Privacy Policy

Last updated: 2026-03-16

Forkline Privacy Policy

Last updated: 2026-03-16

1. Controller

The controller of personal data processed through Forkline is Maria Teresa López Alonso, Calle Doris Lessing, 4, portal 1, 2°A, 28523 Rivas-Vaciamadrid, Spain.

Contact details:

  • General contact: contact@forkline.dev
  • Privacy contact: privacy@forkline.dev
  • Legal contact: legal@forkline.dev

2. Scope

This Privacy Policy explains how Forkline processes personal data when you visit forkline.dev, use app.forkline.dev, interact with legal or support pages, purchase subscriptions or credits, connect third-party services, or otherwise use the Forkline platform.

3. Categories of personal data

Depending on how you use the Services, we may process the following categories of data:

  • account and identity data, such as name, username, email address, and account identifiers;
  • billing and transaction data, such as subscription status, purchases, invoices, tax-related billing details, billing country or address details where required, and payment metadata provided through Stripe or the applicable billing workflow;
  • authentication and session data, such as login events, session identifiers, device and browser metadata necessary to maintain secure sessions;
  • integration data, such as connected GitHub, GitLab, Forgejo, and similar account identifiers, repository metadata, scopes, permissions, and connection status;
  • secret and credential data, such as API tokens, keys, and access credentials that you choose to store for enabled integrations;
  • provider-connection data, such as model-provider account references, API key metadata, and service configuration related to OpenAI, Anthropic, Alibaba, AWS Bedrock, or other providers selected by you;
  • product usage data, such as workspace activity, usage-hour consumption, job metadata, logs necessary for service operation, abuse prevention, and troubleshooting;
  • communications data, such as support requests, emails, Discord support exchanges that we document, and complaint handling records.

We do not use analytics or advertising trackers unless we state otherwise in an updated policy.

4. How we use personal data

We use personal data to:

  • create and administer accounts;
  • provide subscriptions, prepaid credits, hosted environments, and integration features;
  • store and use connected credentials solely to provide the features you enable;
  • process payments, subscription billing, invoices, tax-related checkout or billing requirements, refunds where required, and fraud checks;
  • secure the Services and detect abuse, misuse, unauthorized access, or technical failures;
  • provide customer support and respond to complaints, legal notices, and privacy requests;
  • comply with legal obligations, including tax, accounting, consumer-protection, and security obligations;
  • establish, exercise, or defend legal claims.

5. Legal bases

Where the GDPR applies, we rely on one or more of the following legal bases:

  • performance of a contract or steps taken at your request before entering into a contract;
  • compliance with legal obligations;
  • our legitimate interests in operating, securing, improving, and defending the Services, provided those interests are not overridden by your rights;
  • your consent, where consent is required, such as for non-essential cookies if we ever introduce them.

6. Connected services and user responsibility

Forkline enables you to connect and use third-party services. You decide which services to connect, which credentials to provide, and which repositories, prompts, files, and provider accounts are used through the platform.

We process connected credentials and related metadata only to deliver the features you request. You remain responsible for your relationship with the third-party provider, including compliance with that provider's terms, privacy practices, pricing, and permitted use.

7. How we protect credentials and sensitive connection data

Credentials, API keys, and similar connection secrets are protected using industry-standard security measures, including encryption at rest, access restrictions, and managed secrets-handling controls designed to reduce unnecessary exposure.

No security measure is perfect, and we cannot guarantee absolute security. You should use only credentials and permissions that are appropriate for the actions you want the Services to perform.

8. Sharing of personal data

We may share personal data with:

  • payment and billing providers, such as Stripe;
  • hosting, infrastructure, storage, backup, and managed security providers located in the European Union;
  • email, support, and communication providers;
  • third-party integration endpoints that you choose to connect;
  • professional advisers, auditors, insurers, and legal counsel where reasonably necessary;
  • regulators, courts, law enforcement, or other authorities where required by law or necessary to protect rights and security.

