Buy us a Coffee
Powered by Web Forge Pro

Privacy Policy

Last updated: June 2026

Your Data, Your Control

Full transparency: We do not sell your personal data to third parties.

1. Data Controller

Personal data collected through Web Forge Pro is processed by its owner, Joaquim Llort Grau, a freelance professional with fiscal domicile in Spain, hereinafter the 'Data Controller'.

Contact email for privacy matters: info@forgebio.io

2. What Data We Collect and for What Purpose

To correctly provide the ForgeBio.io service, we process the following categories of personal data:

a) Account Data
Email address and password. The password is stored in encrypted/hashed form and is not accessible by the Controller.
Legal basis: Performance of the contract.

b) Profile Data
Images, texts, and links that the user decides to voluntarily publish on their public profile within the platform.
Legal basis: Performance of the contract and user consent for the publication of public content.

c) Technical Data
IP address, browser type, device, and access logs, collected automatically during the use of the service.
Legal basis: Legitimate interest of the Controller to ensure service security, prevent misuse, and detect technical incidents.

These data are kept for the time strictly necessary for said purposes.

3. Do We Share Your Data?

The Controller does not sell or rent personal data to third parties.

Data is only shared with essential service providers (Data Processors) necessary for the operation of the platform, including:

  • Hosting and database storage services (Hostinger, servers located in the European Union).
  • Email and professional communication services (Google Workspace).
  • Payment processor for paid subscriptions (Stripe, Inc.). Payment data is transmitted directly to Stripe (not stored in our database). International transfer to the USA covered by the European Commission Standard Contractual Clauses (SCC) and the Data Privacy Framework.

In the event that any of these providers process data outside the European Economic Area, appropriate guarantees are applied in accordance with the GDPR, such as the Standard Contractual Clauses approved by the European Commission.

4. Data Retention

Personal data will be kept while the user's account remains active.

Deletion procedure with grace period (14 days): when a user requests to delete their account, the data is immediately made inaccessible from the platform (session closed, email unpublished, profiles deactivated) but is retained for a 14-day grace period in a secure quarantine zone. During this period, the user can recover their entire account simply by logging back in. After the 14 days, the data is permanently and automatically erased (scheduled process, no manual intervention).

The user can also download a complete copy of their personal data in JSON format at any time from the editor (Art. 20 GDPR — Data Portability).

Only data that must be kept duly blocked for compliance with legal obligations (e.g., tax records associated with payments for accounting reasons, for the applicable legal period) will be retained.

5. User Rights

The user may exercise the following rights recognized by the General Data Protection Regulation (GDPR) at any time:

  • Access to their personal data.
  • Rectification of inaccurate data.
  • Erasure of their data ('Right to be forgotten').
  • Restriction of processing.
  • Objection to processing.
  • Data portability.
  • Right not to be subject to automated decisions, where applicable.

To exercise these rights, the user may send a request to info@forgebio.io.

Likewise, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

6. Cookies and Third-Party Tracking

At ForgeBio.io, we strictly differentiate between our platform's own cookies and the cookies configured by our users on their respective public profiles:

A) Platform Cookies (Our Cookies)
The main website uses technical cookies strictly necessary for the proper functioning of the service (e.g., login and display preferences). We also use our own analytical cookies intended to improve the service, subject to the user's prior consent managed through our main cookie banner.

B) Cookies on User Profiles (PRO Tracking Pixels)
The Platform allows paid users (PRO) to insert third-party tracking codes (such as Meta Pixel, Google Analytics, TikTok Pixel or LinkedIn Insight) into their personalized URLs. In these scenarios:

  • The profile owner is the sole Data Controller of the data collected about their visitors.
  • ForgeBio.io automatically activates a consent banner on public profiles when configured pixels are detected. This banner blocks pixel loading until the visitor grants explicit permission, and invalidates consent when it expires (12 months) or when the profile owner changes the active pixel set.
  • Ultimate responsibility for GDPR compliance towards visitors remains with the profile owner, who may be responsible for additional mechanisms depending on their specific jurisdiction.
  • Web Forge Pro acts as a technical infrastructure provider (mere intermediary, LSSI-CE Art. 16). It does not have access to, control over, or store the browsing data that these third-party providers collect directly through the users' profiles. Any exercise of rights by a visitor regarding this tracking must be directed directly to the owner of the visited profile.

Privacy concerns?

info@forgebio.io