RobotForge

Privacy

Privacy & data handling

Plain English. No legalese. If something here is unclear or you spot a gap, email hi@robotforge.org and we'll fix it.

Your AI provider keys (BYOK)

AI features in RobotForge require a key from a provider you choose (Anthropic, OpenAI, or Google). We do not store these keys on our servers.

Where your key lives

When you paste your key into the AI panel, it is saved in your browser's localStorageon the device you used. Different devices (or browsers, or incognito sessions) do not share this storage — you'll need to paste your key on each one.

How an AI request flows

  1. Your browser attaches your key as an HTTP header to a request sent over HTTPS to our server.
  2. Our server immediately forwards the request to the provider you chose, attaching your key as the provider expects.
  3. The response comes back through our server to your browser. Your key is then discarded from server memory — it is never persisted.

What we do NOT do

  • We do not log your API key. Anywhere.
  • We do not write your API key to our database.
  • We do not share your API key with anyone, ever.
  • We do not have access to your provider account.
  • We do not see or store the content of your AI prompts beyond what is required to forward the request (the request is in memory only for the duration of the call).

What you should know

  • You pay your provider directly— we never see your provider charges, and we don't add any markup. Whatever Anthropic / OpenAI / Google bills you is between you and them.
  • You are responsible for keeping your key secure on your own devices. If your browser is compromised, your key is too.
  • You can remove your key at any timeby clicking the field and clearing it, or by clearing your browser's site data for robotforge.org.
  • We cannot recover your key for you— we don't have it. If you lose it, generate a new one from your provider.
  • Provider terms apply.Your use of an AI provider via RobotForge is subject to that provider's terms of service, acceptable use policy, and data handling. We are not party to that relationship.

Account data

If you sign in with Google, we store your email address and a public-ish handle so we can show your name on projects and comments you submit. We do not receive your Google password and we do not have permission to read your Gmail, Drive, or anything else outside basic profile info.

Cloud-saved projects, simulator runs, and CAD scenes (Member tier only) are stored on Cloudflare D1 keyed to your user id. You can delete them at any time from your dashboard.

Payments

Payments are processed by Stripe. We never see your card number — Stripe sends us only the IDs (customer, subscription) needed to know that your subscription is active. To update your payment method or cancel, use the Manage subscription button on your billing page, which opens Stripe's own portal.

Cookies & tracking

We use only the cookies needed to keep you signed in (NextAuth session cookie) and to remember your preferences (theme, last-open panel). No advertising trackers, no analytics that follow you across sites, no third-party pixels.

Newsletter

If you subscribe to the newsletter, we store your email address only for that purpose. We never sell, rent, or share email addresses. Every email has a one-click unsubscribe link.

Questions?

Email hi@robotforge.org for any privacy question, data export, deletion request, or general concern. We aim to reply within two business days.

Last updated: June 4, 2026