Privacy Policy

KBForge ("we," "us," or "our") operates the KBForge platform, a developer-first knowledge base SaaS product. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By accessing or using KBForge, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up using a third-party provider (such as GitHub or Google), we receive profile information from that provider.

1.2 Billing Information

If you subscribe to a paid plan (Pro at $49/mo or Enterprise at $199/mo), payment details are collected and processed by Stripe. We do not store your full credit card number on our servers; we retain only a tokenized reference and the last four digits for display purposes.

1.3 User Content

We store the documents you upload, including any segments and tags you create to organize your knowledge base. This content is necessary to provide the retrieval functionality of our service.

1.4 Usage Data

We automatically collect information about how you interact with KBForge, including API call logs, retrieval queries, IP addresses, browser type, operating system, referring URLs, and timestamps. This data helps us improve performance and diagnose issues.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the KBForge service, including document processing, embedding generation, and semantic retrieval.
• To process transactions and manage your subscription and billing.
• To communicate with you about your account, service updates, and support requests.
• To monitor and analyze usage patterns to improve our platform, infrastructure, and user experience.
• To detect, prevent, and address technical issues, fraud, or security threats.
• To comply with legal obligations and enforce our terms of service.

3. Data Storage and Security

Your documents and their generated vector embeddings are stored in a PostgreSQL database with the pgvector extension. All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Document processing tasks are handled by Trigger.dev within our secured infrastructure.

We implement industry-standard security measures including access controls, audit logging, regular vulnerability assessments, and automated backups. While we take reasonable precautions to protect your data, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

KBForge integrates with the following third-party services to deliver its functionality:

4.1 Google Gemini

We use the Google Gemini API to generate vector embeddings of your documents. When you upload a document, its text content is sent to Google's servers for embedding generation. Google's use of this data is governed by Google's Privacy Policy. We recommend reviewing their terms for details on how they handle data processed through their APIs.

4.2 Stripe

We use Stripe to process payments for Pro and Enterprise plans. When you provide payment information, it is sent directly to Stripe's PCI-DSS compliant infrastructure. We do not have access to your full card details. Stripe's handling of your data is governed by the Stripe Privacy Policy.

4.3 Trigger.dev

We use Trigger.dev for background document processing and task orchestration. Document content may pass through Trigger.dev infrastructure during processing workflows.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential cookies: Maintain your authenticated session and remember your preferences. These are necessary for the service to function.
• Analytics cookies: Understand how users interact with our platform so we can improve it. These are optional and can be declined.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the service.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data is retained until you delete your account.
• Documents and embeddings are retained until you delete them or close your account.
• Usage logs are retained for up to 90 days for operational purposes.
• Billing records are retained as required by applicable tax and financial regulations.

Upon account deletion, we will remove your personal data and uploaded content within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently purged.

7. Your Rights

7.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing of your data.
• Restriction: Request that we limit how we use your data.

7.2 GDPR (European Economic Area)

If you are located in the EEA, you have the rights described above under the General Data Protection Regulation. Our legal basis for processing your data includes contract performance (providing the service), legitimate interest (improving our platform), and consent (where applicable). You also have the right to lodge a complaint with your local data protection authority.

7.3 CCPA (California)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. KBForge does not sell your personal information to third parties. To exercise any of these rights, contact us at privacy@kbforge.dev.

8. Children's Privacy

KBForge is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of KBForge after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at: