Skip to main content

Privacy Policy

LAST UPDATED: APRIL 8, 2026

1. What This Policy Covers

This policy explains what personal information StatusForge collects, how we use it, who we share it with, and what rights you have. We wrote it in plain English on purpose. If something is unclear, email us and we will explain it.

Data controller: Arctic Labs LLC (d/b/a StatusForge), 6545 Market Ave. North, STE 100, Canton, OH 44721. For all privacy inquiries: [email protected].

By creating a StatusForge account, you agree to the data practices described here. If you do not agree, do not use the service.

2. Information We Collect

Information you provide (Standard tier):

  • Full name
  • Profession or job title
  • Role level (e.g., junior, senior, executive)
  • Key achievements
  • Core capabilities and skills
  • Professional motivation
  • Career trajectory and goals

Additional information for Pro users:

Pro accounts collect up to 10 additional professional detail fields. These vary but may include education, certifications, publications, leadership experience, industry specializations, and similar career information. You choose what to provide.

Information from the free AI Coverage Check:

  • The name you enter is sent to third-party AI services so we can show you what AI says about you. Results are cached for 24 hours to reduce repeated API calls, then automatically deleted. We do not store your AI Coverage Check results beyond this 24-hour window.

Payment information:

  • Processed entirely by Stripe. We never see or store your card number, expiration date, or CVC.

Information collected automatically:

  • Browser type and device information
  • Pages visited and interaction patterns
  • Referral source
  • Time of visit and general usage data
  • Bot detection signals via Cloudflare Turnstile

3. How We Use Your Information

  • Profile publishing: We create a public profile page at statusforge.ai/p/your-name containing your professional information, with Schema.org structured data markup. This page is designed to be indexed by search engines and read by AI systems.
  • Satellite publishing: We may republish your professional information on third-party platforms (such as GitHub Gist) to increase its visibility and reach.
  • B2B data licensing: Your professional information is made available through our API (/v1/person) so that AI companies can query it. This is how StatusForge works — we make your professional identity available to AI systems so they represent you accurately. See Section 4 for full details.
  • Micro-royalty tracking: We track each time your data is queried through our B2B API so we can calculate your earnings. See Section 5.
  • Service operation: Account management, payment processing, and service delivery.
  • AI Coverage Check: When you use the free check tool, your name is sent to a third-party AI service so we can show you what AI currently says about you.

4. B2B Data Licensing — Your Data May Be Sold to AI Companies

This is important, so we are being direct about it.

StatusForge licenses professional identity data to AI technology companies through a paid API. When an AI company queries our /v1/person endpoint for your name, they receive the professional information you submitted — your name, profession, achievements, capabilities, and other details from your profile.

What this means:

  • AI companies pay StatusForge to access your professional data
  • Your data is shared exactly as you provided it — never fabricated, supplemented, or misrepresented
  • We never fabricate information — only what you submitted is shared
  • You can opt out of data sales at any time (see Section 8)

This data licensing is a core part of the StatusForge service. By creating an account, you consent to your professional information being included in these licensed datasets. If you do not want your data sold to AI companies, you can opt out at /do-not-sell or request full deletion of your account.

5. Micro-Royalties — You Earn From Your Data

Every time an AI company queries your professional data through our B2B API, we log that query and credit your account a micro-royalty. Rates are tiered based on profile depth and verification status, starting at $0.01 per query and increasing as your profile grows. These micro-royalties accumulate over time.

Royalty tracking is automatic. You can view your accumulated earnings in your dashboard. Payout terms and thresholds are described in our Terms of Service.

6. Cookies and Local Storage

We use the following client-side storage. None of these are used for advertising or cross-site tracking.

