Legal
Privacy Policy
We collect only what we need. We will never sell your data.
Key points
Your data stays local. Documents you work with are processed on your machine. We don't receive them.
Minimal collection. We only hold your email address and license info — nothing more.
Never sold. We will never sell, rent, or trade your data to brokers or advertisers.
Delete on request. Ask us to delete your data and we will. No questions, no delays.
CircuitForge LLC — Privacy Policy
Last updated: March 2026 Effective date: March 2026
This policy applies to all CircuitForge LLC products and services, including Peregrine and any future products in the CircuitForge menagerie.
The short version
- Your personal data stays on your machine. The core pipeline in every CircuitForge product runs locally. We do not receive, transmit, or store the documents, forms, letters, or personal details you work with.
- We collect only what is strictly necessary to operate the service — primarily your email address for license delivery.
- We will never sell your data to data brokers, advertisers, or any third party. Ever.
- You can request deletion of everything we hold about you at any time, and we will comply promptly. We would rather delete your data than hold it.
- If you use a cloud LLM with your own API key, your data goes to that provider under their terms — not ours. We recommend reading their policies too.
1. Who we are
CircuitForge LLC is a California limited liability company building privacy-first, accessible AI tools for high-stakes, time-consuming tasks. Our registered address is in Pinole, California.
Contact for privacy matters: privacy@circuitforge.tech
2. The data we collect — and why
2a. License and account data
When you purchase a license or create an account, we collect:
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | To deliver your license key and send essential service emails | Until you request deletion |
| License key | To validate your subscription or lifetime license | Until license expires or you request deletion |
| Purchase tier and date | To determine what features you are entitled to | Until you request deletion |
| Payment source type | To distinguish lifetime vs. subscription licenses | Until you request deletion |
We do not store your payment card number, bank details, or full payment information. Payments are processed by PayPal or Stripe, each subject to their own privacy policy. We receive only a confirmation and your email address.
2b. Support and communications
If you contact us for support, we collect the content of that communication and your email address. We use this only to respond to you. We do not add you to marketing lists without your explicit consent.
2c. What we do NOT collect
- We do not use third-party analytics (no Google Analytics, Mixpanel, or equivalent).
- We do not embed tracking pixels or advertising SDKs in our products.
- We do not collect behavioral data, usage telemetry, or session recordings.
- We do not collect IP addresses for tracking purposes (server logs may capture IPs transiently for security and uptime purposes; these are not linked to your identity and are not retained beyond 30 days).
3. Your personal data stays local
Every CircuitForge product is designed so that the data you work with — job applications, cover letters, government forms, medical records, accommodation requests, immigration documents, disability diagnoses, financial information, or any other personal content — is processed locally on your machine by default. How much of that data leaves your device depends on which LLM mode you have configured:
| LLM Mode | Where your data goes |
|---|---|
| Local model (Ollama, vLLM — free tier or BYOK) | Never leaves your machine |
| BYOK cloud key (your own Anthropic/OpenAI key) | Sent to that provider under their privacy policy; CircuitForge does not receive it |
| CircuitForge-managed cloud (future Paid tier) | Sent to our LLM backend; see below |
Local model (recommended for sensitive data)
If you run a local model, your data never leaves your machine at all. This is the highest privacy configuration and our recommendation for anyone working with particularly sensitive content — disability diagnoses, immigration status, medical records, benefits applications.
BYOK — bring your own API key
If you configure your own cloud API key (Anthropic, OpenAI, or another provider), your prompts and document excerpts are sent directly to that provider. CircuitForge does not receive, see, or store them. Your data is governed by that provider's privacy policy for the duration of the request. Review their policies before using a cloud key with sensitive data.
