CommerceForge Pricing →

Legal

Privacy Policy

Last updated: March 2026 · CommerceForge

1. Introduction

CommerceForge ("we", "us", "our") operates the website commerceforge.dev and sells CommerceForge (the "Product"). This Privacy Policy explains what personal data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and applicable Italian law.

2. Data We Collect

We collect the following categories of personal data:

  • Purchase data — name, email address, billing address, and payment details processed by our payment provider (Lemon Squeezy).
  • Account data — email address used to grant access to the private GitHub repository.
  • Usage data — IP address, browser type, pages visited, and referrer, collected automatically via server logs.
  • Communications — messages you send to our support email, including name and email address.

3. How We Use Your Data

We use your personal data to:

  • Process and fulfill your purchase (legal basis: contract performance).
  • Deliver the Product and grant repository access (legal basis: contract performance).
  • Send transactional emails, e.g. purchase receipt and access instructions (legal basis: contract performance).
  • Respond to support requests (legal basis: legitimate interest).
  • Monitor website reliability and protect against abuse (legal basis: legitimate interest).
  • Comply with legal obligations, including tax and accounting requirements (legal basis: legal obligation).

We do not sell or rent your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Payment Processing

Payments are processed by Lemon Squeezy (a Stripe company), which acts as the Merchant of Record. We do not store your full payment card details. Lemon Squeezy's privacy policy is available at www.lemonsqueezy.com/privacy.

5. Cookies and Tracking

commerceforge.dev does not currently use optional analytics or marketing cookies on the public marketing site.

  • Strictly necessary — basic hosting and security related processing may occur at the infrastructure level.
  • Checkout provider cookies — if you proceed to purchase, if you proceed to purchase via Lemon Squeezy, Lemon Squeezy may set its own cookies or similar technologies on its checkout pages under its own policies.

If optional analytics or marketing tools are added in the future, this policy will be updated before those tools are activated.

6. Third-Party Services

We use the following third-party processors that may receive personal data:

  • Lemon Squeezy — payment processing and order management.
  • GitHub (Microsoft) — private repository access delivery.
  • Google Fonts — font delivery for the public marketing site (IP address may be logged by Google).

All processors are bound by data processing agreements and, where applicable, EU Standard Contractual Clauses for international transfers.

7. Data Retention

We retain purchase and billing records for 10 years to comply with Italian tax law. Support communications are retained for 2 years. Basic hosting and server log data is retained only as long as reasonably necessary for security and operational purposes. You may request deletion of your personal data at any time (subject to our legal retention obligations).

8. Your Rights (GDPR)

If you are located in the EU/EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@commerceforge.dev. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garanteprivacy.it.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. Payments are encrypted via TLS and handled entirely by Lemon Squeezy. We do not store payment card data on our servers.

10. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (e.g. the United States, where GitHub and Lemon Squeezy operate). Such transfers are governed by EU Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will notify active customers by email where required by law.

12. Contact

Data controller: CommerceForge.
For privacy-related inquiries, contact us at hello@commerceforge.dev.