Privacy Policy

We collect the following categories of data:

• Account data: Email address, hashed password, name (optional)
• Usage data: Deployment logs, server metrics (CPU, memory, request counts), CLI command history
• Billing data: Payment method (stored by Stripe, not us), billing address, subscription tier
• Technical data: IP address, browser/OS type, cookies, session tokens

We do not collect the content of your MCP server code beyond what is necessary to execute builds and security scans.

We use your data to:

• Operate and improve the Service
• Process payments and manage subscriptions
• Send transactional emails (deploy notifications, billing receipts)
• Detect and prevent abuse, fraud, and security incidents
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data to train AI models without explicit consent.

We retain account data for as long as your account is active plus 30 days after deletion. Deployment logs are retained for 90 days. Billing records are retained for 7 years as required by law. Anonymized usage metrics may be retained indefinitely.

We share data with the following processors to operate the Service:

• Fly.io — infrastructure provider; processes deployment data and server metrics
• Neon — database provider; stores account and deployment data
• Stripe — payment processor; handles billing data
• Sentry — error monitoring; may receive error traces including IP and request data
• Cloudflare — CDN and DDoS protection; processes request metadata

All processors are contractually bound to handle data in compliance with applicable privacy law.

We use essential session cookies for authentication. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser settings, but some Service features require them.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest for secrets, TOTP two-factor authentication support, and periodic security scans. No system is 100% secure; use strong passwords and enable 2FA.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to erasure")
• Object to or restrict processing
• Data portability

To exercise these rights, email privacy@ezforge.ai. We will respond within 30 days.

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@ezforge.ai and we will delete it promptly.

We are based in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.

We may update this Privacy Policy. We will notify you via email or in-product notification at least 30 days before material changes take effect. Your continued use after the effective date constitutes acceptance.

For privacy-related questions, email privacy@ezforge.ai.

See also our Terms of Service.