NameTypePurpose
sf_intakelocalStorageTemporarily stores your responses during the intake process. Cleared after submission.
sf_intro_seenlocalStorageRecords whether you have viewed the introductory sequence. Persists across sessions.
sf_refcookieStores referral attribution code if you arrived via a referral link. Expires after 30 days.
sf_check_historylocalStorageStores your AI coverage check history locally so you can review past results.
sf_score_historylocalStorageStores your AI Coverage Index history locally for trend tracking.
sf_participant_historylocalStorageStores participant count snapshots locally for display purposes.
sf_accesslocalStorageStores your access/session token for authentication.

All localStorage items are stored on your device only. Cookie data (sf_ref) is transmitted to our servers with requests.

7. Third-Party Service Providers

We use the following companies to operate StatusForge. Each processes some of your data as described:

  • Supabase — Database and authentication. Stores your account data, profile information, and micro-royalty records. Data is hosted in the United States.
  • Vercel — Web hosting and serverless functions. Serves your profile pages and processes API requests. Data is hosted in the United States.
  • Stripe — Payment processing. Handles all payment transactions. Stripe’s own privacy policy governs how they handle your payment data.
  • Cloudflare — Security, CDN, and bot protection (Turnstile). Routes and protects web traffic. Cloudflare may process your IP address and request metadata.
  • Telnyx — SMS messaging (optional). If you opt in to SMS conversations, your phone number and message content are processed by Telnyx. You can opt out at any time by replying STOP. Telnyx’s own privacy policy governs how they handle your data.
  • Resend — Transactional email delivery. Your email address and message content are processed by Resend when we send you account-related emails (welcome, magic links, connection notifications). Data is hosted in the United States.

We do not share your data with any other third parties for marketing or advertising purposes.

8. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all personal information we hold about you.
  • Correction: Request that we fix any inaccurate information in your profile.
  • Deletion: Request complete deletion of your account and all associated data. Deletion cascades through all database tables. Once deleted, your data is gone from our systems permanently.
  • Do-not-sell: Opt out of having your data sold to AI companies through our B2B API. Visit /do-not-sell or email us.
  • Portability: Request a machine-readable export of your data.
  • Withdraw consent: You can withdraw consent for future data processing at any time by deleting your account.

Important limitation: Content that has already been published on the web, distributed through satellite channels (e.g., GitHub Gist), or indexed by search engines and AI systems cannot be fully recalled after deletion. We will remove everything within our control, but we cannot force third parties to delete cached or indexed copies.

To exercise any of these rights, email [email protected]. We will respond within 15 business days.

9. Data Retention

We retain your data for as long as your account is active. If you request deletion, we remove all your data from our database, including profile information, royalty records, and any associated metadata. Deletion is real and permanent — we do not soft-delete or archive.

Stripe may retain payment records independently as required by financial regulations.

10. Security

We protect your data with encrypted transmission (HTTPS/TLS), secure authentication, database-level access controls, and Cloudflare’s security infrastructure. No system is 100% secure, but we take reasonable measures to protect your information.

11. Age Requirement

StatusForge is for adults only. You must be at least 18 years old to create an account or use the service. We do not knowingly collect personal information from anyone under 18. If we learn that a user is under 18, we will delete their account and data immediately.

12. State Privacy Laws

StatusForge honors the rights granted by the privacy laws of the United States and individual U.S. states. Wherever you live in the U.S., you have the rights described in Section 8 (Access, Correction, Deletion, Do-Not-Sell, Portability, Withdraw Consent). Specifically:

  • California (CCPA / CPRA): all rights in Section 8, plus the right to opt out of the “sale or sharing” of personal information, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights.
  • Virginia (VCDPA), Colorado (CPA), Connecticut (CDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Florida (FDBR), Montana (MCDPA), Tennessee (TIPA), Iowa (ICDPA), Indiana (ICDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Delaware (DPDPA): the rights to access, correction, deletion, portability, and opt out of targeted advertising or the sale of personal data, as defined in each state’s law.
  • All other U.S. states: we extend the same set of rights as a matter of policy, even where state law does not yet require them.

Under the CCPA, the Virginia VCDPA, the Colorado CPA, and similar laws, our B2B data licensing (Section 4) may constitute a “sale” or “sharing” of personal information. You can opt out at any time at /do-not-sell.

