1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, password (encrypted), name (optional)
- Financial Data: Income, expenses, debt accounts, payment dates, transaction descriptions
- Payment Information: Processed securely by Stripe (we never store your credit card details)
- Support Communications: Messages you send to customer support
1.2 Information from Bank Connections (via Plaid)
- Bank Account Data: Account balances, transaction history, account names
- How It Works: You authorize Plaid to securely connect to your bank. We receive read-only access to transaction data.
- What We Don't Access: We cannot move money, initiate transfers, or access your bank login credentials
1.3 Automatically Collected Information
- Usage Data: Pages visited, features used, session duration
- Device Information: Browser type, operating system, IP address
- Cookies: Essential cookies for authentication and preferences (no third-party tracking cookies)
2. How We Use Your Information
2.1 To Provide Our Services
- Calculate debt payoff timelines (snowball, avalanche strategies)
- Sync transactions from your connected bank accounts
- Generate budgets and spending reports
- Send bill payment reminders and milestone notifications
- Track progress toward your custom debt-free date (e.g., August 2027)
2.2 To Improve Freedom Forge
- Analyze aggregated, anonymized usage patterns to improve features
- Fix bugs and optimize performance
- Develop new tools based on user needs
2.3 To Communicate with You
- Send account notifications (payment confirmations, password resets)
- Provide customer support
- Share product updates and tips (you can opt out anytime)
3. How We Protect Your Data
🔒 Security Measures
- Encryption: AES-256 encryption at rest, TLS 1.3 in transit
- Secure Infrastructure: Hosted on Vercel (SOC 2 Type II certified) and Supabase (SOC 2 compliant)
- Database Security: Row-Level Security policies ensure users can only access their own data
- Plaid Integration: Bank connections use OAuth 2.0 (same security as your bank's mobile app)
- Password Protection: Passwords are hashed using bcrypt (never stored in plain text)
- Regular Audits: Third-party security audits and penetration testing (annual)
4. Information Sharing
4.1 We DO NOT Sell Your Data
Freedom Forge will never sell, rent, or trade your personal or financial information. Our business model is subscription-based, not data-based.
4.2 Service Providers We Use
- Plaid: Bank account connections (read-only access to transactions)
- Stripe: Payment processing (they handle credit card data, not us)
- Vercel: Application hosting
- Supabase: Database hosting
- SendGrid: Transactional emails (account notifications, password resets)
All service providers are contractually required to protect your data and use it only for the purposes we specify.
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation (e.g., subpoena). We will notify you unless legally prohibited.
5. Your Rights & Choices
5.1 Access & Export Your Data
You can export all your financial data in CSV or JSON format from the Settings page. This includes transactions, budgets, debts, and goals.
5.2 Correct or Update Information
Update your account information anytime in Settings. Changes take effect immediately.
5.3 Delete Your Account
You can permanently delete your Freedom Forge account from Settings → Account → Delete Account. This action:
- Deletes all your financial data (transactions, budgets, debts) within 30 days
- Cancels your subscription (no further charges)
- Removes your email from our systems
- Cannot be undone (please export your data first if needed)
5.4 Opt Out of Marketing Emails
Click "Unsubscribe" in any marketing email. You'll still receive essential account notifications (payment confirmations, security alerts).
6. Data Retention
- Active Accounts: We retain your data as long as your account is active
- Deleted Accounts: Data permanently deleted within 30 days of account deletion
- Financial Records: Payment records retained for 7 years (IRS requirement)
- Anonymized Analytics: Aggregated usage data (no personal identifiers) retained indefinitely
7. Children's Privacy
Freedom Forge is not intended for users under 18 years old. We do not knowingly collect information from children. If you believe a child has created an account, please contact us at privacy@freedomforge.app.
8. International Users
Freedom Forge is based in the United States. If you access our service from outside the US, your data will be transferred to and stored in the US. By using Freedom Forge, you consent to this transfer.
European Union Users: We comply with GDPR. You have additional rights including data portability and the right to be forgotten. Contact privacy@freedomforge.app to exercise these rights.
9. California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Request deletion of your personal information
- Opt out of sale of personal information (note: we do not sell data)
- Non-discrimination for exercising your privacy rights
To exercise these rights, email privacy@freedomforge.app.
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated via:
- Email notification to your registered email address
- In-app notification banner
- Updated "Last Updated" date at the top of this page
Continued use of Freedom Forge after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us:
- Email: privacy@freedomforge.app
- Mail: Freedom Forge, 12308 Bay Estuary Bend, Riverview, FL 33579
- Support: contact@freedomforge.app
We aim to respond to all privacy inquiries within 48 hours (business days).
Privacy Policy Version: 1.0
Effective Date: November 27, 2025
Last Updated: November 27, 2025