1. Introduction

AgencyForge (“AgencyForge,” “we,” “our,” or “us”) is a multi-tenant SaaS platform that helps marketing agencies and freelancers build and host websites for their local-service-business clients. This Privacy Policy explains what information we collect when you use the platform, how we use it, and the choices you have. It applies to agencyforge.io, the AgencyForge web application, and the websites we host on behalf of our customers.

2. Information We Collect

Account information

When you register, we collect your name, email address, agency name, hashed password, and (on paid plans) billing details. Team members invited to your agency provide the same basic profile data.

Customer content (multi-tenant data)

AgencyForge is a multi-tenant platform. Each agency’s projects, intake records, website content, blog posts, media, and configuration are isolated and accessible only to that agency’s authorized members and to AgencyForge personnel as needed to operate the service. Agencies are responsible for the lawful collection and use of end-client business information they upload.

AI inputs and outputs

When you use AI features (content generation, image generation, keyword clustering, page optimization, internal-link suggestions, sitewide AI commands, content strategy, etc.), we send prompts derived from your project data to third-party model providers (currently Google Gemini and Anthropic Claude) and store the resulting outputs in your project. Prompts and outputs are also retained in our systems for debugging, rate-limiting, abuse prevention, and operational logging.

Payment data

Subscription payments are processed by Stripe. We do not store full card numbers; we receive a payment token, the last four digits, and metadata necessary to manage your subscription. Stripe’s privacy practices govern how they process card data.

Usage and device data

We log standard request metadata (IP address, user agent, timestamps, page paths, referring URLs, and feature usage) to operate, secure, and improve the platform.

Cookies

We use first-party cookies for authentication and session management. We may use limited analytics cookies to understand product usage in aggregate. You can disable cookies in your browser, but core platform features may stop working.

3. How We Use Information

• Provide, maintain, and secure the AgencyForge platform and the websites it hosts.
• Authenticate users and enforce role-based access within each agency tenant.
• Process payments and manage subscription lifecycles.
• Operate AI features by sending prompts to model providers and storing outputs.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Send transactional and product emails (account, billing, security, key updates).
• Improve product performance, reliability, and feature design.
• Comply with legal obligations and enforce our Terms of Service.

4. AI Processing & Data Retention

AgencyForge sends prompts to third-party AI providers to generate content, images, and recommendations. Today those providers are Google Gemini and Anthropic Claude. Each provider’s API terms govern their handling of submitted data; we choose providers and configurations that, to our knowledge, do not use customer prompts to train their public models. We do not use your customer content to train any AI model.

Generated content is stored in your project as part of your customer data and retained for the lifetime of the project. AI prompt and response logs used for debugging and abuse prevention are retained on a rolling basis (typically up to 90 days). You can request deletion of your data as described below.

5. How We Share Information

We do not sell personal information. We share information only with:

• Service providers — infrastructure (hosting, databases, storage), payments (Stripe), email delivery, error tracking, and AI model providers, all under contractual confidentiality obligations.
• Within your agency — content you create is visible to other authorized members of your agency tenant.
• Legal and safety — when required to comply with law, enforce our Terms, or protect rights, safety, or property.
• Business transfers — in connection with a merger, acquisition, or asset sale, with notice to affected customers.

6. Data Retention

We retain account and project data while your account is active. After account cancellation, customer content is typically retained for 30 days to allow recovery, then deleted from production systems and removed from backups within 90 days. Logs and aggregated usage data may be retained longer for security and compliance.

7. Your Rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal information we hold about you, object to certain processing, and opt out of certain disclosures. Submit requests to [email protected]. We will verify your identity before fulfilling a request.

8. Security

We use industry-standard safeguards including encryption in transit, hashed credentials, role-based access control, and least-privilege internal access. No system is perfectly secure; please use a strong password and enable any account protections we offer.

9. International Transfers

AgencyForge is operated from the United States. If you access the service from outside the US, your information will be transferred to and processed in the US and in regions where our service providers operate.

10. Children

AgencyForge is not directed to anyone under 16. We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notice at least 14 days before they take effect. The “Last updated” date at the top reflects the current version.

12. Contact

Questions about this policy or your data can be sent to [email protected].