Privacy Policy
Last updated: May 2026
ForgeRestore (“we,” “our,” or “us”) is committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, how it is used, and what rights you have over your data. We designed ForgeRestore with privacy as a core value — your recovery journey is yours alone.
1. Who We Are
ForgeRestore is a web application designed to support individuals in Crystal Meth Anonymous (CMA) recovery. It is not affiliated with CMA, AA, NA, or any other twelve-step organization. ForgeRestore operates as an independent tool to help users and their sponsors organize and track the 12-step process.
2. What Data We Collect
We collect only what is necessary to provide the service:
- Account Identity: Your name, email address, and profile picture provided when you sign in through Replit’s authentication service. We do not collect passwords.
- Recovery Information: Your sobriety date and 12-step progress (which steps you have completed and any step-work you submit).
- Journal Entries: Personal journal entries, body-scan fields, and meetings attended. Journal entries are private by default and visible only to you unless you explicitly grant access.
- Triggers & Cravings Logs: Craving logs (intensity, emotional state, physical state, thoughts, actions taken) and known personal triggers by category.
- Sponsor / Sponsee Relationships: Connection requests, active relationships, tasks assigned by your sponsor, and task submissions.
- Technical Data: Device timezone, session cookies (necessary for login), and server access logs (IP address and request path, retained for up to 30 days). We do not use tracking pixels, advertising cookies, or analytics cookies.
3. Why We Collect This Data
We process your data to provide the service (authenticating you, storing recovery data, enabling sponsor/sponsee collaboration), to keep the service secure, and to improve the service. ForgeRestore does not use AI; reflections on your data are computed deterministically on your own device.
4. How We Store Your Data
All user data is stored in a PostgreSQL database hosted by Neon (neon.tech), encrypted in transit (TLS) and at rest. When you set up a personal vault, every journal entry is end-to-end encrypted on your own device — ForgeRestore staff cannot read your journal even by inspecting the database directly.
5. Who We Share Your Data With
We do not sell your data. We do not share it with advertising networks or data brokers. Your data is shared only within the app as you choose (with a sponsor you have connected with), with Neon for database hosting, and with Replit for authentication.
6. Your Rights
You can export all your data and delete your account at any time from Settings. Under GDPR you have the right to access, correct, delete, and port your data. Under CCPA you have the right to know, delete, and opt out of sale (we do not sell data).
7. Contact
For privacy-related inquiries: support@forgerestore.app
ForgeRestore is a peer-recovery organizing tool for general wellness use. It is not a medical device, not a therapeutic service, and not a substitute for professional care. In an emergency call 911 or 988.