This policy is written to be read, not survived. We tell you exactly what we collect, why we collect it, and what you can do about it. If something is unclear, email us — we'll fix it.
Contents
- Who We Are
- What We Collect
- How We Use Your Information
- How We Share Your Information
- Data Storage & Security
- AI Processing & Your Data
- AI Subprocessors
- Health & Mental Wellness Disclaimer
- Your Rights
- California Residents (CCPA / CPRA)
- EEA / UK Residents (GDPR)
- Children's Privacy
- Cookies & Tracking
- Changes to This Policy
- Contact Us
01 Who We Are
SheForge is an AI-powered app suite and business education platform designed for women entrepreneurs. Our products and services are operated by SheForge ("SheForge," "we," "us," or "our"), reachable at sheforge.ai.
This Privacy Policy applies to:
- The SheForge marketing website at sheforge.ai
- The lead magnet and email capture page at guide.sheforge.ai
- Any SheForge app or service that links to this policy
- Communications we send you via email or other channels
It does not apply to third-party websites or services we may link to. Those have their own policies, which we encourage you to read.
02 What We Collect
Information You Give Us Directly
- Contact form submissions — your name, email address, and the message you write.
- Lead magnet opt-ins — your name and email address when you request a free guide or resource at guide.sheforge.ai.
- Email correspondence — any information you include when you email us.
- App account registration — when available, your name, email, and any profile information you provide.
Information Collected Automatically
- Log data — IP address, browser type, pages visited, time spent, referring URL, and device type.
- Usage data — interactions with pages and features on the site.
- Cookies and similar technologies — see Section 12 for details.
Information From Third Parties
We do not currently purchase, rent, or receive personal data from third-party data brokers. If this changes, we will update this policy.
CCPA Categories of Personal Information Collected
For California residents, we collect the following statutory categories of personal information (Cal. Civ. Code § 1798.140):
- Identifiers — name, email address, IP address
- Internet or other electronic network activity — pages visited, time on site, browser and device type
- Professional or employment-related information — business details you share voluntarily through forms or email
- Inferences drawn from personal information — we do not draw inferences about your characteristics, preferences, or behavior for profiling purposes
We do not collect: sensitive personal information (as defined under CPRA) including precise geolocation, racial or ethnic origin, religious beliefs, biometric data, health data, sexual orientation, or the contents of private communications — and we do not infer sensitive personal information from any data we collect.
SheForge does not collect government ID numbers, payment card numbers, Social Security numbers, biometric data, or Protected Health Information (PHI) as defined under HIPAA. Do not send sensitive financial or medical information through our contact forms or emails.
03 How We Use Your Information
We use the information we collect to:
- Respond to your contact form submissions and inquiries
- Deliver the lead magnet, guide, or resource you requested
- Send you emails you opted in to receive (you can unsubscribe at any time)
- Operate, maintain, and improve the SheForge website and apps
- Understand how people use our platform so we can make it better
- Comply with legal obligations
- Protect against fraud, abuse, and security threats
We do not use your data to train AI models without your explicit, informed consent.
05 Data Storage & Security
Your data is stored on servers located in the United States. Our backend uses Google Workspace infrastructure, which maintains industry-standard physical, technical, and administrative safeguards.
We implement reasonable security measures including:
- HTTPS / TLS encryption for all data in transit
- Access controls limiting who can view collected data
- Regular review of vendor security practices
No method of transmission over the internet or electronic storage is 100% secure. While we take data protection seriously and apply reasonable safeguards, we cannot guarantee absolute security. You transmit data to us at your own risk.
We retain your personal information only as long as necessary to fulfill the purpose it was collected for, or as required by law. Contact form data is retained for up to 24 months. Opt-in email addresses are retained until you unsubscribe or request deletion.
06 AI Processing & Your Data
SheForge apps use artificial intelligence to generate content, recommendations, and analysis. Here is how your data interacts with AI within our platform:
Input Data You Provide to Apps
When you use SheForge apps (DreamForge, ContentForge, FollowUp Flow AI, etc.), the content you enter — prompts, goals, responses — may be processed by third-party AI providers acting as our subprocessors. These providers receive only the data necessary to generate your requested output. We select providers with strong data protection commitments and configure them, where available, to prohibit your data from being used to train their general models. For the full list of AI subprocessors and links to their privacy policies, see Section 7 — AI Subprocessors.
We Do Not Train on Your Data
SheForge does not use your personal content to train, fine-tune, or improve our own AI models without your explicit opt-in consent.
AI Outputs Are Not Professional Advice
All AI-generated content — including content from DreamForge, ContentForge, FocusForge, FollowUp Flow AI, OfferForge, PipelinePro, and PersonaForge — is provided for informational and productivity purposes only. It is not legal, financial, medical, psychological, or therapeutic advice. See Section 8 for our health-specific disclaimer.
