SpecForgeTerms of Service

Privacy Policy

Effective Date: March 1, 2026

1. Introduction

SpecForge, Inc. (“SpecForge,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SpecForge platform at specforge.co (the “Service”). This Policy applies to all users of the Service and is designed to comply with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

The Service is intended for business customers located in the United States. We do not market the Service to individuals in the European Union or other jurisdictions outside the United States.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and professional role. Account authentication is managed by our third-party provider, Clerk.

2.2 Project Data

You may upload or create project-related content within the Service, including programming documents, specifications, equipment schedules, bid packages, contractor proposals, and submittal packages (“Project Data”). You retain ownership of all Project Data as described in our Terms of Service.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, and session duration.

2.4 Device & Technical Data

We collect device type, operating system, browser type and version, IP address, and general geographic location (city/state level, derived from IP address).

2.5 Payment Data

Payment processing is handled by Stripe. We do not store raw credit card numbers, CVVs, or full payment card details on our servers. We receive and store limited billing information from Stripe, including the last four digits of your card, card brand, billing address, and transaction history.

2.6 Support Communications

If you contact us for support via email or through our in-app chat (powered by Crisp), we collect the contents of those communications, including any attachments you provide.

3. How We Use Your Information

We use the information we collect for the following business purposes:

  • Providing the Service: Operating, maintaining, and delivering the features and functionality of the Service, including AI-powered specification generation and submittal review.
  • Account Management: Creating and managing your account, processing subscriptions, and communicating with you about your account.
  • Customer Support: Responding to your inquiries, troubleshooting issues, and providing technical assistance.
  • Service Improvement: Analyzing usage patterns to improve the Service, fix bugs, and develop new features. We use aggregate and de-identified data for this purpose.
  • Security: Detecting and preventing fraud, abuse, and security incidents.
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes.
  • Communications: Sending transactional emails (receipts, account changes, security alerts) and, with your consent, product updates and announcements.

4. AI Processing & Data Training

The Service uses artificial intelligence (powered by Anthropic) to generate specifications and review submittals. When you use these features, your Project Data is transmitted to Anthropic’s API for real-time processing.

We do not use your Project Data or any Customer Data to train, fine-tune, or improve AI or machine learning models. Data sent to Anthropic for processing is subject to Anthropic’s commercial API data usage policy, which prohibits the use of API inputs and outputs for model training. We will not change this practice without your explicit prior written consent.

5. Third-Party Service Providers (Subprocessors)

We share information with the following third-party service providers who process data on our behalf. Each provider is bound by contractual obligations to protect your data:

ProviderPurposeData Shared
VercelApplication hosting & CDNAll application data in transit; server logs
AnthropicAI processing (specification generation, submittal review)Project Data submitted for AI features only; not used for model training
StripePayment processingBilling information, payment card details, transaction data
ClerkAuthentication & identity managementName, email address, authentication credentials
CrispCustomer support chatName, email, support conversation contents

6. Data Sharing & Sale of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We only share personal information as described in Section 5 (with subprocessors) and in the following limited circumstances:

  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of Rights: To protect the rights, property, or safety of SpecForge, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, in which case you will be notified of any change in ownership or use of your personal information.
  • With Your Consent: When you direct us to share information with a third party.

7. Your Privacy Rights (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions (e.g., legal compliance, completing a transaction).
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary, but you may contact us to confirm.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you the Service, charge you different prices, or provide a different quality of service because you exercised your rights.

To exercise any of these rights, contact us at privacy@specforge.co. We will verify your identity before processing your request. We will respond to verifiable requests within 45 days. If we need additional time (up to 45 more days), we will inform you of the reason and extension period.

8. Data Retention

We retain your account information and Project Data for as long as your account is active. If you delete your account:

  • You may request an export of your Project Data before deletion.
  • Project Data is retained for up to 2 years after account deletion to allow for account recovery and compliance with legal obligations, unless you request earlier deletion.
  • After the retention period, all Project Data is permanently deleted.
  • Aggregate, de-identified data derived from your usage may be retained indefinitely for analytics and service improvement purposes.

Payment records are retained as required by applicable tax and financial reporting laws.

9. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of data at rest using AES-256 or equivalent.
  • Regular security assessments and monitoring.
  • Access controls limiting data access to authorized personnel.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Cookies & Tracking Technologies

We use cookies and similar technologies for essential Service functionality, including authentication (managed by Clerk) and session management. We do not use advertising cookies or tracking pixels for behavioral advertising.

Our customer support chat (Crisp) may set cookies to maintain your support session. You can manage cookie preferences through your browser settings.

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will provide at least 30 days’ notice of material changes by email or through the Service. The “Effective Date” at the top of this page indicates when this Policy was last revised. Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

SpecForge, Inc.

Email: privacy@specforge.co

For general inquiries: support@specforge.co