California-required contact: California consumers may exercise their privacy rights by emailing [email protected] with the subject line “California Consumer Privacy Rights”. We respond within 15 business days.

12a. Categories of Personal Information We Collect (CCPA §1798.110)

For California residents (and as a matter of policy for everyone): the personal information we collect falls into the following CCPA categories:

  • Identifiers: name, email address (optional), IP address, device identifiers, referral codes.
  • Customer records: billing information processed by Stripe (we do not store card numbers).
  • Professional or employment-related information: role, company, years of experience, skills, achievements, work style, problems solved, professional contributions — whatever you submit during intake.
  • Internet or other electronic activity: browser type, pages visited, referrer, time of visit.
  • Inferences: the AI Coverage Index we calculate from your profile completeness and verification state.

We do not collect: biometric information, geolocation precise to a street address, government IDs, racial or ethnic origin, religious beliefs, sexual orientation, health information, financial account numbers (Stripe handles those), or contents of private communications.

Sensitive personal information (CPRA): StatusForge does not knowingly collect sensitive personal information as defined by the California Privacy Rights Act. If your free-text intake responses contain sensitive content (for example, references to religious practice in a “contribution” field, or references to health in a “leadership style” field), you can request its removal at any time. We do not use such content to infer sensitive characteristics.

12b. Retention Periods

We retain different categories of data for different periods:

  • Profile data: retained for as long as your account is active (free tier) or until your chosen sunset window expires (Pro tier — see Terms Section 15).
  • Payment records: retained by Stripe for 7 years per financial regulations. We retain only a transaction reference linking to Stripe, not the underlying payment data.
  • API query logs: retained for 24 months for audit, compliance, and royalty calculation. Aggregated counts are retained indefinitely for the transparency report.
  • Privacy request audit log: retained indefinitely so we can prove we honored every request.
  • Server access logs: retained for 30 days, then automatically deleted.
  • Donor records (mission donations): retained as long as required by financial regulations or until you request deletion, whichever is sooner.

12c. AI Coverage Check — Third-Party Data Sharing Disclosure

When you use the free AI Coverage Check tool, the name you submit is sent in real time to multiple third-party AI services to ask each of them what they say about that name. Specifically, the name is sent to: OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), and xAI (Grok). The name is processed by each provider under that provider’s own privacy policy and may briefly appear in their request logs.

We do not store the queries we send to these providers, and we do not pay them anything that would make the relationship a “sale” of personal information. The queries exist only to give you a real, honest answer to the question “what does AI currently say about me?”

If you do not want your name sent to these third-party services, do not use the AI Coverage Check tool. Building your StatusForge profile does not require it.

12d. Financial Incentive Disclosure (CCPA §1798.125)

StatusForge offers a micro-royalty program: when a B2B partner queries your profile through our API, you earn a small payment (currently $0.01–$0.05 per query, tiered by profile depth and verification). This may be considered a “financial incentive” under CCPA §1798.125 because we are offering money in exchange for permission to share your personal information with B2B partners.

Material terms of the incentive:

  • The payment is calculated based on the rough operational value of your data to the partner who queried it. The rate is published and may change with notice.
  • You can withdraw from the program at any time by setting your profile’s do-not-sell flag at /do-not-sell. Doing so stops both the licensing and the royalty.
  • Withdrawing from the program does not affect your StatusForge profile or your access to any other feature.
  • The micro-royalty program is voluntary. You are not required to participate to use StatusForge.

The relationship between the value of your data and the payment offered is, in our good-faith estimate, fair: most users will earn a small amount, some users (in high-demand fields with verified profiles) will earn more, and the program exists primarily to give users a structural stake in the value their data generates rather than to function as a meaningful income source. We do not believe the program is exploitative; we believe it is the minimum decent thing to do.

