Privacy Policy
1. Who we are
Forgio is operated by Forgio Ltd, based in Leicestershire, England. We are the data controller for personal data collected through our website (forgio.co.uk), our AI chat widget, and related services.
Contact: james@forgio.co.uk
2. What data we collect
We collect the following categories of personal data:
2.1 Data you provide directly
- Contact details — name, email address, phone number, company name, job title (provided during AI chat conversations or via contact forms)
- Project enquiry details — technical specifications, dimensions, timelines, drawings, and other project information shared during conversations with the Forgio AI
- Account information — email address and company name when signing up for notifications or booking a demo
2.2 Data collected automatically
- Usage data — pages visited, time spent, features used, conversation duration
- Device data — browser type, operating system, screen resolution, IP address
- Cookies — essential cookies only, used to maintain chat sessions (see Section 7)
2.3 Data collected on behalf of our customers
When you interact with the Forgio widget on a customer's website, we process your conversation data on behalf of that customer (the data controller). Our customer determines how that data is used. We act as a data processor in this context.
3. How we use your data
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Processing your enquiry through the AI chat and generating a structured RFQ | Legitimate interest (providing the service you've engaged with) |
| Delivering the RFQ to the business whose website you used | Legitimate interest (fulfilling the business's service) |
| Sending you a confirmation that your enquiry was received | Legitimate interest |
| Notifying you when a requested industry vertical goes live | Consent (you opted in via the "Notify me" form) |
| Responding to your direct enquiries to Forgio | Legitimate interest / pre-contractual steps |
| Improving our AI and services | Legitimate interest |
| Fraud prevention and security | Legitimate interest |
4. AI processing
Forgio uses artificial intelligence (powered by Anthropic's Claude API) to process your conversation and generate structured enquiry summaries. This means:
- Your conversation text is sent to Anthropic's servers for processing
- Anthropic processes the data as our sub-processor and does not use your data to train their models
- The AI generates a structured summary (RFQ) which is stored and emailed to the relevant business
- No automated decisions with legal or significant effects are made solely by the AI
5. Who we share your data with
- The business whose website you used — they receive the structured RFQ containing your contact details and project specifications. They are a separate data controller for this data.
- Anthropic — processes conversation data to generate AI responses (sub-processor, US-based, with appropriate safeguards)
- Railway — hosts our backend infrastructure (sub-processor, EU region)
- Vercel — hosts our website (sub-processor)
- Resend — delivers RFQ emails (sub-processor)
- Zoho — email service provider (sub-processor, EU)
We do not sell your personal data to anyone. We do not share your data with advertisers.
6. International transfers
Some of our sub-processors (Anthropic, Vercel) are based in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions as applicable.
7. Cookies
We use only essential cookies required for the chat widget to function (maintaining your conversation session). We do not use advertising cookies, tracking pixels, or analytics cookies that identify individuals. No cookie consent banner is required for strictly necessary cookies under UK GDPR.
8. How long we keep your data
- Conversation data and RFQs — retained for 12 months from the date of the enquiry, then deleted
- "Notify me" signups — retained until you unsubscribe or the relevant vertical launches, whichever is sooner
- Customer account data — retained for the duration of the customer relationship plus 6 years (legal/accounting requirements)
- Server logs — retained for 30 days
9. Your rights
Under UK GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data (subject to legal obligations)
- Right to restrict processing — request we limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent
To exercise any of these rights, email james@forgio.co.uk. We will respond within 30 days.
10. Data security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (HTTPS/TLS on all connections)
- Encrypted database storage
- Access controls limiting who can view personal data
- Regular security reviews
11. Children
Forgio is a B2B service designed for business use. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
13. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by posting a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.