CircuitForge-managed cloud LLM (future Paid tier)
When CircuitForge operates its own cloud LLM backend, your prompts will pass through our infrastructure to reach the underlying model. In that case:
- Prompts are forwarded in transit but not stored after the request completes
- We will update this policy with specific retention and processing details before that feature launches
- You will always have the option to use a local model or BYOK instead
4. Medical and sensitive data — our commitment
CircuitForge products may help you navigate healthcare systems, prior authorizations, disability accommodations, benefits applications, and similar processes. This means you may work with some of the most sensitive personal information that exists.
Are we HIPAA-covered?
CircuitForge LLC is not a HIPAA covered entity (we are not a healthcare provider, health plan, or clearinghouse) and we are not acting as a business associate under HIPAA because we do not receive, process, or store Protected Health Information (PHI) on behalf of any covered entity.
However, we think the architectural reality is more protective than HIPAA compliance would require: your health information never reaches our servers in the first place. The local-first design means your medical records, diagnoses, prescription details, prior auth letters, and any other health-related content you work with stay on your device. We cannot access, sell, or breach data we never receive.
What this means in practice
- If you use a local LLM, your health information never leaves your machine at all.
- If you use BYOK with a cloud provider, your prompts go to that provider under their terms — not ours. For sensitive health data, a local model is strongly recommended.
- If you use a CircuitForge-managed cloud LLM (future Paid tier), prompts pass through our infrastructure in transit but are not stored after the request completes. We will update this section with specifics before that tier launches.
- For the highest level of privacy with health-related data, use a local model.
5. California residents — CCPA rights
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights:
Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and any third parties with whom we have shared it.
Right to delete: You may request that we delete your personal information. We will comply unless we are required to retain it by law or to complete a transaction you requested.
Right to correct: You may request correction of inaccurate personal information we hold.
Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of, but you may contact us to confirm this in writing.
Right to limit use of sensitive personal information: We collect minimal sensitive personal information (only what is necessary to operate the service). We do not use sensitive personal information for purposes beyond service delivery.
Right to non-discrimination: We will not discriminate against you for exercising any of these rights. Exercising your privacy rights will not affect your service, pricing, or license.
How to submit a CCPA request: Email privacy@circuitforge.tech with subject line "CCPA Request — Right you are exercising". We will verify your identity (typically by confirming the email address associated with your license) and respond within 45 days. If we need more time, we will notify you and may extend the response period by an additional 45 days (90 days total), as permitted by law.
6. EEA, UK, and Swiss residents — GDPR rights
If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national laws give you the following rights regarding your personal data:
Lawful basis for processing: We process your personal data on the following lawful bases:
- Contract: Processing your email address and license data is necessary to deliver the service you purchased.
- Legitimate interests: Server logs for security and uptime purposes, and fraud prevention.
Your rights under GDPR:
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you |
| Rectification (Art. 16) | Request correction of inaccurate data |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") |
| Restriction (Art. 18) | Request we limit how we process your data while a dispute is resolved |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw consent | Where processing is based on consent, withdraw it at any time |
How to submit a GDPR request: Email privacy@circuitforge.tech with subject line "GDPR Request — Right you are exercising" and your country of residence. We will respond within 30 days. If we need more time (for complex or multiple requests), we will notify you and may extend by a further 60 days.
Right to lodge a complaint: If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
Data transfers: Our infrastructure is hosted in the United States. If you are located in the EEA or UK, your personal data (email and license data) is transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) as the transfer mechanism where required.
7. How we use data
We use the data we collect only to:
- Deliver and validate your license
- Send transactional emails you have requested (license delivery, renewal reminders)
- Respond to support requests
- Comply with legal obligations
We do not use your data for advertising, profiling, or any purpose beyond the above.
8. Data sharing
We do not sell, rent, trade, or share your personal data with third parties for commercial purposes — ever. Full stop.
We may share data only in the following narrow circumstances:
- Payment processors: PayPal and Stripe receive your payment information to complete transactions. We have no control over their practices; please review their privacy policies.
- Legal requirements: If compelled by a valid court order or legal process, we will comply with applicable law and will notify you to the extent permitted.
