Privacy Policy

The data controller for your personal data is the owner of Foreword, based in Spain.

Contact email: team@myforeword.app

We collect different types of information depending on how you interact with the Service:

Account Data

• Email address — Provided when you sign up with Google OAuth
• Name — Associated with your Google account
• Profile picture — From your Google account (optional)

Connection Data

• OAuth access tokens — To connect with services like Google Analytics, YouTube, Stripe, etc.
• Account identifiers — IDs needed to access your data in connected services

Note: Tokens are stored encrypted with AES-256 and never shared with third parties.

Usage Data

• Briefing preferences (time, frequency, alerts)
• Generated briefing history
• Security access logs

We use the collected data to:

• Provide and maintain the Service
• Generate your personalized daily briefings
• Send you emails with your briefing (if enabled)
• Detect and notify significant changes in your metrics
• Improve and optimize the Service
• Communicate with you about the Service
• Prevent fraud and ensure security

We process your personal data under the following legal bases:

• Contract performance — To provide the Service you have contracted
• Consent — For optional communications and third-party service connections
• Legitimate interest — To improve the Service and prevent fraud

We use cookies and similar technologies for:

• Essential cookies — Necessary for Service operation (authentication, session)
• Preference cookies — To remember your settings

We do not use third-party cookies for advertising or tracking.

We use the following third-party services to provide the Service:

Supabase

Database and authentication. Data is stored in the European Union.

Stripe

Payment processing. Stripe complies with PCI-DSS level 1 and GDPR.

Resend

Transactional email sending (briefings, alerts).

Google APIs

For Google Analytics and YouTube integrations. The use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements.

Your data is primarily stored on servers located in the European Union. When necessary to transfer data outside the EEA (for example, for payment processing with Stripe), we ensure adequate safeguards exist, such as:

• Standard contractual clauses approved by the European Commission
• European Commission adequacy decisions

We retain your personal data while you maintain an active account with us. When you delete your account:

• Your profile data is deleted immediately
• Access tokens are deleted immediately
• Security logs are retained for 30 days
• Billing data is retained as required by law (up to 10 years)

Under GDPR, you have the following rights over your personal data:

• Access — Request a copy of your data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data
• Portability — Receive your data in structured format
• Objection — Object to processing of your data
• Restriction — Restrict processing of your data

To exercise these rights, contact us at team@myforeword.app

We implement technical and organizational security measures to protect your data:

• AES-256 encryption for access tokens
• HTTPS connections for all communications
• Secure OAuth 2.0 authentication
• Need-based restricted access to data
• Continuous security monitoring

The Service is not directed at persons under 16 years of age. We do not knowingly collect data from minors. If we discover we have collected data from a minor without verifiable parental consent, we will delete it.

We may update this Privacy Policy periodically. We will notify you of significant changes by email or through a notice in the Service.

If you have questions about this Privacy Policy or how we handle your data, you can contact us at:

Email: team@myforeword.app