Security & Data Handling
Engineering data is sensitive: drawings, tolerances, and failure analyses describe products before they exist. This page states plainly what ForgePilot stores, what it never stores, who processes it, and how to get your data out. If your procurement team needs something not covered here, write to us.
Never stored
Ad hoc file uploads
Files uploaded for a one-off analysis are processed in memory and discarded after the response. They are never written to disk unless you explicitly save them to a Project.
Model training on your data
Your prompts, files, and results are not used to train AI models. Our AI provider processes API requests without training on them.
Payment card details
We do not currently process payments in-app and never store card numbers.
Stored, encrypted, yours to delete
Account details
Name, email, and authentication data, managed by Clerk. We never see or store your password.
Chats, analyses, and calculator runs
Saved to your account so you can return to them. Delete any thread from the workspace at any time.
Project files you explicitly save
Files you upload to a Project, and reports you save to cloud storage, are kept in a private, access-controlled bucket until you delete them.
Team membership and attribution
For team workspaces: who belongs to the team and who ran each analysis.
How data is protected
In transit: all traffic is encrypted with TLS. There are no unencrypted endpoints.
At rest: stored data lives in Supabase, which encrypts databases and file storage at rest. Project files sit in private buckets that are never publicly accessible.
Access control: every request is authenticated server-side. Plan checks, usage limits, and file access are verified on the server on every call; nothing security-relevant trusts the client.
Team isolation: team workspaces are scoped so members only see their team's projects. Personal projects stay personal even for team members.
Subprocessors
The services that process data on ForgePilot's behalf. Each maintains its own independent security certifications (SOC 2 and/or ISO 27001).
Vercel
Web application hosting and CDN
Railway
API backend hosting
Supabase
Database and file storage (encrypted at rest)
Clerk
Authentication and account management
OpenAI
AI processing of analysis requests via API
Resend
Transactional email delivery
Straight answers for procurement
Certifications: ForgePilot does not yet hold its own SOC 2 or ISO 27001 certification. We are an early-stage company and say so plainly. Our infrastructure providers are certified, and formal certification is on our roadmap as the team grows.
SSO / SAML: available for enterprise deployments on request, through our authentication provider.
Data processing agreement: available on request for team and enterprise customers.
Export or delete your data: email patilavaneesh2@gmail.com from your account address and we will export or permanently delete your data within 30 days. You can also delete individual threads, files, and projects directly in the workspace.
Full details on data collection and your rights are in the privacy policy. How we verify our engineering math is on the validation page.