Privacy Policy
Last updated: 2026-04-24
Dataforge Inc. (“Dataforge,” “we,” “us”)
This Privacy Policy describes how Dataforge handles personal information in connection with the Software (the AI Enterprise platform, related MCP tooling, Open WebUI integrations in owui_tools/, and Dataforge-hosted services).
Related documents: Software License Agreement · End User Agreement
Legal review: This policy reflects self-hosted, Dataforge-hosted SaaS, and marketing scenarios with Ontario defaults. Counsel and your privacy officer must finalize subprocessors, Security Overview URL, and the privacy-officer identity. Registered office: [PLACEHOLDER: address].
1. Who this policy applies to
1.1 Self-hosted customers
You run the Software on your infrastructure. Dataforge typically does not receive job content, traces, credentials, or prompts from your systems unless you send them to us (for example support attachments, shared logs, or a demo environment). In that case, you are usually the controller of personal information about your users and employees; you must provide appropriate notices to them.
1.2 Dataforge-hosted SaaS customers
If you use a hosted offering operated by Dataforge, Dataforge is typically the processor of customer content (job data, credentials you upload, user accounts we provision for you) under your instructions, and a Data Processing Agreement (DPA) may apply. Contact legal@dataforge.ca.
1.3 Visitors to Dataforge marketing properties
If you browse dataforge.ca (or related marketing pages), submit a contact form, or sign up for a webinar, Dataforge may act as controller of your contact and marketing personal information as described in Sections 2–6.
2. Categories of information the Software may process
Depending on configuration, the following categories may be processed. Technical names refer to concepts in the software codebase (for transparency).
| Category | What may be stored | Typical persistence |
|---|---|---|
| Integration secrets | OAuth refresh tokens, client secrets, API keys | NamedCredential rows in the application database; environment variables |
| Job inputs | Graph invocation payloads, operator parameters | JobRunRecord input fields (full JSON) |
| Job outputs | Model outputs, extracted invoice/bill data, email metadata | JobRunRecord output fields (full JSON); may include message bodies, attachment metadata, vendor/line items |
| Execution traces | Node names, events, timing, intermediate state | JobTraceRecord rows; optionally spilled to compressed .tar.gz archives (JobLogArchive) |
| Approvals | Line items pending human sign-off | approval_item (and related) rows |
| Knowledge / RAG | Documents you index for retrieval | Configured knowledge stores |
| LLM traffic | Prompts and completions | Routed to cloud providers you enable (OpenAI, Anthropic, Google AI) or to local models (e.g. Ollama), per your configuration |
| Hosted SaaS accounts | Login identifiers, profile data, billing contact | Dataforge-managed identity and billing systems [PLACEHOLDER: e.g., Auth0 / Stripe customer record] |
Self-hosted: the above generally resides on your systems; Dataforge does not have routine access. Hosted SaaS: Dataforge stores customer content in its production environment subject to the DPA and security practices in Section 7.
3. Purposes of processing
Self-hosted (on your systems): purposes are determined by you, typically including workflow automation, auditing, debugging, security monitoring, and integration with Gmail, accounting systems, wikis, or other APIs.
Dataforge-hosted SaaS: we process customer content to provide, secure, and improve the service; authenticate users; bill and administer accounts; respond to support requests; detect fraud and abuse; and comply with law.
Marketing: we process contact data to respond to inquiries, send communications you request, and market Dataforge products where permitted by law and your consent preferences.
4. Subprocessors and integrations
4.1 Integrations you enable (self-hosted or SaaS)
When you connect third-party services, personal or business data may be sent to those providers, including for example:
- Google (Gmail API)
- Intuit (QuickBooks Online)
- Zoho (Zoho Books)
- OpenAI, Anthropic, Google AI (Gemini)—when you configure cloud LLM keys
- Ollama or other local inference—when you run models on your own hardware
- Wiki.js or any HTTP/GraphQL endpoint you configure
Each provider’s privacy policy and terms apply.
