Privacy Policy

Applies to personal data and project data processed by the marketplace, mobile/API consumers, admin console, pipeline workers, and observability systems.

Draft privacy policy for accounts, projects, generated files, audit events, telemetry, AI processing, and deletion requests.

The platform may process account identity, role, session metadata, project intake fields, business goals, technical stack, integrations, uploaded files, generated deliverables, project messages, audit events, payment/order metadata, logs, metrics, and launch evidence.

Sensitive secrets, credentials, production keys, regulated records, and unnecessary personal data should not be uploaded unless production controls and a written agreement are in place.

Project content may be used by DesirForge AI agents to scope, plan, generate, test, document, and review deliverables. AI processing is part of the core service experience.

The platform should not use customer project data for unrelated training or analytics unless a separate policy and consent workflow is approved.

Access control, audit logging, CSRF/origin protection, rate limiting, file scanning contracts, and operational reports are part of the platform control model.

Retention defaults are documented in the Data Retention Policy. Deletion requests, backups, logs, and legal hold workflows require additional production procedures.

Local/demo mode may seed demo users and projects.

Operational telemetry should avoid raw secrets, credentials, payment credentials, or sensitive customer content.

Third-party processors must be documented before public production.

Data processor inventory is incomplete.

Deletion workflow is documented but not fully irreversible.

Attorney and privacy review remain required.