UK law applies. This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The Privacy and Electronic Communications Regulations 2003 (PECR) also apply to our use of cookies and electronic marketing, which are covered separately in our Cookie Policy.
1. Data controller
Forgelio Ltd ("Forgelio", "we", "us", or "our") is the data controller for personal data collected through this website and platform. We are incorporated in England and Wales.
As data controller, we determine the purposes and means of processing your personal data. If you have any questions about this policy or how we handle your data, please contact us at privacy@forgelio.com.
We have not appointed a Data Protection Officer (DPO) as we do not meet the threshold requiring one under UK GDPR. All privacy enquiries are handled directly by the founding team.
2. Data we collect
We may collect the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identity data | Name, email address | Account creation, waitlist management, communications |
| Career data | Job role, years of experience, industry sector | Personalised AI risk assessments and roadmaps |
| Usage data | Pages visited, features used, time on site, device type | Analytics, platform improvement, performance monitoring |
| Account data | Password hash, login timestamps, account preferences | Account management and security |
| Payment data | Billing name, last 4 digits of card, billing address | Processing subscription payments (handled by Stripe) |
| Communications data | Messages sent to us, support requests | Responding to enquiries and providing support |
| Technical data | IP address, browser type, session identifiers | Security, fraud prevention, analytics |
We do not collect special category data (such as health information, biometric data, or political opinions) and do not ask for it.
3. How we collect data
We collect data in the following ways:
- Directly from you, when you use our platform, complete an assessment, register for an account, join the waitlist, or contact us
- Automatically, when you browse our website, through cookies and similar technologies (see our Cookie Policy)
- From third parties, such as Supabase (authentication and database services) or Stripe (payment processing), where necessary to provide the Services
4. Why we process your data
We process personal data for the following purposes:
- To provide and operate the Forgelio platform and its features
- To deliver personalised AI risk assessments, career roadmaps, and skill gap analysis
- To manage your account, including authentication and security
- To manage and communicate with waitlist participants
- To process subscription payments and manage billing
- To send product updates, launch announcements, and service communications
- To measure and improve platform performance using analytics
- To respond to enquiries, support requests, and privacy rights exercises
- To comply with legal obligations, including fraud prevention and financial record-keeping
5. Lawful basis for processing
Under UK GDPR Article 6, we rely on the following lawful bases for processing personal data:
| Processing activity | Lawful basis |
|---|---|
| Waitlist registration and communications | Consent (Article 6(1)(a)) |
| Account creation and management | Contract performance (Article 6(1)(b)) |
| Delivering paid subscription features | Contract performance (Article 6(1)(b)) |
| Processing subscription payments | Contract performance (Article 6(1)(b)) |
| Analytics and platform improvement | Legitimate interests (Article 6(1)(f)) |
| Security, fraud prevention, and abuse detection | Legitimate interests (Article 6(1)(f)) |
| Financial record-keeping | Legal obligation (Article 6(1)(c)) |
| Responding to legal requests | Legal obligation (Article 6(1)(c)) |
Where we rely on legitimate interests, we have conducted a balancing test and are satisfied that our interests do not override your rights and freedoms. You may object to this processing at any time (see section 10).
Where we rely on consent, you may withdraw it at any time by contacting us at privacy@forgelio.com. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
6. Processors and data sharing
We share personal data only with trusted third-party processors who act on our instructions. We do not sell your personal data to any third party.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and file storage | EU / US |
| Resend | Transactional email delivery | US |
| PostHog | Product analytics and event tracking | EU |
| Stripe | Payment processing and billing | US |
| Anthropic (Claude API) | AI-powered assessment generation | US |
| Vercel | Platform hosting and content delivery | US / EU |
All processors are bound by data processing agreements that require them to process data only on our instructions and to implement appropriate technical and organisational security measures.
We may also disclose personal data where required by law, court order, or regulatory authority, or where necessary to protect the rights and safety of Forgelio, our users, or the public.
7. International transfers
Some of our processors are based in or may transfer data to countries outside the United Kingdom, including the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses (SCCs) approved under UK data protection law
- Transfers to countries with UK adequacy regulations in place
- Binding corporate rules (where applicable)
You can request further details about the specific safeguards applied to any particular transfer by contacting us at privacy@forgelio.com.
8. Retention periods
We retain personal data only for as long as necessary for the purpose for which it was collected. Our standard retention periods are:
| Data category | Retention period | Reason |
|---|---|---|
| Waitlist data (email) | Up to 24 months, or until deletion is requested | Waitlist management and launch communications |
| Account data | Duration of account, plus 90 days after closure | Service delivery; grace period for account recovery |
| Assessment and career data | Duration of account, deleted on account closure | Personalisation of services |
| Analytics data (PostHog) | 12 months | Product improvement; anonymised thereafter |
| Payment records | 7 years | Legal obligation under UK financial regulations |
| Support communications | 3 years from last interaction | Legal and operational reference |
| Backup data | Up to 90 days from deletion request | Technical backup cycles |
Where data has served its purpose and the retention period has expired, we securely delete or anonymise it. You may request early deletion at any time (see section 10).
9. Automated processing and AI assessment
The Forgelio AI Risk Score and related assessments are generated using automated processing. These tools analyse information you provide about your role and experience to produce a personalised risk score, skill gap report, and career recommendations.
These outputs are informational and advisory only. They do not constitute binding decisions about your employment, career, or suitability for any role, and are not used to make decisions that produce legal or similarly significant effects on you. They are tools to inform your own decision-making.
Because our AI assessments are not solely automated decisions with significant effects, Article 22 of UK GDPR does not apply as a mandatory protection. However, we are committed to transparency: if you want to understand how a score or recommendation was generated, please contact us at privacy@forgelio.com.
10. Your rights under UK GDPR
Under UK data protection law, you have the following rights:
- Right of access (Subject Access Request): Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data in certain circumstances, such as where it is no longer needed for the purpose for which it was collected.
- Right to restriction of processing: Request that we restrict processing of your data in certain circumstances, for example while a rectification request is resolved.
- Right to data portability: Request a copy of data you have provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or contract.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that produce significant legal or other effects, except in limited circumstances. See section 9.
- Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@forgelio.com. We will respond within one calendar month of receiving your request. We may need to verify your identity before processing the request.
We will not charge for most requests, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to respond.
11. Children
Our Services are not directed at children under 18 years of age and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.
If you believe we have collected data relating to a child, please contact us at privacy@forgelio.com.
12. Complaints and the ICO
If you are unhappy with how we have handled your personal data, please contact us first at privacy@forgelio.com and we will do our best to resolve your concern.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the "Last updated" date at the top of this page when we make changes.
For material changes that significantly affect your rights or how we process your data, we will notify you by email (if you have an account) or by displaying a prominent notice on the website, with reasonable advance notice before the changes take effect.
14. Contact
For privacy-related questions, requests, or complaints, please contact us:
- Email: privacy@forgelio.com
- Company: Forgelio Ltd, incorporated in England and Wales
- General enquiries: hello@forgelio.com