Legal · Forge I/O

Privacy Policy

Effective date: March 9, 2026  ·  FixitFirst Privacy Policy →

1. Who We Are

Forge I/O is operated by ForgeSights ("we," "us," or "our"), an independent software developer. You can reach us at privacy@forgesights.com.

This Privacy Policy applies to the Forge I/O iOS application and the forgeio-daemon Mac software (collectively, "Forge I/O" or "the App") and describes how we collect, use, and disclose information when you use Forge I/O.

2. The Short Version

Forge I/O connects your iPhone to your Mac over an end-to-end encrypted relay. All terminal output is encrypted on your Mac before it reaches our relay server — we cannot read it. The only piece of personally identifying infrastructure we handle is your Apple Push Notification service (APNS) token, which is stored transiently in memory solely to deliver approval notifications to your phone. No user accounts. No permanent server-side storage. No data sold to third parties.

3. Architecture Overview

Understanding Forge I/O's architecture is essential to understanding its privacy properties:

  • Your Mac (forgeio-daemon): Encrypts all outbound messages using AES-256-GCM with keys generated and stored only on your devices. The daemon connects to the relay via outbound WebSocket.
  • Relay server (Cloudflare Workers + Durable Objects): A dumb forwarding pipe. It receives ciphertext from your Mac and forwards it to your iPhone, and vice versa. It cannot decrypt messages. It has no knowledge of your identity, terminal contents, or what you are doing. It stores only your APNS push token in memory for the duration of your active session.
  • Your iPhone (Forge I/O app): Receives encrypted messages from the relay, decrypts them using keys stored in your iOS Keychain, and renders them in the terminal UI.

4. What We Collect

4a. APNS Push Notification Token

To deliver approval notifications from your Mac to your iPhone, Forge I/O transmits your Apple Push Notification service (APNS) device token to our relay server.

  • The token is stored in Cloudflare Durable Object memory only for the duration of your active relay session. It is not written to any persistent database.
  • When your daemon disconnects, the session state — including the APNS token — is purged from memory.
  • The token is not linked to any personal identity (no name, email, or account number is associated with it).
  • The token is not shared with any third party, not used for advertising, and not used for any purpose other than routing push notifications to your device.
  • You can disable push notifications at any time via iOS Settings → Forge I/O → Notifications. Approval requests will still appear in-app when Forge I/O is open.

4b. Terminal Output and Session Data

All terminal output, commands, and session activity are encrypted with AES-256-GCM on your Mac before being transmitted to the relay. The encryption keys are generated during the pairing process and stored exclusively in your devices' Keychain. ForgeSights and Cloudflare have no access to the encryption keys and cannot read your terminal data at any point.

No terminal output is stored on the relay server or on any ForgeSights-controlled infrastructure. Messages are forwarded and immediately discarded.

4c. Pairing Keys

Cryptographic keys generated during the pairing process are stored exclusively in your iOS Keychain (backed by iCloud Keychain if you have enabled it) and your Mac's system Keychain. They are never transmitted to or stored by ForgeSights.

4d. Biometric Authentication (Face ID)

Forge I/O offers an optional biometric lock screen using Apple's Face ID. Your biometric data — including the mathematical representation of your face — is processed entirely within your device's Secure Enclave coprocessor. Forge I/O never accesses, receives, stores, or transmits your biometric data in any form. Apple's LocalAuthentication framework returns only a pass/fail authentication result to the App. For Face ID data handling, see Apple's Privacy Policy.

4e. System Metrics

Forge I/O can optionally stream Mac system metrics (CPU usage, memory pressure, battery level) from the daemon to the iOS app for display in the status bar. These metrics are transmitted over the encrypted relay, are not stored on any server, and are not sent to ForgeSights.

4f. Crash and Diagnostic Data

If you have enabled "Share iPhone Analytics" in iOS Settings, Apple may share anonymized crash reports with us through App Store Connect. These reports contain device type, iOS version, and a stack trace. They contain no terminal content, no pairing keys, and no personally identifiable information. You can disable this in Settings → Privacy & Security → Analytics & Improvements.

5. App Store Privacy Nutrition Label

In accordance with Apple's App Privacy requirements, Forge I/O's App Store listing declares the following data practices:

Data Not Linked to You

  • Identifiers — Device ID: Your APNS push notification token is collected transiently, is not linked to your identity, and is used solely for app functionality (push notification delivery). It is purged from memory when your session ends.
  • Diagnostics — Crash Data: If you have enabled "Share iPhone Analytics" in iOS Settings, Apple may share anonymized crash reports with us through App Store Connect. These reports contain device type, iOS version, and a stack trace. They are not linked to your identity and are used solely for app stability and bug resolution. You can disable this in Settings → Privacy & Security → Analytics & Improvements.

