Legal

Privacy Policy

Last updated: March 9, 2026

1. Introduction

BlockForge Technologies LLC ("BlockForge," "we," "us," or "our") operates the BlockForge platform at my.blockforge.app and the marketing website at blockforge.app (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data transparently and responsibly.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Data Controller

The data controller responsible for your personal data is:

BlockForge Technologies LLC

Wyoming, USA

Email: [Email protected]

3. Information We Collect

3.1 Information You Provide to Us

When you register for an account, subscribe to a plan, or contact us, we may collect:

  • Account information: name, email address, and password (hashed)
  • Billing information: payment details are processed directly by Stripe and are never stored on our servers. We only store a Stripe customer ID and subscription status.
  • Organization information: workspace name, team member email addresses (if you invite others)
  • Communication data: messages, support tickets, and feedback you send us

3.2 Information Collected Through the Service

When you connect WordPress sites to BlockForge, we collect data necessary to provide monitoring, backup, and management services:

  • Site metadata: domain name, IP address, WordPress version, PHP version, server software
  • Plugin and theme data: names, versions, update availability, and vulnerability status
  • Monitoring data: uptime status, response times, SSL certificate details, performance metrics
  • Backup data: database exports, file archives, and backup verification results
  • Security data: file integrity checksums, vulnerability scan results, malware detection results
  • Activity logs: WordPress user actions, plugin activations, content changes (as reported by the connector plugin)
  • SSH connection data: server hostname, port, username, and SSH keys (encrypted at rest) for sites connected via SSH
  • PHP error logs: error messages, file paths, and stack traces from connected sites

3.3 Information Collected Automatically

When you access the Service, we automatically collect limited technical information:

  • Log data: IP address, browser type, pages visited, timestamp, and referring URL
  • Session data: authentication tokens necessary to maintain your login session

We do not use any third-party analytics services, advertising networks, or tracking technologies. We do not set any tracking cookies beyond those strictly necessary for the Service to function.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: operating the platform, performing backups, monitoring uptime, scanning for vulnerabilities, and delivering all features described in our product documentation
  • Account management: creating and managing your account, authenticating your identity, and processing payments
  • Notifications: sending alerts about site downtime, backup failures, security vulnerabilities, SSL certificate expiration, and other events you have configured
  • Support: responding to your inquiries, troubleshooting issues, and providing technical assistance
  • Service improvement: understanding how the Service is used to identify bugs, improve performance, and develop new features
  • Legal compliance: complying with applicable laws, regulations, and legal processes
  • Security: protecting the Service against fraud, abuse, and unauthorized access

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the Service you requested, including account creation, site monitoring, backups, and related functionality
  • Legitimate interests (Art. 6(1)(f) GDPR): processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights
  • Legal obligation (Art. 6(1)(c) GDPR): processing necessary to comply with legal obligations, such as tax and accounting requirements
  • Consent (Art. 6(1)(a) GDPR): where we rely on your consent, you may withdraw it at any time by contacting us at [Email protected]

6. Data Storage and Security

6.1 Infrastructure Location

All data is stored on servers located in the European Union. Our infrastructure is hosted with European data center providers. Backups are stored in dual EU locations for redundancy.

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2+ for all connections
  • Encryption of sensitive data at rest, including SSH keys, API tokens, and backup archives
  • Password hashing using bcrypt with appropriate cost factors
  • Role-based access controls and team permission management
  • Regular security audits and vulnerability assessments of our own infrastructure
  • Automated backup verification to ensure data integrity
  • Isolated Docker containers for staging environments and backup verification

6.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Backups of your WordPress sites are deleted when you remove the site from BlockForge or close your account. Server-side log files are automatically rotated and deleted after 90 days.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We share your information only in the following limited circumstances:

7.1 Service Providers

We use the following third-party service providers who process data on our behalf:

Provider Purpose Data Processed
Stripe, Inc. Payment processing Name, email, payment method, billing address
EU Hosting Provider Infrastructure & data storage All data stored within the Service
Transactional Email Provider Email delivery (notifications, alerts) Email address, notification content

All service providers are contractually bound to process data only as instructed by us and to maintain appropriate security measures.

7.2 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

7.3 Business Transfers

If BlockForge is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

8. International Data Transfers

BlockForge Technologies LLC is incorporated in Wyoming, USA, but all server infrastructure is located in the European Union. Your data is primarily stored and processed within the EU.

Where data is transferred outside the EEA (for example, to Stripe for payment processing), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the recipient's participation in recognized data protection frameworks.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: you may request a copy of the personal data we hold about you
  • Right to rectification: you may request that we correct any inaccurate or incomplete personal data
  • Right to erasure: you may request that we delete your personal data, subject to legal retention requirements
  • Right to restriction: you may request that we restrict the processing of your personal data in certain circumstances
  • Right to data portability: you may request a machine-readable copy of the data you provided to us
  • Right to object: you may object to our processing of your personal data based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority in your jurisdiction

To exercise any of these rights, contact us at [Email protected]. We will respond to your request within 30 days.

10. Cookies

We use only strictly necessary cookies required for the Service to function. These include:

Cookie Purpose Duration
Session cookie Maintains your authenticated login session Session / 2 hours
CSRF token Protects against cross-site request forgery attacks Session
Remember me token Keeps you logged in between browser sessions (optional) 30 days

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. Our marketing website at blockforge.app does not set any cookies.

11. Browser Extension

The BlockForge WordPress Detector browser extension (available for Chrome and Safari) operates entirely on your device. Specifically:

  • All WordPress detection analysis is performed locally using DOM inspection
  • No browsing data, page content, or detection results are sent to BlockForge servers
  • The extension requires only two permissions: activeTab (to read the current page) and storage (to save your dismissed sites and settings)
  • Data is only transmitted when you explicitly click "Add to BlockForge," which opens your dashboard with the site URL as a query parameter
  • Dismissed site preferences are stored locally in your browser and are not synced to any server

12. WordPress Connector Plugin

The BlockForge Connector plugin installed on your WordPress sites communicates with the BlockForge platform to provide monitoring and management capabilities. The plugin:

  • Sends site health data, plugin/theme information, and activity logs to your BlockForge account
  • Receives commands from your BlockForge dashboard (e.g., plugin updates, database operations) authenticated via API keys
  • Does not collect or transmit any end-user data from your WordPress site visitors
  • Does not modify your site's front-end output or inject any tracking scripts
  • Can be deactivated or uninstalled at any time, which immediately stops all data transmission

13. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at [Email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email or through a notice on the Service. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

BlockForge Technologies LLC

Wyoming, USA

Email: [Email protected]