Privacy Policy

Last updated: May 2026

1. Introduction

PlanForge AI ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We comply with the General Data Protection Regulation (GDPR), the Protection of Personal Information Act (POPIA), and other applicable data protection laws.

2. Information We Collect

  • Account information: name, email address, and password (encrypted) when you register
  • Payment information: processed securely by Stripe — we never store card details
  • Usage data: documents generated, tool interactions, feature usage
  • Device data: IP address, browser type, operating system for security purposes
  • Communications: support emails and feedback you submit to us

3. How We Use Your Information

  • To provide, operate, and improve the PlanForge AI platform
  • To process payments and deliver generated documents
  • To send transactional emails (document delivery, receipts, account notices)
  • To prevent fraud, ensure security, and debug platform issues
  • To comply with legal obligations under GDPR, POPIA, and applicable law
  • To send marketing emails — only with your explicit consent, which you may withdraw anytime

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases: (a) Contract — to fulfill our service agreement with you; (b) Legitimate Interests — to improve our platform and prevent fraud; (c) Legal Obligation — to comply with applicable laws; (d) Consent — for marketing communications.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only with trusted service providers necessary to deliver our services:

  • Supabase (database and authentication) — hosted in the EU/US
  • Stripe (payment processing) — PCI-DSS compliant
  • Anthropic (AI generation) — inputs are processed to generate your documents
  • Resend (email delivery) — for transactional emails only
  • Vercel (hosting) — SOC 2 certified infrastructure

6. Data Retention

We retain your account data for as long as your account is active. Generated documents are stored for 12 months after creation. Payment records are retained for 7 years as required by tax law. You may request deletion at any time — see Section 8.

7. International Transfers

Our services are hosted in the United States and European Union. If you are located outside these regions, your data may be transferred internationally. We ensure appropriate safeguards (Standard Contractual Clauses, adequacy decisions) are in place for all cross-border transfers.

8. Your Rights

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Unsubscribe from marketing at any time
  • Lodge a complaint: With your local data protection authority

9. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, row-level security in our database, and regular security audits. No system is 100% secure — if you believe your account has been compromised, contact us immediately at privacy@planforge.ai.

10. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (with your consent) to understand how users interact with our platform. You may manage cookie preferences via our cookie consent banner. See our Cookie Policy for details.

11. Children's Privacy

PlanForge AI is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately.

12. Changes to This Policy

We may update this policy periodically. We will notify you via email and a banner on our platform at least 30 days before significant changes take effect. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related requests, questions, or concerns: Email: privacy@planforge.ai Data Controller: PlanForge AI Response time: Within 30 days as required by GDPR/POPIA