Data Not Collected

  • Contact Info, Health & Fitness, Financial Info, Location, Sensitive Info (including Biometrics), Contacts, User Content, Browsing History, Search History, Usage Data, and Purchases are not collected by Forge I/O.

6. Third-Party Infrastructure

Cloudflare, Inc. operates the relay infrastructure (Cloudflare Workers and Durable Objects) that Forge I/O uses to connect your iPhone to your Mac. Cloudflare receives only encrypted ciphertext and the APNS token. Cloudflare's use of infrastructure data is governed by the Cloudflare Privacy Policy. Cloudflare maintains Standard Contractual Clauses and EU-US Data Privacy Framework certification for EU data transfers.

Apple, Inc. operates the APNS push notification infrastructure and the iOS Keychain. Apple's handling of push token delivery and Keychain data is governed by the Apple Privacy Policy.

Forge I/O does not integrate any analytics SDKs, advertising SDKs, crash reporting services, or other third-party tracking libraries beyond what Apple provides natively through the operating system.

7. Revoking Access and Deleting Your Data

To revoke Forge I/O's access to your Mac and invalidate all relay associations:

  • Run forgeio-daemon revoke on your Mac. This deletes the pairing record from your Mac's Keychain and disconnects any active relay session.
  • Delete the Forge I/O app from your iPhone. This removes all pairing keys from your iOS Keychain and App data.

After revocation, no data associated with your pairing exists on any server. The APNS token stored in Cloudflare memory is discarded when the daemon disconnects.

8. Children's Privacy

Forge I/O is a professional developer tool for adult software engineers. The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has used Forge I/O or provided us with personal information, we will delete it promptly. Contact privacy@forgesights.com if you have concerns.

9. Data Security

All data transmitted between the Forge I/O app and daemon is encrypted end-to-end using AES-256-GCM with keys derived via X25519 key exchange. This means the relay server — even if compromised — cannot read your terminal sessions. Pairing keys are stored in platform Keychains (iOS Secure Enclave-backed Keychain on iPhone, macOS Keychain on Mac) rather than in App-accessible storage. These represent the strongest available data-at-rest protections on their respective platforms.

10. California Privacy Rights (CalOPPA / CCPA)

California residents have rights under the California Online Privacy Protection Act (CalOPPA) and, where applicable thresholds are met, the California Consumer Privacy Act (CCPA).

  • Right to Know: We collect only your APNS device token (transiently, in memory, for push delivery). See Section 4a. We collect no other personal information through our infrastructure.
  • Right to Delete: Revoke access as described in Section 7. Email privacy@forgesights.com to request deletion of any support correspondence we may hold.
  • Right to Opt Out of Sale: We do not sell personal information.
  • Non-Discrimination: We will not discriminate against you for exercising any privacy rights.
  • Do Not Track: Forge I/O does not track users across third-party apps or websites for advertising purposes and does not respond to Do Not Track signals.

11. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies.

Data Controller: ForgeSights, reachable at privacy@forgesights.com.

Legal Bases for Processing:

  • Contract performance / legitimate interest — Transmission of your APNS token to the relay is necessary to deliver push notifications, which is the core mechanism by which Forge I/O alerts you to pending tool approvals. This processing is necessary to provide the functionality you requested.
  • Legitimate interest — Receiving anonymized crash diagnostics through Apple's opt-in analytics to maintain App stability.

Retention: APNS token stored in relay memory only for the duration of the active daemon session. Crash diagnostics (if any) are retained as long as necessary to diagnose and resolve the reported issue.

International Data Transfers: Relay infrastructure is operated by Cloudflare, which processes data in data centers globally including in the United States. Cloudflare transfers are conducted under Standard Contractual Clauses and EU-US Data Privacy Framework certification. Apple APNS data transfers are similarly covered by Apple's SCCs.

Your Rights Under GDPR: You have the right to access, rectify, erase, restrict, or port personal data we hold about you, and to object to processing. You may lodge a complaint with your local supervisory authority. Contact privacy@forgesights.com to exercise any right. We will respond within 30 days.

12. Changes to This Policy

If we make material changes to this Privacy Policy, we will update the effective date at the top of this page and note the change in Forge I/O's release notes on the App Store and in the forgeio-daemon changelog. Continued use of Forge I/O after changes are posted constitutes your acceptance of the updated policy.

13. Contact

For privacy questions, data deletion requests, or any concerns: