Last updated: April 2026

Privacy Policy

ModelForge (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ModelForge platform at modelforge.com.au (“Service”). Please read this policy carefully. By using the Service, you consent to the data practices described herein.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect personal information through our authentication provider, Clerk. This may include:

• Full name
• Email address
• Profile photo (if provided)
• Authentication credentials (managed securely by Clerk)

1.2 Payment Information

If you subscribe to a paid plan, payment information is collected and processed by Stripe. We do not store your full credit card number, bank account details, or other sensitive payment information on our servers. We may receive from Stripe limited details such as:

• Last four digits of your payment card
• Card brand and expiry date
• Billing address
• Transaction history and subscription status

1.3 Usage Data

We collect anonymous usage analytics through Vercel Analytics to understand how the Service is used and to improve the user experience. This may include:

• Pages viewed and features accessed
• Session duration and frequency of use
• Device type, browser type, and operating system
• Geographic location (country/region level only)
• Referral source

1.4 User-Generated Content

Your financial models, data inputs, assumptions, and analyses (“User Content”) are stored locally in your browser via localStorage. We do not transmit or store your User Content on our servers unless you explicitly use a feature that requires server-side processing (e.g., data imports via the FMP API).

1.5 Financial Data from Third Parties

When you use our data import features, we retrieve publicly available financial data from Financial Modeling Prep (FMP API) on your behalf. These API calls are proxied through our servers to protect our API credentials, but the retrieved data is delivered directly to your browser and is not stored on our servers.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process subscriptions, payments, and billing.
• Authenticate your identity and secure your account.
• Communicate with you about your account, updates, and support enquiries.
• Analyse usage patterns to improve features and user experience.
• Detect, investigate, and prevent fraudulent or unauthorised activity.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

• Encryption of data in transit using TLS/SSL.
• Secure authentication through Clerk with support for multi-factor authentication.
• Payment data handled exclusively by PCI-DSS compliant Stripe infrastructure.
• Regular security reviews and updates of our platform dependencies.
• Access controls limiting employee access to personal data on a need-to-know basis.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach as required by applicable law.

4. Third-Party Services

We use the following third-party services to operate the platform. Each service has its own privacy policy governing how it handles your data:

• Clerk — Authentication and user management. Clerk Privacy Policy
• Stripe — Payment processing and subscription management. Stripe Privacy Policy
• Vercel — Application hosting and analytics. Vercel Privacy Policy
• Financial Modeling Prep (FMP) — Financial data API for historical company data. FMP Terms

We only share the minimum information necessary with each provider to deliver the Service. We do not share your User Content with any third party.

5. Cookies & Tracking

ModelForge uses a minimal set of cookies and similar technologies:

• Essential cookies — Required for authentication and session management (set by Clerk). These cannot be disabled as they are necessary for the Service to function.
• Analytics — Vercel Analytics collects anonymous, aggregated usage data. Vercel Analytics is privacy-focused and does not use cookies for tracking. No personally identifiable information is collected through analytics.
• Local storage — We use your browser’s localStorage to persist your financial models and application preferences locally on your device.

We do not use advertising cookies, tracking pixels, or third-party marketing trackers.

6. Your Rights

6.1 Australian Privacy Act

If you are located in Australia, you have rights under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including:

• The right to access the personal information we hold about you.
• The right to request correction of inaccurate or incomplete information.
• The right to complain about a breach of the APPs.

6.2 GDPR Rights (International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with similar data protection laws, you may have additional rights under the General Data Protection Regulation (GDPR), including:

• Right of access — Request a copy of your personal data.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your personal data (“right to be forgotten”).
• Right to restrict processing — Request that we limit how we use your data.
• Right to data portability — Receive your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interests.
• Right to withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details in Section 10 below. We will respond to your request within 30 days (or as required by applicable law).

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
• Payment records — Transaction records are retained as required by tax and financial reporting obligations (typically 7 years in Australia).
• Usage analytics — Aggregated, anonymised analytics data may be retained indefinitely as it cannot be used to identify individuals.
• User Content — Stored locally in your browser. We do not retain copies of your financial models on our servers.

8. Children’s Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Users between the ages of 13 and 18 must have the consent and supervision of a parent or legal guardian to use the Service.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page.
• Provide notice via email or in-app notification for significant changes.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).