Deploy ForgeDeployForge
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: February 11, 2026
Table of Contents

Introduction

At Deploy Forge, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use Deploy Forge ("Service"), a platform for automated deployment of WordPress themes and plugins from GitHub repositories.

By creating an account or using the Service, you acknowledge that you have read and understand this policy. For information about the legal bases we rely on to process your data, see the Your Rights and European Privacy Rights sections below.

Information We Collect

Account Information

When you create an account, we collect:

  • Email Address — Required for account creation, login, and communications
  • Name — Optional display name for your profile
  • Profile Image — Optional avatar
  • Password — Securely hashed if using email/password authentication; never stored in plain text

Authentication Data

We support email/password authentication and third-party OAuth providers (such as GitHub and Google). When using OAuth, we receive basic profile information from the provider including your email and display name.

WordPress Site Data

When you connect WordPress sites to the Service, we collect your site URL, connection status, and the authentication credentials (such as API keys or tokens) needed to deploy to your site. These credentials are stored securely and used only to perform deployments you initiate.

GitHub Integration Data

When you connect GitHub through our GitHub App, we collect information necessary to trigger and monitor deployments, including your GitHub user identifier, GitHub App installation ID, the repositories you select, branch and commit information, and webhook event data. We also store the GitHub App installation credentials needed to access your repositories on your behalf.

Deployment Data

For each deployment, we track information such as commit details, deployment status, timestamps, and backup references to provide deployment history and enable features like rollbacks. Every deployment automatically creates a backup of your previous theme or plugin version.

Workspace and Organization Data

Deploy Forge supports workspaces where multiple users collaborate. When you create or join a workspace, we collect the workspace name, your role within it (owner, admin, or member), and member lists. Workspace administrators can view member activity, deployment history, and site configurations within their workspace. See the Workspace and Organization Data section below for details on how this data is handled.

Subscription and Payment Data

We collect subscription information including your selected plan and subscription status. Payment processing is handled entirely by Polar (polar.sh), our third-party payment processor and Merchant of Record. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers.

Support and Communication Data

When you contact us or submit support tickets through the dashboard, we collect your contact information, message content, ticket category and priority, and any files you choose to share.

Automatically Collected Data

We automatically collect:

  • IP Address — For security, fraud prevention, and rate limiting
  • Browser and Device Information — Browser type, operating system, screen resolution, and device type, used to optimize your experience
  • Session Data — To maintain your logged-in state and workspace context
  • Usage Data — Pages visited, features used, buttons clicked, deployment actions taken, and support interactions. We use this data to understand product usage patterns and improve the Service.

How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account and workspace memberships
  • Process deployments, create backups, and track deployment history
  • Communicate with you about your account, support requests, and service updates
  • Analyze usage patterns to improve our features and performance
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

Cookies, Analytics, and Tracking

Cookies

We use cookies and similar technologies for:

  • Session Cookies — Maintaining your logged-in state and active workspace context. These are essential for the Service to function.
  • Preference Cookies — Remembering your settings such as dashboard layout and notification preferences.
  • Security Cookies — Fraud prevention and protecting your account.

We do not use third-party advertising or tracking cookies.

Product Analytics (PostHog)

We use PostHog, a product analytics platform, to understand how users interact with Deploy Forge. PostHog collects usage data including pages visited, features used, and interaction patterns. When you are logged in, we associate analytics data with your account (including email, name, plan tier, workspace context, and aggregate usage counts such as total sites and deployments) to provide a better experience and improve the Service. PostHog may use cookies or local storage to distinguish users. You can learn more about PostHog's data practices at posthog.com/privacy.

Error Monitoring (Sentry)

We use Sentry for error monitoring and performance tracking. When errors occur, diagnostic information including browser details, the actions leading to the error, and session replays (visual recordings of user interactions around the time of an error) may be sent to Sentry. Session replays help us reproduce and fix bugs more effectively. This data may include personally identifiable information such as your IP address and browser metadata. You can learn more at sentry.io/privacy.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may prevent you from using the Service.

Data Sharing

We do not sell your personal information. We share data only in these circumstances:

Service Providers

We use third-party service providers to help operate the Service, including:

  • Polar (polar.sh) — Payment processing and subscription management
  • Vercel — Application hosting and edge delivery
  • Railway — Database hosting and infrastructure
  • Upstash — Caching and rate limiting (Redis)
  • PostHog — Product analytics (see above)
  • Sentry — Error monitoring and session replay (see above)
  • Resend — Transactional email delivery
  • GitHub — Source code repository integration

These providers access data only as needed to perform services on our behalf and are contractually obligated to protect your information.

