Privacy Policy

Plain-language disclosure of what we collect, why, and how to exercise your rights.

Last updated: June 1, 2026

Forge RPA, LLC ("Forge RPA," "we," "us") provides finance and operations automation consulting and software services. This Privacy Policy explains what information we collect when you visit forgerpa.com or interact with our discovery-call booking flow, what we do with that information, and the rights you have to control it.

This policy applies to our public marketing site only. Separate notices govern (a) the Forge RPA platform at app.forgerpa.com (used by active clients under signed engagement agreements) and (b) the Forge RPA sales operations cockpit at sales.forgerpa.com (used by our internal team).

Your use of this website is also governed by our Terms and Conditions, and this Privacy Policy is subject to those Terms. By using the site you agree to both documents.

1. Information We Collect

1.1 Information You Provide Directly

When you complete the Discovery Call Qualifier on our booking page or send us an email, you may provide:

  • Your name, work email, and company name (required to book a call)
  • Your phone number and LinkedIn URL (optional)
  • Your role, biggest current challenge, the systems you use, your team size, and your timeline for action (multi-step qualifier wizard)
  • Any free-text notes you choose to share during the Cal.com booking step

This information is stored in our internal CRM (Notion) and in a Postgres database operated by Forge RPA. We use it to prepare for our conversation with you and to follow up after.

1.2 Information Collected Automatically

When you visit any page on forgerpa.com, our analytics and infrastructure providers collect technical information about your visit:

  • Pages you visited, time on page, and click events (Google Analytics 4)
  • Approximate location derived from your IP address (city / state level, not precise)
  • Browser type, operating system, screen size, and language
  • Referring URL (the site or search that sent you to us)
  • Marketing-attribution parameters in the URL you arrived at — including gclid (Google Click ID), utm_source, utm_medium, utm_campaign, and similar tags from Bing or Meta if you arrived via paid advertising

1.3 Information We Do NOT Collect

We do not collect:

  • Government-issued identifiers (Social Security numbers, driver's license numbers, etc.)
  • Financial account numbers or payment-card data
  • Health or medical information
  • Precise GPS location
  • Children's data — our site is not directed to anyone under 16, and we do not knowingly collect information from minors

2. How We Use Your Information

  • Respond to your inquiry. If you complete the discovery-call qualifier, we use your contact information and answers to prepare for the call, follow up by email, and propose next steps if there's a fit.
  • Improve our site and content. Aggregate analytics help us understand which pages and resources are most useful so we can write better content for finance and operations leaders.
  • Measure paid advertising. If you arrive via a Google Ads or other paid campaign, we use the click identifier to attribute your visit to that campaign so we can measure return on advertising spend. We never use this identifier to re-target you with ads on other sites.
  • Detect and prevent spam. The discovery-call qualifier includes a spam-protection step (Cloudflare Turnstile), free-email-domain flagging, and rate limiting per IP address to prevent automated abuse.
  • Comply with legal obligations. Tax, accounting, and other applicable laws require us to retain certain records.

3. Cookies and Similar Technologies

We use the following categories of cookies and tracking technologies:

3.1 Strictly Necessary

  • Cloudflare security cookies (bot protection on the site)
  • Cloudflare Turnstile session cookie on the booking page only

These cannot be disabled without breaking site functionality.

3.2 Analytics Cookies

  • Google Analytics 4 sets the _ga and _ga_* cookies (24-month expiration) to count unique visitors and measure traffic patterns. The data is processed in aggregate and is not used to identify you personally.

For information on how Google uses data when you visit our site, see Google's policy at How Google uses information from sites or apps that use our services. Information on how Google may use the analytics data we share for its own product-improvement purposes is at business.safety.google/privacy.

3.3 Marketing / Advertising Cookies

  • Google Ads conversion tag may set the _gcl_* cookie when you arrive at our site via a Google Ads campaign. We use this to attribute booking conversions to ad spend. The cookie expires after 90 days.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, or by adjusting your browser cookie settings to block third-party cookies.

4. Third-Party Service Providers

We use the following third parties to operate this site and our follow-up process. Each receives only the data necessary for their function:

Provider Purpose Data shared
Google Analytics 4 Web analytics Anonymous page views, click events, attribution params
Google Ads Paid advertising measurement Conversion events tied to click identifiers (no personal data)
Cloudflare Hosting (Cloudflare Pages) + Turnstile spam check + DNS IP address, request logs, Turnstile token
Cal.com Discovery-call calendar booking Name, email, scheduled time, any notes you provide
Notion Internal CRM (lead records) Contact info + your qualifier wizard answers
Discord Internal notifications when new bookings arrive Your name, company, email, and tier classification (visible only to the Forge RPA team)
Vercel Hosting of the cockpit / API that processes booking submissions Request logs containing IP + payload

Each of these providers operates under its own privacy practices and contractual data-processing agreements with us. We do not sell your information to any of them.

