🔒 Privacy Policy
Last Updated: February 2, 2026
TL;DR: Most of our tools run entirely in your browser and collect zero data. Premium tools with accounts collect only what's necessary (email, usage data). We're transparent about everything.
1. Overview
ThinkForge ("we", "our", or "us") operates two types of tools with different privacy practices:
- Free Client-Side Tools: No data collection whatsoever
- Premium Tools with Accounts: Minimal data collection for functionality
2. Client-Side Tools (No Data Collection)
These tools collect ZERO data:
- Unix Timestamp Converter
- JSON Formatter (if applicable)
- Other tools marked as "Client-Side"
How They Work:
- All processing happens in your web browser
- No data sent to our servers
- No cookies (except essential session cookies)
- No tracking scripts or analytics
- No third-party integrations
- No logs of usage
3. Premium Tools with Accounts
These tools collect minimal data for functionality:
Color Palette Generator (Premium)
What we collect:
- Email address: For account login and communication
- Password: Hashed with SHA-256 (we never see your plain password)
- Saved palettes: Your color palettes if you choose to save them
- API usage: Timestamps of API calls for rate limiting
- Subscription status: Free vs Premium tier
Why we collect it:
- Account management and authentication
- Saving your palettes across devices
- Rate limiting to prevent abuse
- Billing (via Stripe - see section 4)
How long we keep it: Until you delete your account
Image Metadata Stripper (API Access)
What we collect:
- API key: For authentication (auto-generated)
- Usage metrics: Daily/monthly request counts for rate limiting
- Images: Temporarily processed in memory, immediately deleted
We do NOT collect:
- Image content (processed in memory only)
- Metadata from your images
- Personal information
Regex Tester (Pattern Sharing)
What we store:
- Shared regex patterns: Only if you click "Share Pattern"
- Pattern metadata: Name, creation date
Important: Patterns are stored anonymously. We don't link them to you unless you use a premium account.
4. Third-Party Services
Stripe (Payment Processing)
Used for: Processing premium subscriptions ($9/month)
What Stripe collects:
- Payment information (credit card, billing address)
- Email address
- Transaction history
Their privacy policy: stripe.com/privacy
Our access: We only receive confirmation of payment, not your card details
AWS (Cloud Infrastructure)
Used for: Hosting our backend services
What AWS may log:
- IP addresses (for security/DDoS protection)
- Request timestamps
- HTTP request details
Data location: EU-based servers (GDPR compliant)
AWS privacy policy: aws.amazon.com/privacy
Redis (Caching)
Used for: Rate limiting and temporary session data
Data stored: API usage counters, temporary auth tokens
Retention: 24-48 hours maximum, then auto-deleted
5. Technical Server Logs
Our web server automatically collects basic technical information:
- IP addresses: Auto-deleted within 24 hours
- Browser type/version: For compatibility
- Timestamp of access: For security
- Pages requested: For debugging
Purpose: Preventing abuse, ensuring uptime, troubleshooting issues
NOT used for: Tracking, profiling, or advertising
6. Cookies
| Cookie |
Purpose |
Duration |
| session_id |
Authentication for logged-in users |
24 hours |
| api_key |
API authentication |
Until logout |
| theme_preference |
Dark/light mode setting |
1 year |
We do NOT use: Advertising cookies, tracking pixels, or third-party analytics
7. Your GDPR Rights
If you're in the EU/EEA, you have these rights:
1. Right to Access (Art. 15)
Request a copy of all data we have about you
How: Email privacy@thinkforge.tech or use account settings
2. Right to Deletion (Art. 17 - "Right to be Forgotten")
Delete your account and all associated data
How: Account settings → "Delete Account" or email us
3. Right to Portability (Art. 20)
Export your data in JSON format
How: Account settings → "Export Data"
4. Right to Rectification (Art. 16)
Correct inaccurate data
How: Update directly in account settings
5. Right to Object (Art. 21)
Object to data processing
How: Email privacy@thinkforge.tech
Response time: Within 30 days of your request
Cost: Free (unless request is excessive)
8. Data Security
Security measures we use:
- HTTPS encryption for all data transmission
- Password hashing (SHA-256)
- API key authentication
- Rate limiting to prevent abuse
- Regular security audits
- Limited data retention (24-hour log deletion)
Important: No system is 100% secure. While we implement industry-standard security, we cannot guarantee absolute security. If you discover a vulnerability, please email security@thinkforge.tech.
9. Data Retention
| Data Type |
Retention Period |
| Server logs (IP, timestamps) |
24 hours |
| Redis cache (rate limits) |
24-48 hours |
| Account data (email, palettes) |
Until account deletion |
| Shared regex patterns |
Indefinitely (unless deleted) |
| Deleted account data |
30 days (backup retention) |
| Payment records (Stripe) |
7 years (legal requirement) |
10. Data Breach Notification
In the unlikely event of a data breach:
- Within 72 hours: We notify relevant authorities (GDPR Art. 33)
- Within 72 hours: We email affected users if their data was compromised
- Transparency: We publish a public incident report
11. Children's Privacy
Our services are NOT directed at children under 13. We do not knowingly collect data from children. If you're a parent and believe your child has created an account, contact us immediately at privacy@thinkforge.tech for deletion.
12. International Data Transfers
Data location: EU-based AWS servers (GDPR compliant)
If outside EU: Data may be transferred to US-based services (Stripe) under Standard Contractual Clauses (SCCs)
13. Marketing
We do NOT:
- Sell your data to third parties
- Send unsolicited marketing emails
- Share your email with advertisers
We MAY:
- Send transactional emails (password resets, receipts)
- Send product updates (with opt-out option)
14. Changes to This Policy
If we make changes:
- Update the "Last Updated" date at the top
- Email users if changes are material
- Give 30 days notice before changes take effect
Your responsibility: Check this page periodically for updates
15. Legal Basis for Processing (GDPR Art. 6)
| Data Type |
Legal Basis |
| Account data (email, password) |
Contractual necessity (Art. 6(1)(b)) |
| Payment data (via Stripe) |
Contractual necessity (Art. 6(1)(b)) |
| Usage tracking (rate limits) |
Legitimate interest (Art. 6(1)(f)) - preventing abuse |
| Server logs (security) |
Legitimate interest (Art. 6(1)(f)) - security |
16. Data Controller
Data Controller: ThinkForge
Email: privacy@thinkforge.tech
Website: thinkforge.tech
EU Representative: [To be appointed if required]
17. Supervisory Authority
If you're in the EU and have concerns about our data practices, you can lodge a complaint with your local data protection authority:
18. Contact Us
Questions, concerns, or data requests:
- Email: privacy@thinkforge.tech
- Security issues: security@thinkforge.tech
- General inquiries: hello@thinkforge.tech
- Website: thinkforge.tech
Our Commitment: We built these tools to be useful AND respectful of your privacy. We only collect what's necessary, keep it secure, and give you full control.
← Back to Tools