Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains what personal information Gamerz Landing ("we", "us", "our") collects when you use Forge (the "Service"), how we use it, who we share it with, and the choices you have. Forge is operated from Utah, United States.

1. Summary (the short version)

We collect what we need to run your account, deliver AI chat, and bill you. Nothing more.
We do not train AI models on your content. Ever. Your prompts and outputs are sent to model providers (Anthropic, OpenRouter) for inference only, with their "no-training" settings enabled where supported.
We use Stripe for payments. Your card details go to Stripe, not to us.
Passwords are hashed (bcrypt). API keys and other secrets stored in our database are encrypted at rest with AES-256-GCM.
You can delete your account at any time. Deletion is permanent.

2. Who We Are

Gamerz Landing is the operator of Forge. Inquiries about this Policy or your data should be sent to privacy@gamerzlanding.com.

3. Information We Collect

Account information. Username, email address, and a bcrypt hash of your password (we never store the plaintext password). Optionally, a display name and profile picture if you choose to add them.
Chat content. The messages you send to AI models, the responses you receive, characters and lorebooks you create, world-state trackers, summaries, and other roleplay assets you save.
Usage data. Counts of messages sent, AI tokens consumed, models used, features enabled, session timestamps, and per-message cost. Used for billing, daily/monthly cap enforcement, and platform abuse detection.
Billing information. If you subscribe, Stripe collects your name, billing address, and payment method. We receive only a Stripe customer ID and high-level subscription status — never your full card number or CVV.
Technical data. IP address, browser user-agent, and device information. Used for security (login alerts, rate limiting, abuse mitigation) and for diagnostic logs that automatically expire.
Communications. Email content you send to support or via the Service (e.g., feedback, account recovery).
Voice input (optional). When you use the dictation feature, audio is sent to our speech-to-text service for transcription only. Audio is not retained after transcription.

4. How We Use Information

To provide and operate the Service, including AI chat, character libraries, world-state tracking, and account features.
To authenticate you, secure your account, and protect against abuse (rate limiting, fraud detection, multi-account violations).
To enforce subscription tier limits (daily message limit, daily AI cost cap, monthly hard cap) so you cannot inadvertently exceed your plan.
To process payments through Stripe and provide receipts.
To send transactional emails (email verification, password reset, billing receipts, security alerts). We do not send marketing emails without your opt-in.
To diagnose and fix bugs (error logs, performance metrics).
To comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

5. AI Model Providers

To generate AI responses, your prompts and the relevant context (character data, lorebook entries, conversation history) are transmitted to third-party model providers:

Anthropic — Claude models (Haiku, Sonnet, Opus). Anthropic's data handling is described at anthropic.com/legal/privacy.
OpenRouter — A routing layer that forwards prompts to additional providers (Google, DeepSeek, others) under your selected model. OpenRouter's policy is at openrouter.ai/privacy. The ultimate provider's policy also applies.

No training on your content. We do not authorize these providers to train, fine-tune, or otherwise improve their models on your prompts or outputs. Where the provider supports it (Anthropic, OpenRouter), we enable the "no-training" / "zero-retention" flag on every request. We do not separately retain your content for training under any circumstance.

6. Payment Processor

Stripe processes all paid subscriptions. We receive a Stripe customer ID, the active subscription tier, and billing event metadata (renewal date, cancellation status). We do not see or store full card numbers, CVV codes, or bank account numbers. Stripe's privacy policy is at stripe.com/privacy.

7. Email Provider

Transactional email (verification, password reset, invitations) is delivered through Resend. Resend receives your email address and the email body. Their policy is at resend.com/legal/privacy-policy.

8. Cookies and Local Storage

Session cookie. A single httpOnly, Secure, SameSite=Lax cookie that keeps you logged in. It contains a random session identifier — no personal information is encoded in the cookie itself.
Local storage. Used for client-side UI preferences (theme, sidebar state, draft messages). Stored in your browser; we do not read it.
No tracking cookies. We do not use Google Analytics, Facebook Pixel, advertising trackers, or third-party tag managers.

9. Data Storage and Security

Servers are hosted in the United States. Data is encrypted in transit over TLS.
Passwords are stored as bcrypt hashes.
API keys, Stripe webhook secrets, and other sensitive settings are encrypted at rest with AES-256-GCM.
Access to production systems is restricted to authorized administrators and protected by authentication, rate limiting, and audit logging.
No system is perfectly secure. If we learn of a breach that affects your information, we will notify affected users by email without undue delay and as required by applicable law.

10. Data Retention

Account and chat data. Retained while your account is active. You can delete individual messages, sessions, characters, lorebooks, and other assets at any time through the Service. On account deletion, all account-scoped data is permanently removed within 30 days, except as required by law.
Error logs and rate-limit data. Retained for up to 30 days for debugging and abuse mitigation, then automatically pruned.
Billing records. Subscription and invoice records may be retained for up to 7 years to comply with tax and accounting requirements.
Backups. Routine backups are retained for up to 35 days. Deleted data may persist in backups until they roll off; we do not restore deleted data from backups except in disaster recovery.

11. International Transfers

The Service is operated from the United States. If you use Forge from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection rules than your home country. By using the Service, you consent to this transfer.

12. Children's Privacy

Forge is intended for users 13 years of age or older (and 18+ for any adult-oriented features allowed by our Acceptable Use Policy). We do not knowingly collect personal information from anyone under 13. If we learn that a child under 13 has provided us personal information, we will delete the account and associated data. Parents and guardians who believe their child has registered without authorization should contact privacy@gamerzlanding.com.

13. Your Rights

Access. You can view your account information and chat data through the Service interface.
Export. You can export your characters, lorebooks, and chat sessions as standard JSON / character-card formats from the Service.
Correction. You can update your username, email, password, and profile through account settings.
Deletion. You can delete your account at any time from account settings or by emailing privacy@gamerzlanding.com. Account deletion is permanent and cannot be undone.
Opt-out of email. You can disable non-essential email by replying to the unsubscribe link in any of our emails. Transactional emails (security, billing) cannot be disabled while you have an account.

13a. California Residents (CCPA / CPRA)

If you reside in California, you have the right to (i) know the categories of personal information we collect and the purposes for which we use it (see Sections 3 and 4 above), (ii) request a copy of your personal information, (iii) request deletion, (iv) request correction of inaccurate information, and (v) opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share your personal information for advertising. To exercise these rights, contact privacy@gamerzlanding.com. We will not discriminate against you for exercising your rights.

13b. European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you reside in the EEA, UK, or Switzerland, our legal bases for processing your personal information are: contract (to provide the Service you signed up for), legitimate interests (security, abuse prevention, product improvement), legal obligation (tax, anti-fraud), and consent (where required). You have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. You may lodge a complaint with your local supervisory authority. For requests, contact privacy@gamerzlanding.com.

14. Automated Decision-Making

We use automated systems to (i) enforce daily and monthly cost caps, (ii) detect platform abuse, and (iii) moderate content against our Acceptable Use Policy. These systems may temporarily restrict feature access. If you believe such a decision was made in error, contact support@gamerzlanding.com for human review.

15. Third-Party Links

The Service may link to external sites (model provider policies, Stripe receipts, our DMCA agent). We are not responsible for the privacy practices of third-party sites.

16. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date and notify you in-product or by email at least 14 days before the change takes effect (where reasonably possible). Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact

For privacy questions, data-subject requests, or to report a concern, contact privacy@gamerzlanding.com. For general support, contact support@gamerzlanding.com.