Privacy Policy

Effective date: March 14, 2026 · Last updated: March 14, 2026

PersonaForge ("we," "us," or "our") operates the PersonaForge platform at personaforge.xyz. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

1.1 Account Information

When you create an account we collect your name, email address, and authentication credentials. If you sign in through a third-party provider (Google, GitHub) we receive the profile information that provider shares.

1.2 Billing Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers. We receive a transaction identifier, plan type, and billing status from Stripe.

1.3 Photos and Media You Upload

To train your personal AI Twin (LoRA model) you upload reference photos of yourself. These images are stored in our secure cloud storage (Supabase Storage) and transmitted to our AI infrastructure provider (Fal.ai) for the duration of the training process.

1.4 Facial and Biometric Data

Training a LoRA model involves processing your facial features to build a personalized generative model. Under certain jurisdictions (including the EU, Illinois BIPA, and others) this may constitute biometric data processing. By uploading photos and initiating training, you provide explicit consent to this processing solely for the purpose of creating your personal AI Twin. We do not use your facial data for surveillance, identification of third parties, or any purpose other than your personal AI Twin.

1.5 Generated Content

We store the images and videos you generate, along with the prompts and parameters you used, so they appear in your gallery and usage history.

1.6 Technical and Usage Data

We automatically collect your IP address, browser type, device information, pages visited, and interaction events. We use PostHog for product analytics and Sentry for error tracking.

2. How We Use Your Information

Provide, maintain, and improve the PersonaForge platform.
Train your personal AI Twin model from uploaded photos.
Generate images and videos based on your prompts.
Process payments and manage your subscription.
Send transactional emails (via Resend) such as training status updates.
Monitor service health, debug errors, and prevent abuse.
Comply with legal obligations.

3. AI Training and Your Data

Your uploaded photos are used exclusively to train your personal LoRA model. We do not use your photos, generated outputs, or prompts to train shared or foundational AI models. Your content is never used to improve models for other users.

Our AI infrastructure provider, Fal.ai, processes your data during training and generation. Per their data processing terms, input data is deleted from their servers after the task completes and is not retained for their own model training.

4. Data Sharing and Disclosure

We share your information only in the following cases:

Service providers: Fal.ai (AI training and generation), Supabase (database and storage), Stripe (payments), Resend (transactional email), PostHog (analytics), Sentry and Axiom (error monitoring), Vercel (hosting).
Legal requirements: When required by law, subpoena, or government request.
Business transfer: In connection with a merger, acquisition, or sale of assets, with prior notice to you.

We do not sell your personal data to third parties.

5. Data Retention

Data type	Retention
Account information	Until you delete your account
Training photos	Until you delete your Twin or account
LoRA model weights	Until you delete your Twin or account
Generated content	Until you delete items or your account
Usage and analytics data	Up to 24 months, then aggregated or deleted
Billing records	As required by tax and accounting law

6. Data Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encrypted storage, Row-Level Security in our database (Supabase), and role-based access controls. Despite these measures, no system is perfectly secure and we cannot guarantee absolute security.

7. International Data Transfers

Our services and infrastructure providers operate in the United States and the European Union. If you access PersonaForge from outside these regions, your data may be transferred internationally. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data ("right to be forgotten").
Export your data in a portable format.
Withdraw consent for biometric data processing.
Object to or restrict certain processing.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@personaforge.xyz. We respond within 30 days.

9. Children's Privacy

PersonaForge is not intended for anyone under 16 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by placing a notice on our website at least 14 days before the changes take effect. Your continued use of PersonaForge after the effective date constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@personaforge.xyz.