# ⚠️ DRAFT — LEGAL REVIEW REQUIRED BEFORE PUBLISHING ⚠️

> **Do NOT publish to `meetforge.ai/privacy.html` until reviewed by counsel.**
> Open questions for the lawyer are in `~/operator/meetforge/legal/LEGAL-REVIEW-CHECKLIST.md`.

---

# Privacy Policy — MeetForge AI
**Last updated:** 2026-05-25 · Effective immediately for all customers and prospects (UPON PUBLICATION).
**Status:** 🟡 DRAFT — pending Roman + counsel review before publication at `meetforge.ai/privacy.html`.
**Aligned with:** MeetForge V2 doctrine (form-only signup, no sales calls, no human in the prospect-facing loop).

---

## 1. Who we are

MeetForge AI ("MeetForge", "we", "us") is a managed AI-SDR service operated by NightEdge Inc., 6160 Warren Pkwy Ste 100 #1234, Frisco TX 75034, USA. Roman Getmanenko is the Founder + Data Controller.

Contact:
- Privacy inquiries: `privacy@meetforge.ai`
- General: `hello@meetforge.ai`
- Data Protection Officer (acting): Roman Getmanenko

## 2. What this policy covers

This policy covers:
- Information we collect from **customers** (businesses that subscribe to MeetForge).
- Information we collect from **website visitors** to `meetforge.ai`.
- Information we **process about prospects** as data processor on behalf of customers (the "cold outbound" emails we send on customer behalf).

This policy does **not** cover information collected by third-party tools we integrate with (Stripe, Apollo, Clay, Instantly, Resend, Google Workspace) — see their respective privacy policies for handling at those layers.

---

## 3. Customer data (what we collect from businesses that subscribe)

When you subscribe to MeetForge via the Free Growth Audit form or paid signup, we collect:

| Category | Examples | Why we need it | How long we keep it |
|----------|----------|----------------|---------------------|
| Identity | Name, business email, business name, business URL | Account creation, billing | Lifetime of account + 7 years for tax/audit |
| Billing | Stripe customer ID, last-4 card digits, billing address | Payment processing (Stripe stores actual card data) | Lifetime of account + 7 years for tax/audit |
| Business context | ICP definition, sales process, ACV range, target titles | Configure your outbound campaigns | Lifetime of account |
| Usage | Login times, feature usage, support interactions | Improve service, debug issues | 24 months from last activity |
| Communications | Emails to/from us, support tickets | Customer service record | 24 months from last interaction |

**Lawful basis (GDPR):** Contract (Art. 6(1)(b)) — processing is necessary to provide the service you signed up for.

---

## 4. Website visitor data (what we collect from `meetforge.ai` traffic)

We use:
- **Plausible Analytics** (privacy-friendly, no cookies, EU-hosted) — page views, referrer, country (not city), device class. No personal identifiers.
- **Google Analytics 4** (`G-Y3T3GCMCF7`) — for legacy parity. We do not enable demographic features or signals.
- **Form submission data** — when you complete the Free Growth Audit form at `meetforge.ai/free-audit`, we collect the fields you submit (business name, email, ICP, etc.).
- **Cookies** — only essential cookies (session) and Google Analytics. No advertising cookies. No third-party trackers.

You can opt out of Google Analytics via [Google's opt-out tool](https://tools.google.com/dlpage/gaoptout).

**Lawful basis (GDPR):** Legitimate interest (Art. 6(1)(f)) — basic web analytics for service improvement.

---

## 5. Prospect data (when we send cold outbound on customer behalf)

When a customer's MeetForge campaign sends a cold email to a prospect, we (as data processor) handle:

| Category | Source | Purpose | Retention |
|----------|--------|---------|-----------|
| Prospect business email | Apollo, Clay (third-party B2B data providers) | Send outbound email | 12 months from last campaign use or unsubscribe (whichever first) |
| Prospect name, title, company | Same | Personalization | Same |
| Prospect company domain, industry | Same | ICP-fit validation | Same |
| Reply content (if prospect replies) | The reply itself | Classify intent, draft response | 12 months from reply date |
| Unsubscribe records | Reply parsing or one-click unsubscribe | Honor unsub request (CAN-SPAM compliance) | **Indefinite** — for compliance |

**Lawful basis (GDPR for prospect data):** Legitimate interest (Art. 6(1)(f)) for B2B prospecting, balanced against the prospect's right to object via the unsubscribe link present in every outbound email.

**CAN-SPAM (US):** All outbound emails include (i) a valid physical postal address (6160 Warren Pkwy Ste 100 #1234, Frisco TX 75034, USA), (ii) accurate sender identification, (iii) a working one-click unsubscribe link, (iv) honor unsubscribe within 10 business days (we honor in <1 hour via automated suppression list).

**CASL (Canada):** We do not knowingly send to Canadian recipients without express or implied consent under Canadian Anti-Spam Legislation. If we send to a Canadian prospect, the customer is responsible for confirming consent basis (typically: existing business relationship within 24 months, or publicly-listed business contact).

