Privacy
Notice
This notice explains what data ApifyForge collects, how it is used, where it is stored, and your rights regarding that data.
Effective date: March 27, 2026
1. Data we collect
OAuth identity
When you sign in with GitHub or Google, we receive your name, email address, and profile avatar from the OAuth provider. This data is used solely to identify your dashboard session.
Computed analytics
The ApifyForge CLI runs on your machine, queries the Apify API using your local token, and uploads computed results to your dashboard. These results include revenue figures, success rates, quality scores, and fleet health metrics — all derived from Apify API metadata, not from your scraped data.
Payment information
If you purchase featured listings or other paid features, payment is processed by Stripe. ApifyForge does not store credit card numbers or bank details. Stripe provides us with a transaction reference and billing email only.
2. Data we do NOT collect
- ✗Apify API token — your token stays on your local machine in your environment variable or .env file. It is never transmitted to or stored by ApifyForge.
- ✗Dataset items — the actual data your actors scrape (which may contain PII) remains on Apify's infrastructure. ApifyForge reads dataset metadata (item counts, schema info) only.
- ✗Actor source code — your code, repository contents, and build artifacts are not accessed.
- ✗Actor secrets and environment variables — configuration secrets stored in your Apify actor settings are not read by ApifyForge.
3. How data is stored
Your OAuth identity and computed analytics are stored in a PostgreSQL database. Analytics data is cached to keep the dashboard responsive and is refreshed at regular intervals.
When you disconnect your account (Settings → Sign Out), all cached analytics data associated with your account is purged. If you reconnect later, everything is pulled fresh — no previous data is restored.
4. Third-party services
DNS, CDN, and Web Application Firewall (WAF). Cloudflare processes request metadata (IP addresses, headers) to serve and protect the site.
Used for dashboard sign-in. Provides your name, email, and avatar. No repository access is requested.
Alternative sign-in option. Provides your name, email, and avatar. No other Google data is accessed.
Payment processing for featured listings and paid features. ApifyForge receives a transaction reference and billing email only — no card or bank details.
5. AI systems disclosure
ApifyForge does not train, host, or run its own AI/ML models. There is no first-party model inference.
Two features use external large language model (LLM) APIs:
- LLM Optimizer — sends actor metadata (title, description, README) to an external model API to generate optimization suggestions. Used only when you explicitly run the tool.
- Actor Recommender — sends your plain-text query to an external model API to match it against the actor catalog. Used only when you submit a recommendation request.
No data is sent to AI providers in the background or without your explicit action. Your scraped data (dataset items) is never sent to any AI provider.
6. Cookie policy
ApifyForge uses a minimal cookie footprint. The only cookie set is an authentication session cookie required for your dashboard sign-in to persist across page loads.
ApifyForge does not use tracking cookies, advertising cookies, or third-party analytics cookies. There are no cookie consent banners because there are no non-essential cookies to consent to.
7. Data retention and deletion
While connected: Your OAuth identity is stored for the duration of your account. Computed analytics are cached and refreshed at regular intervals.
On disconnect: When you sign out or disconnect your account, all cached analytics data is purged from the database. Your dashboard resets to its initial empty state.
Account deletion: To delete your account and all associated data, email [email protected] with your request. We will confirm deletion within 30 days. Disconnecting from ApifyForge has zero impact on your Apify account — your actors, runs, and datasets are completely unaffected.
8. Your rights under GDPR
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data. Disconnecting your account automatically purges cached analytics.
Request restriction of processing in certain circumstances.
Request your data in a structured, machine-readable format.
Object to processing of your personal data for specific purposes.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
9. Contact
For questions about this privacy notice, data handling, or to exercise your rights, contact us at [email protected].
For technical details about our security architecture, see the Security & Data Handling page.