LuauForge

Privacy Policy

Last updated: 6 July 2026

This Privacy Policy explains what information LuauForge, operated by Dylan Ratcliffe ("we," "us," "our"), a sole trader based in the United Kingdom, collects, why, and how it's handled, in accordance with the UK GDPR and the Data Protection Act 2018.

1. Information We Collect

Account information: your email address and a securely hashed password (we never store your actual password).

Usage content: the prompts you write and the code/content generated in response, so you can revisit past generations in your project history.

Payment information: we do not see or store your card details. Purchases are processed entirely by Stripe, our payment processor; we only retain a record of the transaction (amount, credits granted, and a reference ID) for your purchase history and support purposes.

Technical information: standard server logs (IP address, timestamps, error data) used for security, abuse prevention, and debugging.

We do not use tracking cookies for advertising, and we do not sell your data to anyone.

2. Our Legal Basis for Processing (UK GDPR)

3. How We Use Your Information

4. Who We Share Data With

We share data only with the service providers necessary to run LuauForge:

ProviderPurposeWhat they receive
Anthropic (Claude API)Generates the actual code/content from your promptThe text of your prompt and, for follow-up requests in the same project, prior prompts/outputs in that thread
StripePayment processingYour payment details directly (we never see or store your card number)
SupabaseStores account and application dataAccount/application data described above
VercelRuns the applicationData in transit/at rest as part of hosting the app

We do not sell, rent, or otherwise share your data with third parties for their own marketing purposes.

5. International Data Transfers

Several of our service providers are based outside the UK (for example, in the United States). Where your data is transferred outside the UK, we rely on the safeguards those providers offer for international transfers — the UK International Data Transfer Agreement (IDTA) or the UK's extension to the EU Standard Contractual Clauses. Confirmed in place with Anthropic, Stripe, and Vercel as of 2026-07-06; Supabase's equivalent addendum is signed separately as part of account setup.

6. Data Retention

We retain your account and generation history until you delete your account. You can request deletion at any time (see Section 8). We may retain minimal records (e.g., transaction history) longer where required for legal, tax, or fraud-prevention purposes.

7. Security

We use industry-standard practices to protect your data, including password hashing and encrypted connections. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your Rights

Under UK GDPR, you have the right to:

To exercise any of these, contact us at LuaForgesupport@gmail.com. We will respond within one month, as required by law.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data properly.

9. Children's Privacy

The Service is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

11. Contact

Questions about this policy or your data: LuaForgesupport@gmail.com