Privacy Policy
Last updated: February 24, 2025
1. Introduction
BackForge AI (“we,” “us,” or “our”) operates the BackForge AI productivity application (web and mobile). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using BackForge AI, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your email address, full name, and profile photo through our authentication provider (Clerk). We store your user ID, email, name, and avatar URL in our database.
2.2 User-Generated Content
We collect and store the content you provide to BackForge AI, including:
- Captured text — messages, tasks, notes, and follow-ups you type into BackForge AI
- Memory items — structured data extracted from your input (titles, descriptions, due dates, urgency levels)
- Chat messages — conversations with the AI assistant
- Draft messages — AI-generated follow-up drafts based on your items
2.3 Third-Party Service Credentials
When you connect third-party integrations (such as GitHub, Linear, Jira, Slack, Notion, Gmail, Google Calendar, Trello, Asana, Todoist, Confluence, or Discord), you provide API keys or access tokens. These credentials are encrypted at rest using AES-256-GCM encryption before being stored. We never store your credentials in plaintext. We only decrypt them temporarily in server memory when executing actions on your behalf.
2.4 Device Information
If you use our mobile application, we collect your device push token (Expo Push Token) and platform type (iOS/Android) to send you push notifications. We do not collect device model, OS version, or other hardware identifiers.
2.5 Subscription Information
If you subscribe to BackForge AI Pro, payment processing is handled entirely by RevenueCat and the respective app store (Apple App Store or Google Play). We receive webhook notifications about your subscription status (active, expired, renewed) but we do not receive or store your payment card details, billing address, or any financial information.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the BackForge AI service
- Process your text input using AI to extract tasks, follow-ups, and notes
- Power the AI chat assistant that helps manage your productivity
- Execute actions on connected third-party services on your behalf (e.g., creating GitHub issues, Linear tickets)
- Generate and deliver daily briefings of your priorities
- Send push notifications for reminders and due-date alerts
- Manage your subscription status
- Facilitate account deletion upon your request
4. AI Data Processing
BackForge AI uses artificial intelligence to process your text input. This is a core part of how the service works. Here is exactly what happens:
4.1 Text Extraction (OpenAI)
When you capture text, it is sent to OpenAI’s GPT-4o-mini model to extract structured information (task type, title, urgency, due date). OpenAI processes this data under their API data usage policy, which states that API inputs are not used to train their models.
4.2 AI Chat Assistant (Anthropic Claude)
When you use the chat feature, your messages are sent to Anthropic’s Claude model. Anthropic processes this data under their commercial API usage policy, which states that API usage data is not used to train their models. Chat messages are not persistently stored by Anthropic.
4.3 What We Send to AI Providers
- Your text input (what you type into the capture or chat feature)
- Your timezone (for due-date processing)
- Current timestamp
- Names of your connected services (so the AI knows which tools are available)
We do not send your email address, name, credentials, or any other personal information to AI providers.
5. Data Storage and Security
5.1 Where We Store Data
All user data is stored in Supabase (PostgreSQL database) with row-level security. Data is stored on Supabase’s cloud infrastructure.
5.2 Encryption
- Third-party credentials are encrypted using AES-256-GCM (authenticated encryption) before storage. Each credential has a unique initialization vector (IV) and authentication tag.
- Data in transit is protected via HTTPS/TLS for all API communications.
- Authentication is handled by Clerk, which provides industry-standard security practices.
5.3 Data Retention
We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted through a cascading delete operation, including memory items, notifications, credentials, device tokens, and subscription records.
6. Third-Party Services
BackForge AI uses the following third-party services to operate:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, avatar |
| Supabase | Database | All user data (stored encrypted where applicable) |
| OpenAI | Text extraction | User text input, timezone |
| Anthropic | AI chat assistant | Chat messages, timezone, connected service names |
| RevenueCat | Subscription management | User ID, subscription events |
| Upstash QStash | Scheduled notifications | Notification payloads, scheduling data |
| Expo Push Service | Mobile push notifications | Push tokens, notification content |
Each third-party service has its own privacy policy. We encourage you to review their terms.
7. Connected Integrations
When you connect third-party services (GitHub, Linear, Jira, Slack, Notion, Gmail, Google Calendar, Trello, Asana, Todoist, Confluence, Discord), the AI assistant may perform actions on those services on your behalf — such as creating issues, retrieving data, or listing repositories. Actions are only taken when you explicitly interact with the AI, and the AI will always describe what it is doing. Your credentials are decrypted only during the execution of these actions and are never logged or cached in plaintext.
8. Your Rights
You have the right to:
- Access — View all data stored about you through the Memories and Notifications sections of the app
- Delete — Permanently delete your account and all associated data through the app settings or by contacting us
- Disconnect — Remove any connected third-party service integration at any time, which immediately deletes the stored encrypted credentials
- Export — Request a copy of your data by contacting us
9. Children’s Privacy
BackForge AI is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us at: support@loopapp.co