07 AI Subprocessors
In the interest of recipient transparency — and in line with current best practice for AI SaaS platforms — SheForge maintains a list of the third-party AI vendors ("subprocessors") that may process your data when you use our apps. These parties act solely on our instructions and are bound by data processing agreements that restrict their use of your data.
The current list of AI subprocessors is maintained at sheforge.ai/subprocessors. We will update that page when subprocessors are added or removed, and will notify you of material changes per Section 14.
Current subprocessors include:
- Anthropic, PBC — Large language model processing (Claude API). Privacy policy: anthropic.com/privacy
Additional AI processing vendors will be listed on the Subprocessors page as SheForge apps launch. We will not add a subprocessor that materially weakens data protection without providing 30 days' prior notice.
08 Health & Mental Wellness Disclaimer
SheForge is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and does not provide healthcare, mental health treatment, or clinical services. The information processed through SheForge apps — including any dream journaling, focus, or wellness-adjacent features — does not constitute Protected Health Information (PHI) under HIPAA. Do not use SheForge apps to store, transmit, or process PHI.
SheForge apps may offer features related to goal-setting, sleep, focus, and personal reflection. These features are personal productivity tools, not clinical or therapeutic interventions. If you are experiencing a mental health concern, please consult a licensed mental health professional.
If you share information of a sensitive personal nature through our apps, forms, or emails, please understand that such information is not treated as clinical data and does not carry the legal protections afforded to PHI under HIPAA.
SheForge does not use your inputs — including dream journal entries, goal reflections, or focus data — to infer sensitive personal information as defined under the CPRA (Cal. Civ. Code § 1798.121), including mental or physical health conditions, psychological traits, or emotional state. App outputs are AI-generated productivity content, not assessments, diagnoses, or evaluations of your personal characteristics.
09 Your Rights
Regardless of where you live, you have the following rights regarding your personal data:
- Access — Request a copy of the personal information we hold about you.
- Correction — Ask us to correct inaccurate or incomplete data.
- Deletion — Request that we delete your personal data, subject to legal retention requirements.
- Portability — Receive your data in a commonly used, machine-readable format.
- Opt-out of marketing — Unsubscribe from marketing emails at any time using the link in any email or by contacting us directly.
- Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at nastasja@sheforge.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request.
10 California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights:
- Right to Know — the categories and specific pieces of personal information we collect, the sources, our business purpose, and the categories of third parties we share with.
- Right to Delete — request deletion of your personal information (subject to exceptions).
- Right to Correct — request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising. No opt-out action is required.
- Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information for purposes beyond those permitted under CPRA without your consent.
- Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.
Do Not Sell or Share
SheForge does not sell your personal information and does not share it for cross-context behavioral advertising. You do not need to submit an opt-out request — this is our default practice.
Global Privacy Control (GPC)
SheForge recognizes and honors the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing under CPRA. If your browser or device transmits a GPC signal when you visit sheforge.ai, we treat that signal as a do-not-sell/share instruction and will not override it.
To submit a verifiable consumer request, email nastasja@sheforge.ai with the subject line "CCPA Request." We will respond within 45 days, with one 45-day extension permitted where necessary.
11 EEA / UK Residents (GDPR)
If you are in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to the processing of your personal data. Our lawful bases for processing are:
- Consent — for email marketing communications and opt-in lead magnets
- Legitimate interests — for site analytics, fraud prevention, and operational communications
- Contract performance — when processing is necessary to fulfill a service you have requested
- Legal obligation — when required to comply with applicable law
In addition to the rights in Section 8, EEA/UK residents have the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local supervisory authority.
Your data may be transferred to and processed in the United States, which may not offer the same level of data protection as your home jurisdiction. We take steps to ensure appropriate safeguards are in place, including using vendors who participate in recognized data transfer frameworks.
12 Children's Privacy
SheForge is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at nastasja@sheforge.ai and we will promptly delete it.
13 Cookies & Tracking
SheForge uses cookies and similar technologies to operate the site and understand how it is used. Specifically:
- Essential cookies — required for the site to function. Cannot be disabled.
- Analytics cookies — help us understand traffic patterns and improve the site. We aim to use privacy-friendly analytics tools that do not fingerprint users or share data with advertising networks.
- No advertising or cross-site tracking cookies — we do not run ad targeting on this site.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain pages. As the site evolves, we will update this section to reflect any changes in our cookie use and will implement a consent mechanism where required by law.
14 Changes to This Policy
We may update this Privacy Policy as SheForge grows and as applicable law evolves. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify subscribers via email for significant changes
- Post a notice on the SheForge homepage for at least 30 days
Your continued use of SheForge after the effective date of a revised policy constitutes acceptance of those changes. If you disagree with a material change, you may request deletion of your data before the change takes effect.
15 Contact Us
Privacy questions, data requests, and complaints can be directed to:
SheForge Privacy
Email: nastasja@sheforge.ai
Website: sheforge.ai
We aim to respond to all privacy inquiries within 5 business days, and to fulfill data rights requests within 30 days (45 days for CCPA requests).