▸ PRIVACY · YOUR DATA, YOUR DEVICE

Privacy
Policy

Service: Yahavi Forge Effective: 17 June 2026 Version: 1.0

Forge is built privacy-first. Your AI provider keys and the resume/job text you type are processed in your own browser and are never stored on Hackknow servers. We only hold the minimal account data needed if you choose to sign in. This policy explains exactly what we do and don't collect.

01Who we are

Yahavi Forge is operated by Hackknow, a digital-products brand run by Gagan Chauhan, based in Delhi, India. For privacy purposes, Hackknow is the data controller (or, where applicable, the "Data Fiduciary" under India's Digital Personal Data Protection Act, 2023) for the limited account data described below.

02Privacy-first design

▸ The core promise Your API keys live only in your browser's local storage. The resume and job-description text you enter is sent directly from your browser to the AI provider you choose, using your key. None of it passes through or is stored on Hackknow servers.

This means the most sensitive things you put into Forge never reach us. When you clear your browser data, your keys and locally-saved preferences are gone.

03What we collect

We collect different categories depending on whether you sign in:

Category	Examples	When
Account data	Email address, display name, avatar URL, auth provider (Google/GitHub/email), user ID	Only if you create / sign in to a HackKnow account
Authentication	Login timestamps, IP/device used for a login, session tokens	Only when signed in (handled by Supabase)
Entitlements / usage	Plan or feature access, basic tool-usage counts tied to your account	Only when signed in
Local-only data	Your API keys, tool preferences, in-progress text	Stored on your device only — we can't see it
Technical	Standard server/CDN logs (IP, user-agent, timestamps) from Cloudflare	When you visit, for security & reliability

04What we don't collect

Your AI provider API keys — never transmitted to us.
Your resume / job-description content — processed in-browser and sent only to your chosen AI provider; not stored on our servers.
We do not sell your personal data, and we do not use third-party advertising or cross-site tracking.

05How we use data

Where we do hold account data, we use it to: provide and secure sign-in across the Hackknow ecosystem; remember your account and entitlements; maintain reliability and prevent abuse; and communicate essential service messages (such as email confirmation or security notices). We do not use your content to train AI models.

06Legal bases (where GDPR applies)

If you are in the EEA/UK, we process account data on the bases of: performance of a contract (providing the service you signed in for); legitimate interests (security, abuse prevention, keeping the service working); and consent where required (which you may withdraw at any time).

07Sharing & processors

We don't sell data. We share the minimum necessary with service providers ("processors") who help us run Forge:

Processor	Purpose	Data involved
Supabase	Authentication & account database	Account & auth data
Cloudflare	Hosting, CDN, DDoS/security	Technical logs
Google / GitHub	OAuth sign-in (only if you choose them)	Profile basics you authorise
AI providers (Groq, Gemini, OpenRouter, Together, Mistral, Cohere)	Generate output from your input	Your input text + your key — sent by your browser, not us

Each AI provider has its own privacy policy that governs what it does with the input your browser sends it. We may also disclose data if required by law.

08International transfers

Our account database (Supabase) is hosted in the Singapore (ap-southeast-1) region. If you access Forge from elsewhere, your account data may be processed there and by processors in other countries. Where required, transfers rely on appropriate safeguards such as standard contractual clauses.

09Retention

We keep account data for as long as your account exists. If you delete your account, we delete or anonymise your account data within a reasonable period, except where we must retain limited records to comply with law or resolve disputes. Local-only data is removed whenever you clear your browser/site data.

10Your rights

Subject to applicable law (including India's DPDP Act 2023 and, where relevant, the GDPR), you have the right to:

access the account data we hold about you;
correct inaccurate data;
delete your account and associated data;
obtain a portable copy of your data;
withdraw consent, and (EEA/UK) object to or restrict certain processing;
lodge a complaint with your data-protection authority.

To exercise any right, email team@hackknow.com. Most of your most sensitive data (keys, resume text) is on your device and already under your sole control.

11Cookies & local storage

Forge does not use advertising or analytics-tracking cookies. We use:

Local storage for your API keys (yahavi-forge-keys) and preferences (yahavi-forge-prefs) — on your device only;
Essential auth storage set by Supabase to keep you signed in, only if you sign in.

You can clear these any time via the in-app "Keys" panel or your browser's site-data controls.

12Security

We use HTTPS everywhere, row-level security on our database, and reputable processors. No method of transmission or storage is 100% secure, but keeping your keys and content off our servers is itself a strong protection. Please keep your account and provider credentials safe.

13Children

Forge is not directed to children under 16. We do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.

14Changes

We may update this policy; we'll revise the "Effective" date and, for material changes, give reasonable notice on the site. Continued use after changes means you accept the updated policy.

15Contact & grievances

For any privacy question, request, or grievance, contact our privacy contact at team@hackknow.com. We will respond within the timelines required by applicable law.

▸ BACK TO TOP