Council Forge ("we," "us," or "our") is operated by Jazvic Corp. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Council Forge platform at councilforge.com (the "Service").
When you sign in via Google or Microsoft OAuth, we receive your name, email address, and profile picture from the authentication provider. We use this information solely to create and manage your account.
When you use the Service, we store the content you create, including:
Council Forge operates on a Bring Your Own Key (BYOK) model. You may provide your own API keys for third-party AI providers (such as OpenRouter, OpenAI, Anthropic, Google Gemini, and others). These keys are encrypted at rest using Fernet symmetric encryption before being stored and are used exclusively for your own requests.
When you connect external services (Gmail, Google Calendar, Microsoft OneDrive), we access only the data necessary to provide the features you enabled. We request only the minimum OAuth scopes required for each service. You can disconnect any service at any time, which revokes our access and removes locally cached data for that service.
We collect aggregate usage metrics such as query counts, feature usage, and response times. This data is stored per-user and is used to enforce subscription limits, display your usage dashboard, and improve the Service.
We use your information to:
We do not use your content to train AI models. We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not display advertisements in the Service.
Every user receives a dedicated, isolated storage directory. Your conversations, agents, knowledge bases, email data, calendar data, meeting recordings, financial data, analytics, and preferences are stored separately from all other users. No other user can access your data, and the platform administrator can only view aggregate metrics (total users, request counts, error rates) — not your individual content.
Your API keys are encrypted at rest using Fernet symmetric encryption. Authentication sessions use JWT tokens stored in httpOnly cookies. All data in transit between your browser and our servers is encrypted via TLS (HTTPS).
The Service is hosted on a dedicated virtual private server located in Ashburn, Virginia, United States, provided by Hetzner Online GmbH. All user data is stored on this server.
When you submit queries, your prompts and context are sent to third-party AI model providers (such as OpenAI, Anthropic, Google, and others) via OpenRouter or direct API connections. These providers process your queries according to their own privacy policies and data handling practices. When using BYOK, your API keys are sent directly to these providers to authenticate requests on your behalf.
If you connect Gmail, we request the gmail.modify scope, which allows reading, sending, drafting, labeling, archiving, and trashing emails. We do not request access to permanently delete emails. If you connect Google Calendar, we request the calendar scope for reading and managing your calendar events. If you connect Google Drive (when available), we request only the drive.file scope, which limits access to files you explicitly select or create through the Service. We do not have broad access to browse your entire Drive.
If you connect Microsoft OneDrive, we request Files.ReadWrite and User.Read scopes via Microsoft Graph API for file management.
The Service may integrate with additional third-party services such as Tavily (web search), Pexels and Pixabay (stock images), and Napkin AI (visual generation). These services are invoked only when you use features that require them.
Your data is retained for as long as your account is active. AI agent execution logs are subject to configurable retention periods (default: 90 days for user-created agents, 7 days for system agents). If you delete your account, all data in your isolated storage directory is removed. You can disconnect external service connectors at any time, which revokes OAuth tokens and removes cached data for that service.
You have the right to:
We implement the following security measures:
The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Jazvic Corp
Email: [email protected]
Website: https://councilforge.com