ForgeTales — Version 1.0 — Last updated: March 3, 2026
Welcome to ForgeTales ("we," "our," or "the Company"). We are dedicated to protecting your privacy while providing a local-first world-building desktop application.
ForgeTales is a one-time purchase, fully offline application. This Privacy Policy explains how we collect, use, and safeguard your information when you use the ForgeTales application (the "App") or visit our website or landing page (the "Website").
By using ForgeTales, you agree to the practices described in this Privacy Policy.
Under the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD), the data controller responsible for your personal data is:
No Data Protection Officer (DPO) has been designated, as ForgeTales does not engage in large-scale or systematic processing of personal data, nor does it process special categories of data, as defined under Article 37 GDPR.
Because the App works entirely offline and does not require user accounts:
The only situations where personal data may be involved are:
Payment Data (One-Time Purchase):
Purchases are processed by Stripe Payments Europe, Ltd., our payment provider. We do not store credit or debit card details on our servers. Upon purchase completion, we may receive limited data from Stripe solely to validate the transaction, namely: transaction ID, purchase status, and the email address associated with the payment (if provided to Stripe). This data is used exclusively for purchase validation, fraud prevention, legal compliance, and customer support.
Contact Data:
If you contact us by email, we will receive only the information you choose to provide. We will use it solely to respond to your enquiry.
Newsletter Subscription Data:
If you subscribe to our newsletter through the Website, we collect and store your email address. This email is stored in our database (hosted by Supabase) and is used solely for the purpose of sending you newsletter communications. You may unsubscribe at any time using the unsubscribe link included in every newsletter email.
Inside the App:
The App does not collect usage analytics, telemetry, device data, IP addresses, or any form of behavioural tracking. It operates completely offline after purchase validation.
On the Website / Landing Page:
When you visit our Website, certain technical data may be collected automatically by our web infrastructure providers and by Google Analytics (see Section 8 for full details), including: IP address, browser type, device information, pages visited, and access times. This data is processed in anonymised and aggregated form.
We process personal data under the following legal bases as set out in Article 6 GDPR:
Contractual Obligation (Art. 6.1.b GDPR):
To process your purchase, validate your licence, and provide access to the App.
Legal Obligation (Art. 6.1.c GDPR):
To comply with tax, accounting, and anti-fraud laws applicable in Spain and the European Union.
Consent (Art. 6.1.a GDPR):
For non-essential cookies (analytical cookies via Google Analytics) on the Website, and for any optional newsletter sign-ups or marketing communications. Consent is collected through our cookie banner before any analytical cookies are activated. You may withdraw your consent at any time without affecting the lawfulness of prior processing.
Legitimate Interest (Art. 6.1.f GDPR):
To maintain the security of our Website, detect and prevent fraud, and improve our services. We have assessed that these interests are not overridden by your fundamental rights and freedoms, given the limited and non-intrusive nature of the processing involved (e.g., server security logs, fraud detection). You have the right to object to processing based on legitimate interest at any time.
We use purchase-related data to:
We use anonymised and aggregated analytics data collected via Google Analytics — subject to your prior consent through our cookie banner — to understand how users interact with our Website and to improve its performance and usability. This data does not identify you personally.
If you have subscribed to our newsletter, we use your email address exclusively to send you periodic updates, insights, and news about ForgeTales. We will never share your email address with third parties for marketing purposes. You can unsubscribe at any time using the unsubscribe link included in every newsletter email.
We may use or disclose your information if required to do so by applicable law, court order, or regulatory authority.
We only share data with providers strictly necessary to operate our business. All providers are required to comply with the GDPR and applicable data protection legislation:
We may disclose information where necessary to comply with legal requirements, protect our rights, or prevent fraud or abuse.
In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction. You will be notified in advance if such a transfer affects your data and your rights as a data subject.
Under the GDPR and LOPDGDD, you have the following rights with respect to your personal data:
To exercise any of these rights, please contact us at: [email protected]
We will respond within one calendar month of receipt of your request, as required by Article 12 GDPR. You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos — AEPD) at www.aepd.es, or with the supervisory authority of your country of residence within the EU.
We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction, in accordance with Article 32 GDPR. These measures include encryption of data in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the AEPD within 72 hours of becoming aware of it, and will inform affected users without undue delay where required by applicable law.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:
Some of our service providers process data outside the European Economic Area (EEA). In all such cases, appropriate safeguards are in place to ensure your data receives a level of protection equivalent to that guaranteed within the EU:
Stripe Payments Europe, Ltd.:
Stripe's European entity is based in Ireland (EEA). Where data is transferred to Stripe Inc. in the United States, such transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
Google LLC (Google Analytics):
Google Analytics may transfer data to Google LLC servers in the United States. Such transfers are carried out under the EU-US Data Privacy Framework (EU-US DPF), adopted by the European Commission through its Adequacy Decision of 10 July 2023, which ensures an equivalent level of data protection. Additionally, we have enabled IP anonymisation in Google Analytics to minimise the personal data transferred.
The ForgeTales desktop App does not use cookies or any tracking technologies of any kind.
Our Website (landing page) uses cookies as described below, in compliance with Spanish Law 34/2002 (LSSI-CE) and the GDPR.
Strictly Necessary Cookies:
These cookies are essential for the Website to function correctly. They enable basic navigation and access to secure areas. They do not require prior consent and cannot be disabled through our cookie banner.
Analytical Cookies — Google Analytics:
We use Google Analytics 4, a service provided by Google LLC, to collect anonymised and aggregated information about how visitors interact with our Website. This helps us understand traffic sources, popular pages, and overall site performance. These cookies only activate after you provide explicit consent through our cookie banner.
In accordance with the LSSI-CE and GDPR, non-essential cookies (analytical cookies) are only activated with your explicit prior consent, collected through our cookie banner when you first visit the Website. You may accept or reject analytical cookies independently of the App purchase or use.
You may manage, disable, or delete cookies at any time through the following means:
Withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal, nor does it affect your ability to use the App.
Google Analytics may transfer data to Google LLC servers in the United States. As noted in Section 7, these transfers are covered by the EU-US Data Privacy Framework. For more information on Google's data practices, visit: https://policies.google.com/privacy
ForgeTales is not directed at children under the age of 14. Under Spanish law (LOPDGDD, Art. 7), the minimum age for consent to data processing is 14 years. We do not knowingly collect personal data from individuals under this age. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child under 14 has provided us with personal data, please contact us at [email protected].
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will notify you by posting a prominent notice on our Website and, where possible, by sending an email to the address associated with your purchase, at least 30 days before the changes take effect.
For changes that affect processing based on your consent, we will request fresh consent where required. Continued use of the App or Website after non-material changes have been posted constitutes acknowledgement of the updated policy. We recommend reviewing this page periodically.
For any questions about this Privacy Policy, to exercise your GDPR rights, or to submit a data protection request, please contact us at:
Email: [email protected]