5. Information Sharing and Disclosure

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. The only ways your information leaves our systems are:

  • To the service providers listed in Section 4, each acting on our behalf under a written data-processing agreement
  • If required by law, court order, or valid legal process
  • To protect our rights, property, or safety, or that of our users or the public
  • If we are involved in a merger, acquisition, or sale of all or a portion of our business, in which case your information may be transferred as part of that transaction (you would be notified by email and on this page before any change in ownership materially affects how your data is handled)

6. Your Privacy Rights

6.1 Rights We Honor for Everyone

We extend the following rights to every visitor, regardless of where you live. We do not limit them to residents of particular states or countries:

  • Know what personal information we have collected about you, the sources, the purposes, and the categories of third parties we share it with
  • Access / receive a copy of your personal information in a portable format
  • Correct inaccurate information
  • Delete personal information we have collected, subject to certain exceptions (e.g., information we must retain to comply with tax or accounting law)
  • Opt out of any sale or sharing of personal information (see Section 6.2 — we do not sell or share, but the right exists)
  • Limit the use of sensitive personal information (we do not collect sensitive personal information)
  • Not be discriminated against for exercising any of these rights

To exercise any of these rights, email privacy@forgerpa.com with your request and which right you want to exercise. We will respond within a reasonable time and, where a specific response deadline applies to us by law, within that deadline. We may need to verify your identity before fulfilling the request — typically by confirming the email address you used to interact with us. You may designate an authorized agent to make a request on your behalf; we will require written authorization from you and proof of the agent's identity before responding.

6.2 Do Not Sell or Share My Personal Information

Forge RPA does not sell your personal information and does not share it for cross-context behavioral advertising. This means we have no "sale" or "share" activity to opt out of — but you have the right to make the request, and we will confirm in writing that no such sale or share is occurring.

If you would like to submit a Do-Not-Sell-or-Share request anyway (for example, to formally document the no-sale status for your own records), email privacy@forgerpa.com with the subject line "Do Not Sell or Share — Forge RPA."

You can also signal opt-out preference automatically via the Global Privacy Control (GPC) browser setting. We honor GPC signals from supported browsers as a valid opt-out request.

7. Data Retention

Lead records (qualifier wizard submissions and Cal.com bookings): retained for up to five to six years from your last interaction with us — a period chosen to cover applicable statutes of limitation — after which they are deleted or anonymized. Contractual and billing records are retained as long as needed to meet tax, accounting, and other legal obligations, regardless of that window. If you become an active Forge RPA client, your contact records are governed by the engagement agreement signed at that point.

Analytics data (Google Analytics 4): standard retention of 14 months for event-level data. Aggregate, non-identifiable trend data may be retained longer.

Server logs: rolling 30-day retention for hosting and security purposes.

Backup copies: deletion requests propagate to our systems within 30 days. Backups containing your data are overwritten on a rolling 90-day cycle.

8. Data Security

We protect your information using industry-standard technical and organizational measures:

  • HTTPS / TLS encryption for all data in transit
  • Encryption at rest for all stored personal data
  • Access controls limiting who on the Forge RPA team can view what data
  • Multi-factor authentication on every administrative account
  • Annual review of access permissions and data flows

No method of transmission or storage is 100% secure. If we ever become aware of a security incident affecting your personal information, we will notify you and any required regulators in accordance with applicable law.

9. International Data Transfers

Forge RPA is headquartered in Texas, United States. Our service providers operate in the United States and other countries including the European Union. If you are accessing this site from outside the United States, your information may be transferred to, stored, and processed in the U.S. We rely on Standard Contractual Clauses and other lawful transfer mechanisms where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be flagged at the top of this page and, where required by law, notified by email to active prospects and clients. The "Last updated" date at the top of the policy reflects the most recent revision.

11. Contact Us

Questions, requests, or concerns about this Privacy Policy or how we handle your information:

Forge RPA, LLC
privacy@forgerpa.com
Frisco, Texas, United States

For privacy-specific requests, please put "Privacy Request" in the subject line so we can route it appropriately.

This Privacy Policy is provided in plain language for clarity. It does not create any contractual obligation beyond what is required by applicable law, and Forge RPA may revise it at any time as our practices or applicable law evolves. If any provision is found to be unenforceable in your jurisdiction, the remainder remains in effect.