Data Privacy

Last updated: July 2, 2026

Summary

Forger is built around local apps. Apps installed through Forger run in a private workspace on your computer. Forger Cloud supports account features, the app catalog, app downloads and updates, ratings, reviews, private feedback, backups, paired devices, remote access sessions, Google OAuth support for Gmail, and product support.

This policy explains what is local, what is sent to Forger Cloud, how Google and Gmail data is handled, and what choices you have.

Data stored locally

Installed apps, app code, local app databases, local workspaces, user-selected files, generated files, local app modifications, local service state, local automation transcripts, local agent context, local tool settings, and local credentials or tokens stored by the desktop app remain on your device unless you explicitly use a feature that sends information elsewhere.

You can use Forger with local data and without sharing local app data with third parties when you do not enable cloud, agent, connected tool, backup, remote access, or other features that send information outside your device.

Forger apps must work inside the private Forger workspace and must not read files outside that workspace unless you share those files with an app, agent, task, automation, or tool for a specific purpose.

Data sent to Forger Cloud

Forger Cloud may receive account data such as first name, optional last name, email, password authentication data, account confirmation data, optional country, optional age, optional gender, registration IP, inferred registration country, subscription tier, session metadata, and password reset or confirmation metadata.

Forger Cloud may also receive catalog and product data such as installed app summaries reported by signed-in devices, download events, platform, user agent, device identifier, country code, ratings, reviews, private feedback, desktop version, app version, operational logs, error reports, backup metadata, device records, device heartbeats, and remote session metadata.

If you create an account or use Forger Cloud, Forger stores the information needed for registration, account access, authentication, device registration, cloud backups, remote access, support, and other cloud-backed features you choose to use. When you use Forger Desktop with a Forger Cloud session, Desktop registers the current device and sends session and heartbeat metadata needed to keep the account, device list, online status, remote access, support, security, and service integrity working. This account and heartbeat metadata is required for signed-in cloud use and is not controlled by the optional usage analytics setting.

Optional usage analytics

Forger Desktop can collect optional usage analytics when you enable “Help improve Forger.” These events use a random installation identifier, not your Forger Cloud account, so we can understand aggregate usage patterns, such as which product surfaces are opened or whether an install flow succeeds.

Usage analytics do not include personal content, local app data, files, chats, credentials, prompts, file names, Gmail metadata, message text, or stack traces. You can turn this setting off from Forger Desktop Settings. Consent and preference change events may still be recorded so Forger can remember and respect your decision.

Reviews and feedback

Ratings and visible reviews may be shown in Forger Desktop and related catalog surfaces. Private feedback is used by the Forger team to diagnose problems, prioritize improvements, and respond to user requests.

If you submit feedback or an error report, include only information you want Forger to review. Error reports can include technical details, app identifiers, versions, platform information, and diagnostic fields needed to understand the problem.

Backups, devices, and remote access

If you use cloud backups, Forger Cloud stores the backup files and metadata needed to list, download, verify, and delete those backups. Backup metadata can include app ID, app name, app version, backup type, source, checksum, file count, size, and timestamps.

When you use Forger Desktop with a Forger Cloud session, Forger Cloud stores device identifiers, a hashed device secret, device name, platform, signed-in status, installed app summaries, runtime status summaries, and heartbeat timestamps. Remote access sessions use Forger Cloud to route an authenticated browser session to a signed-in online desktop. Remote session metadata is stored by Forger Cloud; app content is relayed only as needed to provide the remote session.

Messages between users are encrypted for devices. Forger Cloud routes and may store encrypted envelopes, but it cannot recover the plaintext content of those messages.

Agents, tasks, automations, and AI

Forger Desktop can use agents, AI tasks, app chat, and automations to inspect, explain, operate, or modify installed apps. When you ask an agent or automation to work with app content, files, screenshots, email, or other data, the content needed for that task may be sent to the AI provider configured for that workflow. Forger Cloud does not automatically receive your local app databases or private workspace files merely because they exist locally.

If you connect ChatGPT/Codex, Claude, or another AI provider, Forger sends the information needed for the task to that provider. That provider may process the data under its own terms and privacy policy.

Automations run without waiting for interactive tool approval. If an automation is allowed to use a configured tool, it may use that tool according to the automation instructions and the tool's own validation rules.

Google and Gmail data

Forger can connect Gmail as an official tool when you choose to connect a Google account. The current Gmail tool requests Gmail read-only and Gmail send permissions so Forger can search messages, read messages and threads, read selected attachments, and send email when you ask an agent, task, app, or automation to do so.

Forger Cloud helps complete the Google OAuth token exchange and token refresh because the OAuth client secret must not be embedded in the desktop app. The Gmail refresh token is stored by Forger Desktop in the local secret store on your device. Forger Cloud does not store your Gmail refresh token as part of the current desktop Gmail flow.

When you use Gmail features, Forger may send requests to Google to search messages, read message or thread content, download selected attachments, refresh access tokens, or send email. Gmail attachments that are read by the tool may be saved locally so the agent can inspect or reuse them for your requested task.

Forger does not sell Google user data. Forger does not use Google user data for advertising. Forger does not use Gmail content to train general AI models. Forger does not allow humans to read Gmail content unless you specifically ask for support involving that content, it is necessary for security or abuse investigation, it is required by law, or the data is aggregated and no longer identifies you.

Forger's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Service providers

Forger may use hosting, database, email delivery, analytics, logging, storage, authentication, OAuth, AI, and support providers to operate the service. These providers process data only as needed to provide infrastructure, product functionality, security, and support.

Security

We use reasonable technical and organizational measures to protect Forger Cloud data, including account confirmation, access controls, token handling, filtered parameter logging, and separation between local app data and cloud account data. No system is perfectly secure, and you should keep your device, operating system, Forger account, Google account, and AI provider accounts protected.

Your choices

You can use local apps without a Forger Cloud account when the feature does not require login. You choose whether to create a Forger Cloud account, publish a review, send private feedback, upload backups, pair devices, create remote sessions, connect Gmail, connect an AI account, share files, run automations, or ask an agent to operate an app or tool.

You can revoke Google access from your Google Account permissions, disconnect or reconfigure tools in Forger Desktop, delete cloud backups, remove paired devices, and stop using account-based features. Some operational records may be retained as needed for security, legal compliance, abuse prevention, support, and service integrity.

Children

Forger is not directed to children. Do not use Forger if you are not old enough to consent to these terms and privacy practices in your jurisdiction.

Changes to this policy

We may update this policy as Forger changes. If we materially change how Forger uses Google user data or other personal data, we will update this policy and, where required, ask for consent before using that data in a new way.

Contact

For privacy questions, contact the Forger team through the support channel published in Forger Desktop or on the Forger website.