Legal
Effective date: April 17, 2026
TheContentForge ("we," "us," or "our") is a social content operations platform. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information. By using TheContentForge, you agree to the practices described here.
Account information
When you register or are invited, we collect your email address and the role assigned to your account within your organisation.
Billing information
For paid subscriptions, we collect billing contact details. Payment card processing is handled by our payment processor; we do not store full card numbers on our systems.
Analytics data you upload
Editors and admins may upload CSV exports from X Analytics, Instagram Insights, and Facebook Page Insights. This data is stored per organisation and used to power the Dashboard, Patterns, and Competitor Analysis features.
Generated content
Content generated via Content Forge, ForgeSays, or the Telegram Bot is stored in your organisation's generation history. Retention periods are determined by your plan tier.
Telegram bot interactions
When you use the Telegram Bot, we log the command type, timestamp, and the input provided. We do not store the full message text of messages that do not trigger a command.
OAuth tokens
When you connect a social account (X, Instagram, or Facebook) via OAuth, we store the resulting access token on your behalf. Tokens are org-scoped and encrypted at rest.
Usage and security events
We log authentication events, role changes, and settings updates to a Security Log. No message content is stored in security events — only the event type, timestamp, and user identifier.
Providing the service
All data collected is used to operate and improve TheContentForge for you and your organisation.
Content generation
Uploaded analytics, brand voice settings, and post history are passed to AI generation services (xAI/Grok) to produce contextual content drafts. Inputs are not used to train third-party models.
Billing and subscription management
Billing information is used to process payments, send invoices, and manage subscription renewals and changes.
Security
Security event logs are used to detect and investigate unauthorised access and misuse.
Communication
We may contact you at your registered email address for account-related notices, billing alerts, and service updates. We do not send marketing email without your consent.
TheContentForge relies on the following third-party services to operate:
Supabase
Database, authentication, storage, and edge functions. Data is stored in Supabase-managed infrastructure hosted in the AWS us-east-2 region (Ohio, USA).
xAI (Grok)
AI content generation. Prompts and context data are sent to xAI's API to produce draft content.
X, Instagram, Facebook
OAuth is used to connect social accounts for publishing. Each platform's own privacy policy governs data held on their side.
Netlify
Frontend hosting and deployment.
Retention periods for organisation data depend on your subscription plan. The table below describes general categories; specific limits are defined by your plan:
Analytics data
Post analytics uploaded by your organisation are retained according to your plan tier (Starter: 6 months, Pro: 12 months, Enterprise: 36 months). Custom plans have negotiated retention. Data beyond your plan limit is automatically pruned.
Competitor posts
Fetched competitor posts are retained according to your plan tier (Starter: 90 days, Pro: 180 days, Enterprise: 365 days). Pruning is automatic.
Generated content history
Generated content is stored per organisation. Retention is part of your plan definition and is visible in your account settings.
Account and billing data
Account information is retained while your account is active. After cancellation or deletion, account data is removed from production systems within 30 days. Billing records may be retained longer as required by applicable law.
Security logs
Security event logs are retained for a minimum of 12 months regardless of plan.
All data is stored in Supabase with row-level security enforced per organisation. OAuth tokens and API keys are encrypted at rest. Access to production data is restricted to authorised administrators.
You may request access to, correction of, or deletion of your personal data at any time. To submit a request, contact your organisation admin or email us at support@thecontentforge.io. We will respond within 30 days.
We may update this Privacy Policy from time to time. When we do, we will update the effective date above. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.
Questions or requests related to this policy can be directed to support@thecontentforge.io.