Privacy Policy
Last updated: July 5, 2026
This policy explains what personal data PassForge collects, why, and your rights. The data controller is TODO: controller name, contactable at support@passforge.org.
What we collect
- Account data: your name, email address, and a hashed password.
- Usage data: your exam attempts, answers, scores, and progress, so we can show your results and analytics.
- Payment data: handled by Stripe. We store only a Stripe customer reference and your plan status, never your card number.
- Technical data: basic server logs (IP address, timestamps) kept for security and debugging.
Why we use it
To operate your account, deliver the exams you take, process payments, send you transactional email (password resets, receipts), and keep the Service secure. This processing is based on performing our contract with you and our legitimate interest in running a secure service.
Who we share it with (processors)
- Stripe - payment processing.
- Resend - transactional email delivery.
- Hetzner - server hosting (data stored in the EU).
We do not sell your personal data or share it for advertising.
How long we keep it
We keep account and attempt data while your account exists. Delete your account and we remove or anonymize your personal data, except records we must keep for legal or accounting reasons (for example, invoice records).
Your rights
You can access, correct, export, or delete your personal data, and object to or restrict certain processing. Email support@passforge.org and we will respond within the legally required time. If you are in the EU/EEA you may also complain to your local data protection authority.
Cookies
We use only strictly necessary cookies: a login session cookie and a CSRF security cookie. We do not use advertising or third-party tracking cookies, so no consent banner is required.
Questions about this page? Contact support@passforge.org.