Back to home

Privacy Policy

Effective: March 23, 2026 · Last updated: March 23, 2026

This Privacy Policy describes how Greenlight Software LLC ("Greenlight," "we," "us," or "our") collects, uses, and shares information in connection with your use of the Forge application ("Forge," "the App," or "the Service"), available at startforge.app and through the Shopify App Store.

By installing or using Forge, you agree to the collection and use of information as described in this policy. If you do not agree, please do not install or use the App.

1. Information We Collect

1.1 Information You Provide Directly

When you install Forge and use the Service, you may provide us with the following types of information:

  • Account and business information: Your name, email address, business name, and Shopify store URL, collected during installation and onboarding.
  • Inventory and materials data: Information about your materials, products, bills of materials (BOMs), build orders, repair orders, custom orders, purchase orders, vendor information, serialized inventory records, and laboratory certificates (e.g., GIA, AGS, IGI, EGL, HRD) that you enter into Forge.
  • Vendor and supplier information: Vendor names, contact details, pricing information, and purchase history that you enter or manage through the App.
  • Customer information related to orders: Customer names, order details, and contact information associated with repair orders, custom orders, and Shopify orders that are synced to Forge.
  • Support communications: Any information you provide when contacting us for support, including email correspondence and any files or screenshots you share.

1.2 Information Collected Automatically from Shopify

When you install Forge, you authorize us to access certain information from your Shopify store through the Shopify API. This may include:

  • Store information: Your store name, URL, plan, and settings.
  • Product data: Product titles, descriptions, variants, prices, images, inventory quantities, and product types.
  • Order data: Order details, line items, fulfillment status, and customer information associated with orders, collected via Shopify webhooks (e.g., orders/fulfilled, products/update).
  • Authentication data: OAuth tokens required to maintain the connection between Forge and your Shopify store.

We only request the Shopify API access scopes necessary for Forge to function. We do not access data beyond what is required to provide the Service.

1.3 Information from Third-Party Services

If you choose to connect optional third-party integrations, we may receive information from those services:

  • Metals pricing data: Current and historical precious metals pricing from MetalpriceAPI or similar providers, used to display live spot prices within Forge. This data is not personally identifiable.
  • Supplier APIs: If you connect your own supplier account (e.g., Stuller, Rio Grande), Forge may access product availability, pricing, and order information using the credentials you provide. We do not store your supplier account passwords. Authentication is handled through API keys or tokens that you provide and can revoke at any time.

1.4 Usage and Technical Data

We automatically collect certain technical information when you use the App:

  • Log data: IP address, browser type, pages visited within the App, timestamps, and referring URLs.
  • Device information: Operating system, screen resolution, and device type.
  • Performance data: Error logs, load times, and feature usage patterns, used to improve the App's performance and reliability.

We do not use third-party tracking or advertising cookies within the Forge application. We may use essential cookies or session tokens required for authentication and functionality.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service: Processing your inventory data, syncing with Shopify, managing build orders, tracking materials and costs, and all other core functionality of Forge.
  • To process subscriptions and billing: Managing your subscription tier and processing payments through the Shopify Billing API. We do not directly collect or store your payment card information — all billing is handled by Shopify.
  • To communicate with you: Sending transactional emails (e.g., account setup, subscription changes), responding to support requests, and providing product updates or announcements. You can opt out of non-essential communications at any time.
  • To improve the Service: Analyzing usage patterns and error reports to identify bugs, improve features, and guide product development.
  • To ensure security: Detecting and preventing fraud, abuse, or unauthorized access to your account or data.
  • To comply with legal obligations: Responding to lawful requests from law enforcement or regulatory authorities, and complying with applicable laws.

We do not sell your personal information or your business data. We do not use your inventory, order, or materials data for any purpose other than providing the Service to you.

3. How We Share Your Information

We do not sell, rent, or trade your information. We may share information only in the following limited circumstances:

3.1 Service Providers

We use third-party service providers to help us operate the Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect it. Current providers include:

  • Supabase: Database hosting and management (PostgreSQL). Your inventory, order, and business data is stored in a Supabase-hosted database.
  • Shopify: Authentication, billing, product and order data synchronization via the Shopify API and Shopify Billing API.
  • Cloudflare: Hosting, content delivery, and security services. File attachments (e.g., provenance PDFs, certificate images) may be stored in Cloudflare R2 storage.
  • MetalpriceAPI (or similar): Precious metals spot pricing data. No personal or business data is sent to this provider.

3.2 Third-Party Integrations You Enable

If you choose to connect a third-party service (e.g., a supplier API), data necessary for that integration will be shared with the third party according to their own terms and privacy policies. You control which integrations are active and can disconnect them at any time.

3.3 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations of our Terms of Service.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice in the App before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and business data: Retained for the duration of your subscription. Upon account deletion or uninstallation, we will delete your data within 30 days, unless we are required by law to retain it longer.
  • Inventory and operational data: Retained for the duration of your subscription. This includes all materials, BOMs, build orders, repair orders, custom orders, purchase orders, vendor records, and serialized inventory records.
  • Usage and log data: Retained for up to 12 months for performance analysis and debugging, then deleted or anonymized.
  • Support communications: Retained for up to 24 months after the last interaction for quality and training purposes.

You may request deletion of your data at any time by contacting us at the address listed below.

5. Data Security

We take reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL.
  • Encryption of data at rest in our database.
  • Authentication via Shopify OAuth — we do not store your Shopify password.
  • Role-based access controls within our internal systems.
  • Regular security reviews of our infrastructure and codebase.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data portability: Request a machine-readable export of your data.
  • Opt-out of communications: Unsubscribe from non-essential emails using the link provided in each email or by contacting us directly.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@startforge.app. We will respond within 30 days.

6.1 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To make a request, contact us using the information below.

6.2 European Economic Area Residents (GDPR)

If you are located in the EEA, our legal bases for processing your information include: performance of a contract (providing the Service), legitimate interests (improving the Service, ensuring security), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.

7. Children's Privacy

Forge is a business application designed for use by adults operating commercial enterprises. We do not knowingly collect personal information from children under 16. If we become aware that we have collected information from a child under 16, we will delete it promptly.

8. Shopify App Store

Forge is distributed through the Shopify App Store and is subject to Shopify's own terms and privacy policies in addition to this policy. Shopify's handling of your data is governed by Shopify's privacy policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy in the App and updating the "Last Updated" date above. For significant changes, we will also notify you via email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Greenlight Software LLC
Sheridan, Wyoming
Email: hello@startforge.app