Privacy & Trust

Forge is built for speed, but never at the expense of security. We follow industry best practices to ensure your code and secrets stay yours.

Secret Security Standard

We leverage a zero-trust model for environment variables. Unlike traditional CI/CD tools, Forge never stores your sensitive production secrets in plain text on our servers.

Encrypted Synchronization: Your .env.forge files are synchronized directly to Railway or Vercel using encrypted CLI channels.
Zero-Config Secret Injections: Secrets are injected only during the final deployment phase, ensuring they are never exposed in build logs.
Least Privilege: We only request the minimum API permissions required to perform deployments on your behalf.

Local CI Isolation

Forge runs your CI jobs locally using Docker on your own machine. Your source code never leaves your local environment for the build process, providing architectural privacy by design.

Third-Party Trust

We integrate with industry leaders like Vercel and Railway. We explicitly follow their security guidelines for token management and automated provisioning.

Terms of Service

1. Code Ownership: You retain full ownership of all code and content deployed through Forge. We do not claim any rights to your intellectual property.

2. Acceptable Use: Forge is intended for software deployment automation. Any use for illegal activities, spam, or disruptive actions on integrated platforms is strictly prohibited.

3. As-Is Service: As an open-source tool built for hackathons, Forge is provided "as is" without warranties of any kind. We prioritize stability but recommend standard backup practices for your production environments.