CodeForge

Beta

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains what personal data CodeForge (“we”, “us”, or “our”), the hosted code-generation platform at code-forge.net (the “Service”), collects, how we use it, and the choices you have. We act as the data controller for the personal data described here.

1. Data we collect

We collect the following categories of data:

  • Account data. When you sign in with GitHub, we receive your GitHub user identifier, username, email address, and avatar from GitHub’s OAuth service to create and identify your account.
  • GitHub access token and repository data. If you connect a GitHub repository, you supply a GitHub access token that we store and use to list your repositories and read their contents (such as your specification files). We only need read access; we do not write to your repositories.
  • Content you provide. The specifications, generation configuration, and package settings you submit or that we read from your connected repository so the Service can generate and publish SDKs.
  • Package registry tokens. The npm access token you supply, stored so the Service can publish packages to your registry on your behalf.
  • Billing data. When you subscribe to a paid plan, our payment provider Stripe collects and processes your payment details. We receive and store billing metadata (such as subscription status, currency, and customer and subscription identifiers), and we keep a record of the billing events we process. We do not store full card numbers.
  • Feedback and communications. If you send us feedback, suggestions, or support requests, we collect your name, email address, and the content of your message. Feedback submitted through the platform may be posted as a public issue in our GitHub repository, where your name, email, and message can be seen by others.
  • Generation and usage data. Records of your generation activity, which may include configuration and parameters, version information, and metadata about changes that trigger a generation (such as repository name, commit identifiers, and commit messages).
  • Technical and log data. Server and session logs used to operate and secure the Service, which may include your IP address, browser and device information, timestamps, and request metadata.

2. How we use your data

We use personal data to:

  • provide, operate, and maintain the Service;
  • authenticate you and manage your account and sessions;
  • read your connected repositories to obtain the specifications you generate from;
  • generate SDKs and publish packages at your direction;
  • process payments and manage subscriptions;
  • respond to your feedback, suggestions, and support requests;
  • diagnose problems, prevent abuse, and secure the Service;
  • communicate with you about your account and important changes.

Our legal bases for processing are performance of our contract with you (providing the Service), our legitimate interests (securing and improving the Service), compliance with legal obligations, and your consent where required.

3. GitHub

We use GitHub in two ways. First, for authentication: when you sign in, we receive the profile information described above to create and identify your account. Second, for repository access: if you connect a repository, you provide a GitHub access token that we store and use to list your repositories and read their contents, such as your specification files, so the Service can generate SDKs from them.

We only ever read from your repositories; we do not write to them or otherwise modify your GitHub account. You control the scope of the token you provide and can revoke it at any time from GitHub, which prevents any further access by the Service. Your use of GitHub is governed by GitHub’s own privacy policy.

Separately, if you submit feedback through the platform, it may be published as a public issue in our GitHub repository, including the name, email address, and message you provide. Please do not include sensitive information in feedback you do not want to be public.

4. Publishing to npm

When you configure publishing, you provide an npm access token that we store and use only to publish the packages you have configured, on your behalf. We do not use your token for any other purpose. You can revoke the token at any time from npm, which prevents any further use by the Service.

5. Payments

Payments are handled by Stripe, which acts as an independent processor of your payment data. Stripe’s handling of your information is governed by Stripe’s privacy policy. We do not receive or store your full payment card details.

6. Cookies and analytics

We use a strictly necessary cookie to keep you signed in and maintain your session. The CodeForge website does not run third-party advertising or behavioral analytics trackers. We rely on server-side operational logs to understand reliability and to secure the Service. If we introduce additional cookies or analytics in the future, we will update this policy first.

7. Sharing and sub-processors

We do not sell your personal data. We share data only with service providers that help us operate the Service, under appropriate confidentiality and data-processing terms. These currently include:

  • GitHub — authentication, repository access, and public feedback issues;
  • npm — package publishing at your direction;
  • Stripe — payment processing;
  • content delivery and font providers used to serve our website;
  • our hosting and database infrastructure providers.

We may also disclose data where required by law or to protect our rights and users.

8. Data retention

We retain your account data for as long as your account is active. Content, configuration, and tokens are retained while needed to provide the Service and are deleted or anonymized when you remove them or close your account, subject to any legal or accounting obligations (for example, retaining billing records as required by law).

9. Security

We take reasonable technical and organizational measures to protect your data, including access controls and encryption in transit. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We encourage you to scope tokens narrowly and revoke them when no longer needed.

10. Your rights

Depending on your location, you may have rights under the GDPR or similar laws to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You can exercise these rights by contacting us at the address below. You also have the right to lodge a complaint with your local data protection authority; in Denmark this is Datatilsynet.

11. International transfers

We operate from Denmark and use service providers that may process data outside your country, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as the providers’ standard contractual clauses.

12. Children

The Service is not directed to children, and we do not knowingly collect personal data from anyone under the age of digital consent in their country. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, provide additional notice.

14. Contact

Questions about this policy or your data? Email [email protected].