FORGION - Privacy Policy

Effective Date: August 10, 2025
Last Updated: August 10, 2025

This Privacy Policy explains how Atlantis Built, LLC (maker of the FORGION app) ("FORGION," "we," "us") collects, uses, discloses, and protects personal information when you use the FORGION app, website(s), and related services (the “Service”). Capitalized terms not defined here have the meanings in the Terms of Service.

By using the Service, you consent to the practices described in this Policy. If you do not agree, do not use the Service.

1. Information We Collect

Account & Identity: email address, username, authentication tokens, and hashed password (if applicable).
Profile & App Data: goals, quests, milestones, tasks, streaks, stats, progress, preferences, messages, and AI mentor interactions.
Device & Usage: app version, device type, OS, language, time zone, IP‑derived general location, crash logs, performance metrics.
Subscription & Payments: subscription status, plan, renewal dates, and limited transaction metadata from Apple/Google or other processors; we do not store full payment card numbers for in‑app purchases.
Communications: emails and support requests.
Cookies/Tracking (web): cookies, local storage, and similar technologies for authentication and analytics.

Sensitive Categories (Important): We do not intend to collect Protected Health Information (PHI) under HIPAA, clinical records, or other special‑category data (e.g., precise medical history, biometric identifiers beyond basic device data). Do not submit medical records or emergency information to the Service. FORGION is not a covered entity or a business associate under HIPAA. If you choose to enter wellness information (e.g., weight, reps, habits), you do so voluntarily for personal tracking.

2. Sources of Information

Sources of Information

  • Directly from you (when you create an account, set goals, complete quests, or contact support).

  • Automatically through your use of the Service (device logs, analytics).

  • From third‑party partners (e.g., app stores for subscription status; analytics or crash reporting providers).

3. How We Use Information (Purposes & Legal Bases)

We use information to:

  1. Provide and secure the Service, including authentication, account management, and content delivery. (Legal bases: contract, legitimate interests)

  2. Operate and personalize Features like LegendPath, quests, streaks, and AI mentors; tailor content, recommend features, and present offers/upsells/cross‑sells relevant to your use. (Contract, legitimate interests, consent where required)

  3. Process subscriptions and payments and verify entitlements. (Contract, legal obligations)

  4. Analyze and improve the Service, fix bugs, and prevent abuse/fraud; generate aggregated and de‑identified insights. (Legitimate interests)

  5. Communicate with you, including transactional messages and, with consent where required, marketing communications (you can opt out at any time). (Contract, consent, legitimate interests)

  6. AI processing: to generate responses and suggestions, we send prompts and context to AI providers acting under contract; where our agreements and settings permit, we instruct providers not to use your personal data to train their models. (Contract, legitimate interests)

  7. Comply with law and enforce our Terms. (Legal obligations, legitimate interests)

4. Sharing & Disclosure

Sharing & Disclosure We do not sell personal information. We share with:

  • Service Providers (data hosting, analytics, crash reporting, messaging, AI processing, payment processing, customer support) under contracts requiring confidentiality and appropriate safeguards. Examples may include Supabase (hosting/auth), OpenAI (AI processing), Superwall/RevenueCat (subscription entitlements), Mixpanel (analytics), Firebase/OneSignal (notifications), Apple/Google (app stores).

  • Legal & Safety: to comply with law, valid legal requests, or to protect users, the public, or FORGION.

  • Business Transfers: in connection with a merger, financing, acquisition, or dissolution.

5. International Transfers

We may transfer, store, and process information in countries outside your own. Where required, we use recognized safeguards (e.g., Standard Contractual Clauses for EEA/UK data) and take steps to protect your information.

6. Data Retention

We retain information as long as necessary to provide the Service and for legitimate business needs (e.g., security, legal compliance). We delete or anonymize data when no longer needed. Backups may persist for a limited time.

7. Security

We implement technical and organizational measures appropriate to the risk, including Row Level Security (RLS), access controls, encryption in transit, monitoring, and backups. No method of transmission or storage is 100% secure. You are responsible for maintaining your account security.

8. Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing. You can also withdraw consent where applicable. To exercise rights, email support@forgion.com. We may verify your identity and respond within required timeframes.

Marketing & Communications. You can opt out of marketing emails via the unsubscribe link in any email or in Settings → Notifications/Email Preferences. You can control push notifications in your device OS settings and in‑app. Even if you opt out of marketing, we may still send transactional messages (e.g., receipts, critical service alerts).

California (CCPA/CPRA): You have the right to know, delete, correct, and opt out of sale/share of personal information. We do not sell personal information and we do not share it for cross‑context behavioral advertising. You may designate an authorized agent by emailing support@forgion.com.
Virginia (VCDPA): If you are a Virginia resident, you have similar rights to access, correct, delete, and opt out of targeted advertising or sale; we do not sell personal data. You may appeal a rights request denial by emailing support@forgion.com with “VCDPA Appeal” in the subject.

9. Children’s Privacy

Children’s Privacy The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

10. Third‑Party Links & Services

The Service may link to third‑party websites or services. We are not responsible for their privacy practices. Review those policies separately.

11. Changes to this Policy

We may update this Policy. We will post the updated version with an updated “Last Updated” date and, where required, notify you of material changes.

12. Contact Us

Atlantis Built, LLC (maker of the FORGION app)
General correspondence: support@forgion.com
Legal notices / service of process: Our Registered Agent on file with the Virginia State Corporation Commission (SCC). We will provide the full mailing address upon request from parties with a legitimate legal need.