- Business continuity: In the event of a merger, acquisition, or sale of assets, any acquirer would be bound by this policy or required to provide equivalent protections before your data is transferred.
9. Your rights (summary)
Regardless of where you live, we honor the following rights:
| Right | What it means | How to exercise it |
|---|---|---|
| Access | See what data we hold about you | Email privacy@circuitforge.tech |
| Correction | Fix inaccurate data | Email privacy@circuitforge.tech |
| Deletion | We delete everything we hold about you | Email privacy@circuitforge.tech |
| Portability | Receive your data in a machine-readable format | Email privacy@circuitforge.tech |
| Opt-out of communications | Stop receiving non-essential emails | Unsubscribe link in any email, or contact us |
We will respond to all privacy requests within 30 days. For deletion requests, we will confirm completion. We will not ask you to justify a deletion request.
California residents have additional rights under the CCPA, including the right to know the categories of personal information collected and the right to non-discrimination for exercising privacy rights. We honor all CCPA rights for all users, not only California residents.
10. Data retention
We retain your data only as long as necessary:
- Active license: We retain license and email data for the duration of your license plus 90 days (to handle renewal grace periods and support requests).
- Expired license: Data is deleted 90 days after your license expires unless you request earlier deletion.
- Lifetime license: Data is retained for the life of the product unless you request deletion.
- Support communications: Retained for 12 months after resolution, then deleted.
- Server logs: Retained for 30 days for security and uptime purposes, then deleted.
You can request deletion at any time regardless of these retention periods, and we will comply.
11. Security
We take reasonable technical and organizational measures to protect your data:
- Our license server and infrastructure are self-hosted on hardware we physically control.
- License tokens use RS256 JWT with 30-day refresh and 7-day grace periods.
- We do not store payment card data — all payment processing is handled by PCI-compliant third-party processors.
- Access to production systems is restricted to CircuitForge staff on a need-to-know basis.
No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you promptly.
12. Children
Our products are designed for adults navigating complex bureaucratic and administrative tasks. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it immediately.
13. Changes to this policy
If we make material changes to this policy, we will notify you by email (if we have your address) and update the "Last updated" date above. We will not retroactively apply material changes to data collected under a prior version of this policy without your consent.
14. Contact
For any privacy-related questions, requests, or concerns:
CircuitForge LLC Pinole, California privacy@circuitforge.tech
We are a small team and take privacy questions seriously. You will hear from a human.
15. Voluntary data contributions (beta and research)
This section applies only to features explicitly labeled as voluntary research or beta participation. It does not apply to standard product builds.
Some CircuitForge products include an optional, off-by-default feature allowing you to contribute anonymized data to help improve the product. Participation is always voluntary. Three rules govern every such program, derived directly from the CircuitForge design philosophy:
1. Privacy — anonymized and default-off Contributed data is anonymized on your device before transmission. No personally identifiable information leaves your machine as part of a voluntary program. The program is off by default; you must explicitly enable it. You are shown exactly what will be collected before you decide.
2. Safety — reversible, no pressure, no consequence You may withdraw from any voluntary program at any time. Withdrawing deletes your contributions from our systems within 30 days. Declining has no effect on your service, features, pricing, or license. We will never use dark patterns, urgency framing, or incentive manipulation to encourage participation.
3. Accessibility — plain language, single toggle, disclosed upfront Every voluntary program is described in plain language: what is collected, why, how long it is retained, and who sees it. Consent is a single clear on/off control — not buried in settings and never bundled with other permissions.
Currently active programs: None. This section will be updated when the first beta program launches.
Dev and test builds
CircuitForge development and test builds — explicitly labeled as such in the UI — may collect anonymized usage analytics by default to support active development. These builds are not distributed publicly. If you are running a dev or test build, that fact is displayed prominently in the interface, and a toggle to disable analytics is always available.
CircuitForge LLC is not a law firm and this policy does not constitute legal advice. If you have specific legal questions about your rights, please consult a qualified attorney.