Skip to content

PRIVACY

Privacy policy.

Last updated: 2026-05-14

ForestOps is a local-first product. The orchestration runs on your machine; we keep the minimum we need to operate an account and a subscription. This page describes exactly what crosses that line and why.

1. What we collect

  • Account data, your email address and the password hash we use to authenticate you.
  • Billing data, held by Stripe, mirrored in our database as customer ID, subscription tier, and invoice metadata. We do not store card numbers.
  • Workspace metadata, workspace IDs, names, and the agents and skills you define on them.
  • Job metadata, job IDs, phase change timestamps, role labels, and high-level status (started, completed, failed).
  • Encrypted memory blobs, ciphertext only. We never hold the key. See /security.

2. What stays out of our reach

  • Your source code. It stays on your machine and is read only by the agent process running there. Nothing about it is uploaded.
  • Your model conversations. Traffic to Anthropic, OpenAI, DeepSeek, or any other provider goes directly from your machine to that provider, not through our servers.
  • Your memory in plaintext. We store memory chunks encrypted at rest.
  • Your model API keys in plaintext. We store them encrypted at rest in our database.

3. Why we collect what we do

We collect data for four reasons: authentication, billing, product support, and anonymised product analytics. We do not sell data, and we do not feed your data into third-party advertising networks.

4. Retention

  • Billing data, kept as long as legally required by Stripe and applicable tax regulations (typically 7 years).
  • Job metadata, kept for 90 days after a job completes, then aggregated and the per-job records are deleted.
  • Memory ciphertext, kept as long as you keep your account. Deleted within 30 days of account cancellation.
  • Account data, kept while your account is active. Deleted on request or within 30 days of cancellation.

5. Your rights

You can request a full export of your data at any time, and you can request deletion of your account and all associated records. If you are in the European Economic Area, the United Kingdom, Switzerland, or California, the GDPR / UK-GDPR / CCPA give you additional rights including the right to access, rectify, restrict, port, and object to processing. Write to privacy@forestops.app and we will respond within 30 days.

6. Subprocessors

We use a small set of third-party providers to operate the service. None of them receive your source code or memory plaintext.

  • Stripe, billing, payment processing, invoicing.
  • Resend, transactional email (sign-up, password reset, invoices).
  • Google Cloud Platform, infrastructure (compute, database, object storage).
  • Model providers (Anthropic, OpenAI, DeepSeek, MiniMax, Z.AI, others), only the providers you yourself choose. Your relationship with them is direct; they bill you on their own contracts, not through us.

7. Contact

Questions, requests, or complaints: privacy@forestops.app.

ForestOps is a product of ScoutsCapital. Registered office details available on request.