Third-Party Processors and Your Data
The Forge does not sell user data, and keeps it safe and secure using best industry practices. We share user data only when absolutely necessary toward the functioning of our service - for administrative, legal, or technical reasons.
We outline who we work with, why we share data with them, the data they receive, and their locations below.
Payment Data Processors
| Name | Purpose of Data Processing | Data Received | Location |
|---|---|---|---|
| Stripe | For billing and tax calculation. | Personally identifiable information including associated email address(es), name, billing address, and payment details. Received as soon as user inputs billing information such as address. | United States |
| Paypal/Braintree | For billing. | Personally identifiable information including associated email address(es), name, billing address, and payment details. Received when user links PayPal to The Forge. | United States |
Service Providers
Unlike our payment processors, service providers are not sent user information in a way that they can typically access. Since they are still sent the information, we list them below.
| Name | Purpose of Data Processing | Data Received/When | Location |
|---|---|---|---|
| DigitalOcean | Account information is stored on Forge's private servers in DigitalOcean datacenters, includes personally identifiable information. | No data is shared with the service provider. Data is stored in their datacenter, received upon account creation. | United States and Singapore |
| OVH | Account information is stored on Forge's private servers in OVH datacenters, includes personally identifiable information. | No data is shared with the service provider. Data is stored in their datacenter, received upon account creation. | Canada, Germany, Australia, and Singapore |
| AWS Simple Email Service | Sent as part of use as an SMTP server for outgoing emails, such as welcome emails and password resets. | User email addresses. Received when outgoing email targeting user is made. | United States |
| Cloudflare | As part of CDN services, user IP addresses connect through Cloudflare. | Connecting IP address and other connection information, received when users connect to our services. | Global |
| Axiom | Server logs are stored within Axiom for analytical purposes to improve service reliability, and may include user IP address and other connection information. | Connecting IP address and other connection information, received when users connect to our services. | United States |
| Wasabi+Backblaze | Assets library and backup data is stored here. User "worlds" are one of the types of data backed up here. Personally identifiable data is not stored here by The Forge. | Data that users upload or create, including uploaded assets and "world data" backups. Received when users create/upload data to The Forge. | United States |
| Kapa.ai | Receives user IP address as part of AI chat-bot functionality. Kapa does not receive personally identifiable information. | Connecting IP address and other connection information, received when user accesses/uses chat bot functionality. | United States |
| Discord/Tickettool/YAGBOT | Information discussed during customer support cases may be retained by these ticket bots. Sensitive user information is not retained in support tickets. | Information needed for customer support, such as user email address. Received when user shares information for ongoing support inquiry. | Global |
| Foundry Gaming | Usage data to improve the FoundryVTT software and their other services. | Anonymous usage data, only if a user has opted in to telemetry data sharing on Foundry v11+. The data is transmitted periodically when a user's Foundry server is online. | United States |