Privacy Policy

Last updated: April 2026

1. Information We Collect

When you use PepForge, we collect the following categories of information:

  • Google account information: Your name, email address, and profile picture provided through Google OAuth authentication.
  • Usage data: Features you use, credits consumed, and general interaction patterns. This helps us understand how the platform is used and where to improve.
  • Research queries and conversations: Prompts and chat messages you send to the AI research assistant. These may be used in anonymized form to improve AI research quality.
  • Payment information: Billing is processed entirely by Stripe. We do not store your credit card number, CVV, or full payment details on our servers.

2. How We Use Your Data

  • To provide, maintain, and improve the PepForge platform and its research features
  • To process payments, manage your subscription, and track credit usage
  • To improve the quality and accuracy of AI-generated research summaries and protocol recommendations (using anonymized query data)
  • To send service-related communications such as billing receipts, account notices, and material updates to these policies
  • We do not send unsolicited marketing emails and will not sell your email address to third parties

3. Data Sharing

We do not sell your personal data. We share information only with the third-party services required to operate the platform:

  • Google (OAuth): Used solely for authentication. We receive only the basic profile information you authorize.
  • Stripe: Handles all payment processing and subscription management. Subject to Stripe's Privacy Policy.
  • Gemini AI (Google): Research queries are sent to the Gemini API to generate responses. Queries are transmitted without personally identifiable account information where possible.
  • Vercel: Frontend hosting and edge delivery.

We may disclose information if required by law or to protect the rights, safety, or property of PepForge or its users.

4. Data Security

We use industry-standard security practices to protect your data:

  • All connections are encrypted via HTTPS/TLS
  • Authentication sessions use HttpOnly cookies, which are not accessible to JavaScript and help prevent cross-site scripting attacks
  • Database access is restricted to authorized backend services only
  • Payment data is never stored on PepForge servers - it is tokenized and managed entirely by Stripe

No system is completely immune to breaches. In the event of a significant data incident affecting your personal information, we will notify you promptly.

5. Your Rights

You have the following rights regarding your data:

  • Delete your account: You can request full account deletion from your account settings. Personal information is removed within 30 days.
  • Export your data: You can request a copy of your account data by contacting us at support@pepforge.io.
  • Opt out of analytics: You may contact us to request that your usage data be excluded from aggregate analytics.

6. Cookies

PepForge uses a single HttpOnly session cookie for authentication. We do not use third-party advertising cookies or tracking pixels. Basic analytics may use privacy-preserving, cookieless methods.

7. Changes to This Policy

We may update this Privacy Policy as the platform evolves. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of PepForge after changes are posted constitutes acceptance of the revised policy.

8. Contact

For privacy questions, data requests, or to exercise your rights, contact us at support@pepforge.io.