12e. Automated Decision-Making (CPRA)

StatusForge does not use your personal information to make any automated decision that produces a legal or similarly significant effect on you. We do not score you for hiring, lending, insurance, healthcare, housing, or any other consequential decision.

We calculate one number from your profile — the AI Coverage Index (0–850) — which measures how much of the truth about you is reaching AI systems. This score is informational only; it is not used by StatusForge or by any partner to make decisions about you. The score never affects credit, employment eligibility, insurance, or any financial product. Our terms prohibit B2B partners from using StatusForge data for automated high-risk decisions.

You have the right to know about and object to any automated decision-making to the extent we ever introduce one. We commit to disclosing it on this page before it is deployed.

12f. Data Portability Format

If you exercise your right to portability, we provide your data as a single JSON file containing every field we hold about you, formatted for easy import into other systems. The export includes your profile data, your AI Coverage Index history, your micro-royalty earnings record, your verified social profile links, and any privacy requests you have submitted. To request an export, email [email protected].

12g. European Economic Area, United Kingdom & Switzerland (GDPR)

If you are located in the EU, EEA, UK, or Switzerland, the following applies in addition to the rest of this policy. Where this section conflicts with another section, this section governs for residents of those jurisdictions.

Data controller: Arctic Labs LLC (d/b/a StatusForge), 6545 Market Ave. North, STE 100, Canton, OH 44721, United States. Email: [email protected].

Legal bases for processing (GDPR Article 6):

  • Consent (Art. 6(1)(a)): Profile publishing, B2B data licensing, and satellite distribution. You give consent during the intake process and can withdraw it at any time by deleting your profile or emailing us.
  • Contract performance (Art. 6(1)(b)): Account creation, authentication, payment processing, and service delivery including micro-royalty tracking.
  • Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, rate limiting, and service improvement. We have balanced these interests against your rights and believe processing is proportionate. You may object at any time.

Your rights under GDPR:

In addition to the rights in Section 8, you have the right to:

  • Restrict processing: Ask us to limit how we use your data while a complaint is resolved.
  • Object to processing: Object to processing based on legitimate interest. We will stop unless we demonstrate compelling legitimate grounds.
  • Right not to be subject to automated decisions: StatusForge does not make automated decisions with legal or similarly significant effects. The AI Coverage Index is informational only.
  • Lodge a complaint: You have the right to lodge a complaint with your local supervisory authority.

To exercise any right, email [email protected]. We respond within 30 days (GDPR timeline), or 15 business days (our pledge), whichever is sooner.

International data transfers:

Your data is stored and processed in the United States. We rely on the EU–U.S. Data Privacy Framework (DPF) for transfers where applicable, and Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) as the transfer mechanism for all other cases. Copies of our SCCs are available on request by emailing [email protected].

Data Protection Impact Assessment:

We have conducted a Data Protection Impact Assessment (DPIA) for our core processing activities, including B2B data licensing and profile publishing. A summary is available at /gdpr.

Data retention:

See Section 12b. Under GDPR, we retain your data only as long as necessary for the purposes described. When you delete your account, we erase all personal data within 15 business days. Audit logs of privacy requests are retained to prove compliance.

Sub-processors:

Our current sub-processors are listed in Section 7. We maintain a public sub-processor list at /gdpr#sub-processors. We will notify registered users by email at least 30 days before adding a new sub-processor. You may object to a new sub-processor within that period.

Cookie consent:

We obtain explicit consent before setting non-essential cookies. Essential cookies (authentication, security, geo-detection) are set without consent as they are strictly necessary. See Section 6 for details.

13. Changes to This Policy

We may update this policy as our service evolves. When we make changes, we will update the date at the top of this page. For significant changes, we will make reasonable efforts to notify active users by email.

14. Contact

For privacy questions, data requests, or to exercise any of your rights:

[email protected]

Arctic Labs LLC (d/b/a StatusForge)
6545 Market Ave. North, STE 100
Canton, OH 44721

STATUSFORGETERMS OF SERVICE