**GDPR (EU/UK):** Customers send to EU/UK prospects at their own risk. We process EU/UK prospect data as a data processor; the customer (controller) must establish lawful basis. We recommend customers consult counsel before targeting EU/UK prospects.

---

## 6. What we DO NOT do

- ❌ We do **not** sell, rent, license, or trade prospect or customer data.
- ❌ We do **not** share customer data with third parties except service providers strictly necessary to run the service (Stripe, Apollo, Clay, Instantly, Resend, Google Workspace, n8n).
- ❌ We do **not** train any AI models on prospect or customer data — all AI processing uses providers' transient API calls (OpenAI, Anthropic) that do not retain inputs (per provider terms).
- ❌ We do **not** use prospect data to target prospects across customers (a prospect for Customer A is not shown to Customer B).
- ❌ We do **not** use cookies for advertising or cross-site tracking.

---

## 7. Your rights

### Customer rights
- Access, correct, delete your account data at any time via `privacy@meetforge.ai`.
- Export your data (CSV) at any time.
- Cancel subscription instantly; your data is retained for legal/tax purposes for 7 years post-cancellation, then deleted.

### Prospect rights (GDPR/CCPA)
- **Right to know what we have:** email `privacy@meetforge.ai` with your email address; we respond within 30 days.
- **Right to delete:** email `privacy@meetforge.ai` requesting deletion; we delete within 30 days, except records required for CAN-SPAM compliance (the unsubscribe entry itself).
- **Right to object to processing:** click the unsubscribe link in any email, or email `privacy@meetforge.ai`.
- **Right to data portability (GDPR):** request a copy in JSON via `privacy@meetforge.ai`.

### California residents (CCPA)
- We do not "sell" personal information as defined by CCPA. No "do not sell my data" link is required.
- You may request access or deletion via `privacy@meetforge.ai`.

---

## 8. Subprocessors

We use the following subprocessors:

| Subprocessor | Purpose | Location | Notes |
|--------------|---------|----------|-------|
| Stripe | Payment processing | US, EU | Customer billing data only |
| Apollo | B2B prospect data | US | Prospect identity data |
| Clay | Enrichment + personalization | US | Prospect identity data |
| Instantly | Cold email delivery infrastructure | US | Prospect identity + email send/reply records |
| Resend | Transactional email (welcome, refund notification) | US | Customer email address only |
| n8n Cloud | Workflow orchestration | EU (Frankfurt) | All processing flows through here |
| Google Workspace | Email infrastructure (sender mailboxes) | US, EU | Email send records |
| OpenAI | Reply classification (transient, no training on inputs) | US | Reply content (transient) |
| Anthropic | Same | US | Same |
| DigitalOcean | Compute hosting (n8n self-hosted droplet, snapshot storage) | US (NYC1) | All n8n flows process through here |
| Namecheap | Domain registration + DNS | US | Domain-level metadata only |
| Cloudflare | DNS, CDN, edge protection | Global | No content, just network routing |
| Plausible Analytics | Privacy-first web analytics | EU (Frankfurt) | Aggregated, no personal identifiers |
| Google Workspace | Sender mailbox infrastructure | US, EU | Email send records |
| Google Analytics 4 | Legacy web analytics | US | IP-anonymized; opt-out supported |

We update this list within 30 days of any subprocessor change.

---

## 9. International transfers

We are US-based. EU/UK customer data transfers to the US under Standard Contractual Clauses (SCCs). Customers in the EU/UK who wish to review our SCC implementation can email `privacy@meetforge.ai`.

---

## 10. Security

- All data in transit is TLS 1.2+.
- All data at rest is encrypted (AES-256 via the underlying provider — Stripe, n8n Cloud, Google Workspace).
- We use industry-standard access controls (MFA on admin accounts, principle of least privilege).
- Subprocessors are SOC 2 Type II or equivalent (we monitor).
- We have not had a data breach as of this policy date. In the event of a breach affecting personal data, we will notify affected parties within 72 hours per GDPR and applicable state law (e.g. Texas business notification, California SB 1386).

---

## 11. Children

MeetForge is a B2B service and not directed at anyone under 18. We do not knowingly collect data from children. If we learn we have, we will delete it within 30 days.

---

## 12. Changes to this policy

Material changes are emailed to active customers and prospects on our suppression list (so unsubscribed parties get notice of changes) at least 14 days in advance. Non-material changes (typo fixes, subprocessor list updates) are posted to this page with an updated "Last updated" date.

---

## 13. Contact

Email `privacy@meetforge.ai` for any privacy question. We respond within 7 business days for general inquiries and within 30 days for GDPR / CCPA rights requests.

For specific questions:
- **Customer data:** `privacy@meetforge.ai`
- **Prospect data:** `privacy@meetforge.ai`
- **Subprocessor list:** `privacy@meetforge.ai`
- **DPO:** Roman Getmanenko, `roman@nightedge.io`

---

**Effective date:** 2026-05-24
**Maintained at:** `meetforge.ai/privacy.html`
**Repository:** `~/operator/meetforge/legal/privacy-policy.md`