Privacy

Last updated: 2026-05-10

What we collect on this site

Nothing beyond what your browser sends to any web server: IP address, user agent, requested URL, response status. These show up in our self-hosted Caddy access logs (kept ≤ 14 days) for diagnostics. No cookies, no analytics, no JavaScript trackers, no third-party scripts.

What the GovForge product collects

Nothing. The CLI (`gf`) and backend run entirely on your machine. SQLite stores your decisions, reviews, and audit log under `.govforge/` in your project. There is no phone-home, no opt-in telemetry, no usage analytics. You can verify by reading the source on GitHub.

GitHub interactions

When you visit our GitHub repository (issues, discussions, releases), GitHub's terms apply. We don't operate or proxy GitHub.

Hosting

The marketing site (govforge.dev) and FastAPI swagger (api.govforge.dev) are self-hosted on infrastructure we operate, fronted by Cloudflare for DNS and TLS termination. Cloudflare's privacy policy applies to that edge layer.

Future tiers

If we ship a paid Team tier (planned Phase 3.1), it will require an account and store the metadata you choose to sync (decisions, reviews, events) — never raw source code. Specifics will be published before that ships and added here.

Contact

Privacy questions: [email protected].