Legal

Privacy Policy

Effective date: April 19, 2026 · Last updated: April 19, 2026

This Privacy Policy describes how DropForge (“we,” “us”) — operated by Apex Intelligence — collects, uses, and shares information when you use our service. DropForge is a batch video editor for TikTok Shop and Instagram Shop creators.

1. The short version

  • Your videos stay on your device. Video files are never uploaded to our servers. All processing happens in your browser via FFmpeg.wasm.
  • We collect the minimum we need to run auth, billing, and the AI hook generator.
  • We never sell your data. Period.
  • You can delete your account and your data any time from the app, or by emailing us.

2. What we collect

Account information

  • Email address (required for sign-up).
  • Password, stored as a hash (never plaintext).
  • Display name — optional; you set this during onboarding.
  • TikTok profile basics if you sign in with TikTok (display name, profile picture, account ID) — used only to personalize the in-app UI.

Content you create in-app

  • Product details you type in (product name, category, key benefit, target customer).
  • Hook texts generated by our AI, including hooks you edit or replace manually.
  • Batch metadata (status, creation date, video count, selected overlay style, selected sound ID).
  • Rendered frame samples from your first uploaded video — captured locally and sent to the AI model provider only during auto-detect. See §4 below.

We do not store the video files themselves. We do not receive copies of your videos on our servers at any point.

Billing information

  • Subscription tier, status, trial dates, billing period.
  • Stripe customer ID + subscription ID. Your card number, CVV, and billing address are stored by Stripe — we never see or store them.

Usage information

  • Product analytics via PostHog: which pages you visit, which features you use, error events. We don’t record session replays of your screen by default.
  • Daily counters for hook generation quota (how many hooks you’ve generated per day).
  • Request logs including IP address and user-agent (retained for 30 days for security and debugging).

3. How we use your information

  • Provide the service:authenticate you, run the AI hook generator, render previews, track your usage against your plan’s quota.
  • Process payments: bill you on the schedule you selected via Stripe.
  • Send transactional email:confirmation, magic link, password reset, billing receipts. We don’t send marketing email without opt-in consent.
  • Improve the product: aggregated and anonymized usage trends inform what we build next.
  • Security and fraud prevention: detect abuse, quota bypass, or account takeover attempts.

4. How AI auto-detect handles your content

When you upload your first video in a batch, DropForge extracts a handful of still frames (usually 2–3 JPEGs, each downscaled to 1280px) and sends them to our AI provider (Anthropic) to identify the product category, brand name (if visible), key benefit, and target customer.

Anthropic processes those frames to generate the response and does not use them to train models. Anthropic retains API inputs for a short period (usually 30 days) for abuse monitoring and deletes them afterward. No video file leaves your device — only the still frames used for analysis.

The hook-generation feature sends the text fields you’ve entered (product name, benefit, category, etc.) — not video content — to Anthropic for copywriting. Same retention terms apply.

5. Third parties who process your data

DropForge uses the following subprocessors. Each handles data under their own privacy terms:

  • Supabase — database, authentication, session cookies. Stores all account and batch metadata.
  • Anthropic — AI hook generation and video frame analysis. Receives your product text fields and extracted frames.
  • Stripe — subscription billing and payment processing. Holds card data.
  • Vercel — application hosting. Serves the DropForge website, logs request metadata for up to 30 days.
  • Resend — transactional email delivery (via Supabase SMTP). Receives your email address and the email body we send you.
  • PostHog — product analytics. Receives pseudonymous usage events.
  • TikTok — only if you sign in with TikTok; we receive your basic profile info from their OAuth flow.

We do not share your data with advertisers, data brokers, or third parties outside this list.

6. Data retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion, except where we need to retain it for legal reasons (e.g. tax records).
  • Batches and AI generation logs: retained for 90 days after last activity, then deleted.
  • Billing records: retained for 7 years per tax law.
  • Request logs: retained for 30 days.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccuracies in that information.
  • Delete your account and associated personal information.
  • Export your data in a machine-readable format (portability).
  • Object to or restrict certain processing (including opting out of analytics).
  • Withdraw consent for processing that relies on consent.
  • Lodge a complaint with a data protection authority (if in the EU/UK).

To exercise any of these rights, email hello@dropforge.world. We’ll respond within 30 days.

California residents (CCPA):you also have the right to know what personal information we’ve collected about you, what we’ve shared, and to opt out of any sale of personal information. We don’t sell personal information.

8. Cookies and similar tech

We use cookies for authentication (keeping you signed in), CSRF protection, and remembering your in-progress batch state. We use localStorage and IndexedDB to store draft batches locally in your browser so a tab refresh doesn’t lose your work.

We use PostHog for product analytics, which sets an anonymous identifier cookie. You can opt out in your account settings (or by disabling JavaScript, which also disables the analytics).

9. Children

DropForge is not intended for children under 13. We don’t knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email us and we’ll delete it.

10. International data transfers

DropForge is operated from the United States. If you use DropForge from outside the US, your data will be transferred to, stored in, and processed in the US. Our subprocessors may process data in other jurisdictions as well. Where required, we rely on standard contractual clauses or equivalent mechanisms to protect international transfers.

11. Security

We take reasonable steps to protect your information: TLS for data in transit, encryption-at-rest on Supabase databases, password hashing, limited access controls, row-level security policies on user data. No system is perfectly secure. If we become aware of a breach affecting your data, we’ll notify you consistent with applicable law.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we’ll notify you by email and post a notice in the app before the changes take effect. The “Last updated” date at the top reflects the most recent revision.

13. Contact

Questions about privacy? Email hello@dropforge.world. For GDPR or data protection matters, reach us at the same address with subject line “Privacy request.”