Privacy Policy

Last updated: March 2026

What Forge Is

Forge is a Slack bot that helps software teams by connecting to their GitHub repositories and providing AI-powered project awareness. It is operated by Strand & Stone.

What Data We Access

• Slack messages - Forge reads messages in channels it's invited to, and direct messages sent to it. It uses these to understand project context and respond to questions.
• GitHub repository data - Commits, pull requests, issues, and file contents from repositories you connect. Accessed via GitHub's API.
• Your Anthropic API key - Stored securely on our server. Used solely to make Claude API calls on your behalf. Never shared with third parties.

What We Store

• Workspace configuration - Your Slack workspace ID, linked repositories, and bot tokens.
• Conversation memory - Key facts extracted from conversations (e.g., "team uses React", "deploy target is Fly.io"). These help Forge give better answers over time.
• Channel summaries - Aggregated digests of channel history. We do not store full message history.
• API keys and tokens - Your Anthropic API key and Slack bot tokens, stored on our server.

What We Don't Do

• We do not sell your data to anyone.
• We do not use your data to train AI models.
• We do not share your data with third parties, except Anthropic (via your own API key) and Slack (to post messages).
• We do not store your credit card information. Payments are processed by Stripe.

AI Processing

Forge sends conversation context and project data to Anthropic's Claude API using your own API key. Anthropic's data retention policies apply to those API calls. Forge does not send data to any other AI provider unless you configure one.

AI Model

Forge uses Anthropic's Claude (claude-sonnet-4-6 by default) as its primary language model. A secondary model (claude-haiku-4-5-20251001) is used for lightweight tasks such as memory extraction and event triage. All AI processing is performed via Anthropic's API using your API key.

Accuracy Disclaimer

AI-generated responses may be inaccurate or incomplete. Forge grounds its answers in your actual codebase and conversation history, but outputs should not be treated as authoritative without verification. Always confirm critical information independently.

Data Sent to Anthropic

When Forge responds to a question or generates a brief, it sends relevant context to Anthropic's Claude API. This may include: recent Slack messages from the channel, GitHub commit and PR data, extracted conversation memories, and file contents from connected repositories. Anthropic does not use API data for model training, per their data policies.

Data Storage and Retention

Forge stores extracted key facts ("memories") and project context summaries to provide better answers over time. Full message text is not retained beyond the active session. Conversation memories contain only distilled facts (e.g., "team uses React", "deploy target is Fly.io"), not verbatim messages.

Workspace Isolation

Each workspace's data is fully isolated. Data from one workspace is never accessible to another workspace, never used to improve Forge's AI capabilities, and never shared with third parties beyond the Anthropic API calls made with your own key.

Your API Key

You provide and control your own Anthropic API key (BYOK model). Forge uses this key solely to make Claude API calls on your behalf. You are responsible for your Anthropic account, usage, and associated costs. Your API key is stored server-side and never shared with third parties.

Data Retention

Your data is retained while your workspace is active. If you uninstall Forge from Slack, we delete your workspace data within 30 days. You can request immediate deletion by contacting us.

Security

Data is stored in an encrypted database on our server. Sensitive fields (API keys, tokens) are access-controlled. All connections use HTTPS.

Your Rights

You can request a copy of your stored data or request deletion at any time by contacting us. Uninstalling Forge from Slack will trigger automatic cleanup.

Contact

Questions about this policy? Email us at privacy@strandandstone.com.