LEGAL · PRIVACY
Privacy Policy
This Privacy Policy describes how FORGED ("FORGED," "we," "us") collects, uses, and protects information when you use the FORGED Service. We take privacy seriously — particularly because the Service involves health, body composition, and (for some clients) bloodwork data.
1. Information We Collect
Account information
When you create an account, we collect your name, email address, and a hashed password. If you provide them, we also collect your phone number, date of birth (to verify the 18+ requirement), and basic profile information.
Health and fitness information
To deliver personalized coaching, we collect information you provide during intake and on an ongoing basis, including:
- Training history, current programming, and equipment access;
- Nutrition history, dietary preferences, and food restrictions;
- Body composition data (weight, measurements, progress photos);
- Sleep, stress, recovery, and lifestyle context;
- Self-reported supplements, medications, and (where applicable) enhanced-athlete protocols;
- Bloodwork results that you upload or transcribe (where applicable);
- Goals, competition dates, and other context relevant to coaching.
This information is sensitive. We treat it accordingly — see Section 5 (Security) below.
Payment information
Payment processing is handled by Stripe, Inc. FORGED does not store full payment card numbers. We retain billing-related metadata (last four digits, billing address, transaction history, subscription status) for accounting, fraud prevention, and customer-service purposes.
Communications
Messages you send to FORGED staff or our AI coaching system are stored to provide continuity of service. This includes text messages, in-app chats, emails, and check-in submissions.
Usage and technical data
Like most online services, we collect basic technical information including IP address, browser/device type, operating system, pages visited, features used, timestamps, and similar usage data. We use this for security, debugging, and product improvement.
2. How We Use Your Information
- To provide the Service: Generate your training and nutrition plans, deliver weekly updates, interpret bloodwork for educational purposes, and operate the platform.
- To improve the Service: Analyze aggregated and de-identified data to refine our methodology, content, and tooling. We do not use identifiable client data to train third-party AI models.
- To communicate with you: Send service-related notifications, account confirmations, billing notices, and (with your consent or where permitted) marketing communications.
- To ensure safety: Detect and prevent fraud, abuse, and violations of our Terms; protect the safety of clients and staff.
- To comply with law: Respond to lawful legal process, enforce our agreements, and protect rights, property, and safety.
3. How We Share Your Information
We do not sell your personal information. We share it only as described below.
Service providers
We use trusted third-party vendors to operate the Service. These providers receive only the information necessary to perform their function and are contractually required to protect it. Current core providers include:
- Supabase — database and authentication infrastructure;
- Stripe — payment processing;
- Anthropic — AI model provider for coaching responses (data is processed under enterprise data terms; not used for model training);
- Resend — transactional email delivery;
- Twilio — SMS notifications (where applicable);
- Netlify — web hosting.
Affiliated medical partner
FORGED's founder has an ownership interest in Ignite Health & Wellness, LLC, an independent Florida telehealth medical practice. When your bloodwork results or other health information indicate that physician consultation is appropriate, FORGED may surface Ignite as one recommended option alongside the general recommendation to consult any licensed physician of your choosing. If you elect to use Ignite, FORGED does not automatically share your data with them — you would create a separate Ignite account and provide your information through Ignite's own intake process, governed by Ignite's privacy policy.
Legal and safety
We may disclose information when required by law, valid legal process, or when we reasonably believe disclosure is necessary to protect the rights, property, or safety of FORGED, our clients, or the public.
Business transfers
If FORGED is involved in a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.
4. Data Retention
We retain your account information and User Content for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion of your data at any time by emailing hello@trainforged.org; we will honor verified requests within 30 days, subject to legal retention requirements.
5. Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption at rest on our database infrastructure, access controls limiting staff access to client data on a need-to-know basis, and routine security review.
No system is perfectly secure. You are responsible for protecting your account credentials and notifying us immediately of any suspected unauthorized access.
6. HIPAA Notice
FORGED is not a HIPAA "covered entity" and is not subject to HIPAA's regulatory requirements. However, because we routinely handle health-related information, we apply HIPAA-aligned practices to data security, access controls, and confidentiality where reasonably practical. If you require formal HIPAA compliance for any reason, the Service may not be appropriate for you.
7. Your Choices and Rights
You have the right to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Request deletion of your data, subject to legal retention requirements;
- Export a copy of your data in a portable format;
- Opt out of non-essential marketing communications.
To exercise any of these rights, contact hello@trainforged.org. We may need to verify your identity before honoring requests.
8. Florida and Other State Privacy Rights
Residents of Florida, California, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws may have additional rights regarding their personal information under applicable state law, including the right to know what categories of information we collect, the right to opt out of certain processing, and the right to non-discrimination for exercising these rights. To exercise any state-specific right, contact us at the email above and identify your state of residence.
9. Cookies and Tracking
The FORGED marketing site uses minimal cookies — primarily a session cookie to maintain your login state on the portal. We do not currently use third-party advertising trackers or cross-site behavioral tracking.
10. Children's Privacy
The Service is not intended for, marketed to, or designed for individuals under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a minor, we will delete it. Contact us if you believe a minor has provided us information.
11. International Users
FORGED is operated from the United States. By using the Service, you understand that your information will be processed in the United States, which may have data protection laws different from those of your country.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notice. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
Questions, requests, or concerns about privacy? Contact: