Legal
Privacy Policy
Last updated: May 12, 2026
Forgestar Labs ("we", "us", "our") operates the Authgent credential management service. This Privacy Policy explains what data we collect, why, and how we handle it. We designed Authgent around a principle of minimal data collection — we collect only what is necessary for the Service to function.
1. Data We Collect
| Data | Purpose | Stored where |
|---|---|---|
| Email address | License activation, account communication | Cloudflare |
| Machine identifier | License binding to a specific device | Cloudflare |
| Stripe customer & subscription ID | Billing management | Stripe + Cloudflare |
| Device token | License revalidation | Cloudflare |
2. What We Don’t Collect
Your API keys. Your request contents. Your hardware serials. Your usage data. Your IP address.
3. How We Use Your Data
To activate and validate your license. To process billing through Stripe. To notify you of security incidents.
4. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, payment details |
| Cloudflare | Infrastructure | HTTP metadata |
| Resend | Transactional email | Email address |
We do not sell, rent, or share your personal data with any other third parties.
5. Data Retention
- Active subscriptions: Data is retained for the duration of your subscription.
- Cancelled subscriptions: Account data is retained for 90 days after the subscription ends, then permanently deleted.
- Deactivated devices: Device records are deleted immediately upon deactivation.
6. Your Rights
Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate personal data.
- Delete your personal data ("right to be forgotten").
- Export your data in a portable format.
- Object to processing of your data.
- Withdraw consent at any time.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
7. Data Security
All data is encrypted in transit and at rest. Stored identifiers cannot be reversed. Credentials are stored in isolated environments designed to prevent access by anyone, including us.
8. Cookies
The authgent.ai website does not use cookies. The desktop application stores license data locally using your operating system's standard storage mechanisms.
9. Children's Privacy
The Service is not directed at individuals under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a minor, contact us and we will delete it promptly.
10. International Transfers
Your data may be processed in the European Union and in infrastructure operated by Cloudflare. All transfers comply with GDPR requirements, including appropriate safeguards where data leaves the EU.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top reflects the most recent revision.
12. Contact
For privacy-related questions or requests:
- Email: [email protected]
- Data Controller: Forgestar Labs, Berlin, Germany