4.2 Subprocessors Dataforge uses for the hosted offering
Dataforge may use infrastructure and service providers (for example hosting, DNS, CDN, email delivery, monitoring, payments). A current list is published at https://dataforge.ca/legal/subprocessors [PLACEHOLDER: publish or confirm URL]. Representative categories include [PLACEHOLDER: e.g., AWS ca-central-1, Cloudflare, Stripe]—see the published list for names and purposes.
5. Legal bases (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies and Dataforge is controller (for example certain marketing activities) or processor acting on documented instructions, we rely on:
- Contract — to provide the SaaS you purchased;
- Legitimate interests — to secure services, prevent abuse, and improve reliability (balanced against your rights);
- Consent — where required for optional cookies or marketing; and
- Legal obligation — where we must retain billing or respond to lawful requests.
For self-hosted deployments on your infrastructure, you determine legal bases for processing on your systems.
6. Retention
Self-hosted: retention is controlled by your database settings, archival policies, backups, and JobLogArchive configuration. Align with your internal records-management policy.
Dataforge-hosted SaaS (indicative defaults—refine in DPA):
- Operational customer content (jobs, traces, credentials in the hosted tenant): retained while your subscription is active, then deleted or anonymized within ninety (90) days after termination unless law requires longer retention or you request earlier deletion where technically feasible.
- Support tickets and related attachments: up to twenty-four (24) months unless a longer period is needed for legal claims.
- Billing and invoicing records: up to seven (7) years to meet Canada Revenue Agency and common tax-record obligations.
7. Security
Self-hosted: we recommend least-privilege access, encryption at rest and in transit where appropriate, secret management, network segmentation, patched dependencies, and logging with access controls.
Dataforge-hosted: we implement TLS for data in transit, encryption at rest on managed storage where supported, role-based access for personnel, audit logging, and periodic review of subprocessors. Further detail: [PLACEHOLDER: Security Overview URL, e.g., https://dataforge.ca/security].
8. International transfers
Dataforge is based in Canada. If personal information is transferred to subprocessors in the United States, the European Economic Area, the United Kingdom, or other regions, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), UK Addendum, or other mechanisms required by applicable law, and assess PIPEDA and adequacy considerations with counsel.
9. Your privacy rights
Depending on your location and role, you may have rights to access, rectify, delete, restrict, object, port, or withdraw consent, and to lodge a complaint with a supervisory authority.
- Canada (PIPEDA): contact us at privacy@dataforge.ca. We aim to respond within thirty (30) days where PIPEDA applies.
- Quebec (Law 25): see Section 10.
- EU / UK GDPR: contact privacy@dataforge.ca; we aim to respond within thirty (30) days (extendable where permitted by law).
- California (CPRA) and similar U.S. state laws: you may request access, deletion, and correction as applicable; we do not sell personal information as “sale” is defined in the CPRA [PLACEHOLDER: confirm no “sale” / “sharing” for advertising].
Self-hosted: exercise rights regarding data on your systems with your organization’s administrator. If Dataforge is processor: contact the customer who controls the data, or contact us to route the request.
10. Quebec (Law 25) — transparency and automated processing
If you are in Quebec and Dataforge processes your personal information as controller (for example for marketing or your hosted account):
- Privacy officer: [PLACEHOLDER: name and title of Dataforge Privacy Officer] — reachable at privacy@dataforge.ca.
- Automated decision-making: the Software may use AI and automation. You may have rights to information about automated processing; for self-hosted deployments, your organization’s administrator is responsible for Quebec notices to your users.
11. Children’s privacy
Dataforge direct services (accounts, marketing) are not directed to individuals under 16. The Software is intended for business use. Do not provide children’s personal information to us.
12. Changes to this policy
We may update this policy. Material changes affecting hosted SaaS customers will be notified by email at least thirty (30) days before the effective date where reasonably practicable. The Last updated date at the top will change when we publish revisions.
13. Contact
Dataforge Inc.
Privacy: privacy@dataforge.ca
Privacy officer: [PLACEHOLDER: name]
Address: [PLACEHOLDER: address]