Legal Requirements

We may disclose information when required to:

  • Comply with applicable laws or legal processes
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, who will be bound by this Privacy Policy. We will notify you of any such transfer.

Data Security

We implement robust security measures to protect your data, including:

  • All data is encrypted in transit (TLS) and at rest
  • Passwords are securely hashed and never stored in plain text
  • WordPress site credentials and API tokens are stored with encryption
  • Role-based access controls within workspaces
  • Regular security assessments and dependency auditing

While we implement robust security measures, no system is completely immune to threats. If you become aware of any security issues, please contact us immediately at security@getdeployforge.com.

Data Retention

  • Account Data — Retained while your account is active; deleted upon account deletion request
  • Deployment History — Retained for the lifetime of your account
  • Deployment Backups — Retained on your WordPress site locally; we do not host backup files
  • Support Records — Retained for customer service and legal compliance purposes
  • Analytics Data — Retained for up to 24 months for product improvement purposes
  • Error Monitoring Logs — Retained for up to 90 days for debugging purposes
  • Server Logs — Retained for up to 30 days for operational and security purposes

Workspace and Organization Data

Deploy Forge supports collaborative workspaces where multiple users can manage sites and deployments together.

Visibility Within Workspaces

When you join a workspace, your display name, email address, and role are visible to other workspace members. Workspace administrators can view:

  • Member lists and roles
  • Deployment activity and history for workspace sites
  • Site configurations and connection status
  • Subscription and plan information for the workspace

Leaving a Workspace

If you leave or are removed from a workspace, your personal account data remains intact, but your access to that workspace's data is revoked. Deployments and activity you performed within the workspace remain in the workspace's history.

Workspace Deletion

When a workspace is deleted by its owner, all associated data (sites, deployment history, member associations) is removed. Individual member accounts are not affected.

Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Update inaccurate or incomplete information
  • Deletion — Delete your account and associated data
  • Data Portability — Export your data in a machine-readable format
  • Opt-Out — Unsubscribe from marketing communications
  • Restriction — Request that we limit how we process your data in certain circumstances

To exercise these rights, contact us at privacy@getdeployforge.com or use the account settings in your dashboard. We will respond to verified requests within 30 days.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know — You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete — You may request deletion of your personal information, subject to certain exceptions (such as data needed to complete a transaction or comply with legal obligations).
  • Right to Correct — You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.

Categories of personal information we collect: Identifiers (name, email, IP address), internet activity (usage data, pages visited), professional information (GitHub username, repository names), and inferences (product usage patterns).

To exercise these rights, email privacy@getdeployforge.com with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation:

Data Controller

Deploy Forge is the data controller for your personal data. You can contact us at privacy@getdeployforge.com.

Legal Bases for Processing

We process your personal data under the following legal bases:

  • Contract Performance — Processing necessary to provide the Service (account management, deployments, workspace functionality)
  • Legitimate Interests — Processing for security, fraud prevention, service improvement, and analytics, where our interests do not override your rights
  • Consent — Where you have given explicit consent, such as for optional marketing communications
  • Legal Obligation — Processing required to comply with applicable law

Your GDPR Rights

In addition to the general rights listed above, you have the right to:

  • Object — Object to processing based on legitimate interests
  • Restrict Processing — Request restriction of processing in certain circumstances
  • Data Portability — Receive your data in a structured, commonly used format
  • Withdraw Consent — Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint — File a complaint with your local data protection supervisory authority if you believe your rights have been violated

To exercise these rights, email privacy@getdeployforge.com. We will respond within 30 days.

International Data Transfers

Your data is primarily processed in the United States, where our hosting infrastructure (Vercel, Railway) is located. Your data may also be processed in other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on our service providers' participation in the EU-US Data Privacy Framework or Standard Contractual Clauses as appropriate safeguards.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant data protection authorities as required by applicable law. We aim to provide notification within 72 hours of becoming aware of a qualifying breach, including a description of the breach, the types of data affected, and the steps we are taking in response.

Artificial Intelligence

We do not use your personal data, deployment content, or source code to train artificial intelligence or machine learning models.

Children's Privacy

Deploy Forge is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service at least 30 days before they take effect. Your continued use after changes take effect constitutes acceptance of the updated policy. Prior versions of this policy are available upon request.

Contact Us

For questions about this Privacy Policy or our data practices:

  • Privacy: privacy@getdeployforge.com
  • Security: security@getdeployforge.com
  • General Support: support@getdeployforge.com