Last updated: January 2026 · BrainFog LLP
We built APIForge to make developers' lives better — not to harvest their data. This policy explains exactly what we collect, why, and how you can control it.
When you connect your GitHub account, we receive your GitHub username, email address, and a list of repositories you explicitly grant access to. We never read repositories you haven't authorised.
We collect usage data — which features you use, how often, and basic performance metrics — to improve the product. This data is aggregated and never sold.
We store the API documentation we generate on your behalf, associated with your account, so you can access it at any time.
We never sell your data to third parties. Ever. Full stop.
We never read your source code beyond what is necessary to generate documentation for the routes you've asked us to analyse.
We never store your GitHub OAuth token beyond the active session. Tokens are used in-memory and discarded.
Your email is used to send you account notifications (approvals, revocations) and, if you opt in, product updates. You can unsubscribe at any time.
Repository data is used solely to generate and serve your API documentation. It is not used for training AI models.
Usage analytics help us understand which features matter most so we can build a better product for you.
Your account data is retained for as long as your account is active. If you delete your account, all associated data — including generated documentation — is permanently deleted within 30 days.
You can request an export of all your data at any time by contacting us at privacy@apiforge.dev.
We use Groq to power AI analysis. Route data sent to Groq is subject to their privacy policy. We send only the minimum necessary code context — never full repository contents.
We use standard cloud infrastructure (database, hosting) with encryption at rest and in transit.
You have the right to access, correct, export, or delete your personal data at any time. Contact us at privacy@apiforge.dev and we'll respond within 48 hours.
If you're in the EU or UK, you have additional rights under GDPR/UK GDPR including the right to object to processing and the right to lodge a complaint with your supervisory authority.
Questions about this policy? Email privacy@apiforge.dev. We're humans, not a legal department — we'll give you a straight answer.