We do not sell personal data.

9. International transfers

Forkline uses infrastructure providers located in the European Union for core hosting, storage, logging, and related backup operations. Because Forkline is a global service and users may connect third-party providers located in other countries, personal data may also be processed in countries other than your own, including outside the European Economic Area.

Where required, we will rely on appropriate transfer safeguards, such as adequacy decisions, contractual safeguards, or other lawful transfer mechanisms.

10. Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, including to provide and operate the Services, maintain account integrity, process billing and payments, ensure the security of our systems, comply with legal obligations, and resolve disputes.

When determining the appropriate retention period, we consider several factors, including:

  • The purposes for which the Personal Data is processed (for example, whether it is necessary to retain the data to provide our Services);
  • The amount, nature, and sensitivity of the information;
  • The potential risk of harm resulting from unauthorized use or disclosure; and
  • Any applicable legal, regulatory, tax, accounting, or reporting requirements.

If you request deletion of your account or Personal Data, the account may enter a deletion window of up to 30 days during which reactivation may be possible. After that period, Personal Data associated with the account is deleted or irreversibly anonymized, unless a longer retention period is required or permitted by law or justified for legitimate business purposes. Deleted data may also remain in secure encrypted backups for a limited period until it is overwritten in the normal backup cycle.

Certain categories of information may be retained for longer periods where necessary for legitimate security, legal, or operational purposes. These may include:

  • Legal and regulatory compliance. We may retain Personal Data where required to comply with applicable laws, regulations, legal processes, or valid requests from public authorities.
  • Financial and accounting records. Information related to payments, transactions, invoices, taxation, or accounting may be retained for the periods required under applicable financial and tax laws.
  • Security, fraud prevention, and policy enforcement. We may retain information necessary to prevent, investigate, or address fraud, abuse, security incidents, or violations of our terms or policies, including in connection with restricted or terminated accounts.
  • Dispute resolution and legal claims. We may retain information necessary to establish, exercise, or defend legal claims, including records relevant to disputes or investigations.
  • Compliance records. Where you request the deletion of your Personal Data, we may retain limited records of the request and its fulfillment in order to demonstrate compliance with applicable legal obligations.

11. Your Rights

Depending on applicable law, you may have certain rights regarding your Personal Data, including the right to:

  • Access your Personal Data and obtain information about how it is processed;
  • Rectify inaccurate or incomplete Personal Data;
  • Request deletion of your Personal Data, subject to applicable legal limitations;
  • Request restriction of processing, meaning that in certain circumstances you may ask us to limit how we use your Personal Data (for example, while a request for rectification is being verified or where you have objected to processing);
  • Object to certain processing, including processing based on legitimate interests or processing for direct marketing purposes, where applicable;
  • Receive a portable copy of certain Personal Data in a structured, commonly used, and machine-readable format, and where technically feasible request that it be transmitted to another controller;
  • Withdraw consent at any time where processing is based on your consent, without affecting the lawfulness of processing carried out before the withdrawal; and
  • Lodge a complaint with a competent data protection supervisory authority if you believe that your rights have been violated or that your Personal Data has been processed unlawfully.

To exercise your privacy rights, you may contact us at privacy@forkline.dev. We may request additional information to verify your identity before processing your request, as permitted by applicable law.

12. Cookies and similar technologies

Forkline uses essential cookies and similar technologies necessary to authenticate users, maintain secure sessions, protect the service, and operate core platform functionality.

Forkline does not currently use analytics, advertising, or profiling cookies. If that changes, we will update this Policy and the separate Cookie Policy.

13. Children

The Services are not directed to children, and users must be at least 18 years old.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will be published with a new "Last updated" date.

15. Contact and complaints

For privacy matters, contact privacy@forkline.dev.

If you are in the European Union or European Economic Area and believe your rights have been infringed, you may also lodge a complaint with the supervisory authority in your place of residence, work, or the place of the alleged infringement, including the Spanish Data Protection Agency where relevant.