, and how to make the product faster. We use privacy-preserving analytics and aggregate the results.
• Functional, remember preferences such as the model you last selected, list density, or onboarding progress.

You can clear cookies through your browser at any time. Doing so may sign you out and reset preferences.

FORGR is not directed to children. You must be at least 18 years old (or the age of majority in your jurisdiction, if higher) to create an account.

We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at [email protected] and we will delete it.

We may update this policy from time to time as our service evolves or the law changes. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through the FORGR application before the changes take effect.

Continued use of FORGR after an update means you accept the revised policy. If you do not agree to the changes, you can close your account at any time.

For any question about this policy or how we handle your data, please write to [email protected]. You can also reach us by mail at the address listed in the legal entity card below.

If you are in the EEA, UK, or Switzerland and prefer to escalate, you have the right to contact your local data protection authority. A list of authorities is available on the European Data Protection Board’s website.