Legal

Privacy Policy

Last updated: June 1, 2026

Draft for review. This policy is a working draft describing how Forven is built. Have it reviewed by counsel and confirm the processor list against your live infrastructure before relying on it.

Forven is a local-first desktop research tool for retail quant traders. This policy explains what the Forven website and account system collect and how that information is used. It covers forven.app and the account/device-linking service — not the strategies, market data, or trades you run inside the desktop app, which stay on your machine (see “What stays on your machine”).

Information we collect

  • Account email. When you create an account or request a magic link, we store your email address to authenticate you.
  • Google sign-in profile.If you sign in with Google, we receive your name, email, and profile image from Google's OAuth service.
  • Authentication cookies. A session cookie keeps you signed in. It is strictly necessary for the service to function.
  • Device links. When you link the desktop app, we store a per-device token and an optional device name so you can review and revoke devices from your account.
  • Waitlist email. If you ask to be notified (for example, about the macOS build), we store that email until you ask us to remove it.
  • Server logs. Standard request logs (IP address, user agent, timestamps) used for security and debugging.

What stays on your machine

Forven is local by default. Your strategies, market data, backtest and gauntlet runs, and any exchange or LLM API keys you provide are stored on your own device and are not transmitted to or stored by Forven unless you explicitly connect an external service. We never receive your trading keys.

How we use information

  • To authenticate you and keep your beta access in sync.
  • To operate, secure, and debug the website and account service.
  • To contact you about your account or, if you opted in, product updates.

We do not sell your personal information, and we do not use advertising or cross-site tracking cookies.

Processors we rely on

We share the minimum data necessary with infrastructure providers that process it on our behalf:

  • Google — OAuth sign-in (if you choose Google login).
  • Resend — delivery of magic-link and notification emails.
  • Neon — managed Postgres database hosting account data.
  • [Hosting provider] — website and serverless function hosting. (Confirm and name your host before publishing.)

Retention and deletion

We keep account data for as long as your account is active. You can request deletion of your account, linked devices, or waitlist email at any time by emailing privacy@forven.app.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact us to exercise them. We will respond within the period required by applicable law.

Children

Forven is not directed to anyone under 18 and we do not knowingly collect their data.

Changes

We will update this page when our practices change and revise the “last updated” date above.

Contact

Questions about privacy? Email privacy@forven.app.