Who we are
pkmnforge is operated by a sole proprietor doing business as "pkmnforge". For GDPR/CCPA purposes, this operator is the data controller and business responsible for your personal information. Contact: privacy@pkmnforge.com
What we collect
We collect the minimum data needed to operate the service:
- Google Sign-In: your name, email address, Google account ID, and profile picture URL. We never receive your Google password, contacts, or Drive contents.
- PayPal (subscriptions): a subscription identifier, PayPal payer ID, subscription status, and billing email. We never see, store, or process your card or bank details — PayPal handles that directly.
- Trade orders: the Pokémon configuration you submit (species, moves, item, ball, ability, and similar gameplay data), associated with your account for fulfillment.
- Server logs: IP address, browser user-agent, pages visited, and timestamps — retained up to 90 days for debugging and security.
Cookies
One first-party session cookie identifies your signed-in session. We use no analytics cookies, advertising cookies, cross-site tracking, or third-party tracking pixels. We currently use no analytics product (Google Analytics, Plausible, etc.).
How we use it
Account info identifies you and routes the right Pokémon to the right person. Subscription data manages your billing tier. We use server logs to debug errors and prevent fraud. We do not sell your personal information or share it for cross-context behavioral advertising.
Who we share data with
We share data only with the services we depend on to operate: Google for authentication, PayPal for billing, and Railway for hosting. We may disclose information when required by law (subpoena, court order, or lawful government request).
Retention
Account data is kept while your account is active and removed within 30 days of deletion. Subscription and payment records are retained for up to 7 years for tax compliance. Order history is kept for up to 90 days after account deletion. Server logs are deleted or anonymized after 90 days.
Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your data; to opt out of sale (not applicable — we don't sell); and to lodge a complaint with your local data protection authority. To exercise any right, email privacy@pkmnforge.com from your account email. We respond within 30 days (GDPR) or 45 days (CCPA).
Children
The service is not directed at children under 13 (US) or under 16 (EU/UK). If you believe we have collected information from a child, email privacy@pkmnforge.com and we will delete it.
Security
All connections use HTTPS. Authentication is delegated to Google; payment processing is delegated to PayPal — we never handle your password or card details directly. No system is perfectly secure; if we become aware of a breach we will notify you as required by law.
Changes
We may update this policy as the service evolves. Material changes will update the effective date above and, where appropriate, be communicated by email or in-app notice before taking effect.
Contact
Questions, access requests, or appeals: privacy@pkmnforge.com