WheelForge Privacy Policy

Last Updated: November 29, 2025

WheelForge ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Personal Information

When you create an account or use our service, we may collect:

  • Account Information: Email address, name, username
  • Billing Information: Payment details (processed by Stripe; we do not store full credit card numbers)
  • Contact Information: Any information you provide when contacting support

Usage Information

We automatically collect:

  • API Usage: Packages requested, versions, build configurations, timestamps
  • Build Metadata: Success/failure status, test results, build duration
  • Technical Data: IP address, browser type, device information, operating system
  • Analytics: Page views, feature usage, session duration

Information We Do NOT Collect

  • We do not track the contents of your projects or code
  • We do not scan or analyze packages you download beyond build testing
  • We do not collect sensitive personal information (race, religion, health data, etc.)

2. How We Use Your Information

Service Delivery

  • Process and fulfill build requests
  • Authenticate and manage your account
  • Send service-related notifications (build completion, errors, etc.)
  • Provide customer support

Service Improvement

  • Analyze usage patterns to optimize caching and pre-building
  • Identify popular packages and configurations
  • Debug issues and improve reliability
  • Develop new features based on usage trends

Business Operations

  • Process payments and prevent fraud
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Send important updates about the service

Marketing (With Your Consent)

  • Send newsletters and product updates (you can opt out anytime)
  • Announce new features or pricing changes
  • Share relevant content or resources

3. How We Share Your Information

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share information with trusted third parties who help us operate our service:

  • Payment Processing: Stripe (for billing)
  • Cloud Infrastructure: AWS/GCP (for hosting and storage)
  • Analytics: Plausible/PostHog (privacy-focused analytics)
  • Email: SendGrid/Postmark (for transactional emails)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Legal processes or government requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or security threats

Business Transfers

If WheelForge is acquired or merged with another company, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Aggregated Data

We may share anonymized, aggregated data that cannot identify you personally:

  • "X% of users build flash-attn for CUDA 12.1"
  • "Most popular GPU architecture is sm_80"
  • Usage statistics for research or marketing purposes

4. Data Retention

Account Data

  • Retained while your account is active
  • Deleted 30 days after account termination (unless required by law)
  • You can request immediate deletion by contacting us

Build Metadata

  • Retained indefinitely for caching and service optimization
  • Anonymized after 90 days (personal identifiers removed)
  • You can request deletion of specific build records

Logs and Analytics

  • Server logs retained for 90 days
  • Analytics data retained for 2 years in aggregated form
  • Security logs may be retained longer for compliance

5. Data Security

Security Measures

We implement industry-standard security practices:

  • Encryption: All data transmitted via TLS/HTTPS
  • Access Controls: Role-based access to internal systems
  • Secure Storage: Encrypted databases and backups
  • Monitoring: Automated security monitoring and alerts
  • Isolated Builds: Each build runs in an isolated environment

No Guarantee

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Responsibility

You are responsible for:

  • Keeping your password secure
  • Not sharing your API keys
  • Notifying us immediately of any unauthorized access
  • Using strong, unique passwords

6. Your Rights and Choices

Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request a copy of your data in a portable format

Deletion

You can request deletion of your:

  • Account and personal information
  • Build history and metadata
  • All data associated with your account

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention).

Opt-Out

You can opt out of:

  • Marketing Emails: Click "unsubscribe" in any email or update preferences in your account
  • Analytics: Use browser settings or privacy tools (we use privacy-friendly analytics)
  • API Usage Tracking: Not possible (required for service operation and billing)

Data Portability

You can export your:

  • Build history and metadata (JSON format)
  • Account information
  • Usage statistics

7. Cookies and Tracking

Cookies We Use

  • Essential Cookies: Required for authentication and service functionality (cannot be disabled)
  • Analytics Cookies: Track usage patterns to improve the service (can be disabled)
  • Preference Cookies: Remember your settings and preferences

Third-Party Cookies

We do not use third-party advertising cookies or tracking pixels.

Your Choices

You can control cookies through:

  • Browser settings (block or delete cookies)
  • Cookie consent banner (on first visit)
  • Account preferences (for logged-in users)

8. International Data Transfers

Data Location

Your data may be stored and processed in:

  • United States (primary data centers)
  • European Union (if using EU region)
  • Other countries where our service providers operate

Data Protection

If you are in the EU/UK:

  • We comply with GDPR requirements
  • We use Standard Contractual Clauses for international transfers
  • You have additional rights under GDPR (see Section 9)

9. GDPR Rights (EU/UK Users)

If you are located in the European Union or United Kingdom, you have additional rights under GDPR:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations).

Right to Restrict Processing

Limit how we use your personal data.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).

Right to Lodge a Complaint

File a complaint with your local data protection authority.

Legal Basis for Processing

We process your data based on:

  • Contract: To provide the service you signed up for
  • Legitimate Interests: To improve our service and prevent fraud
  • Consent: For marketing communications (you can withdraw anytime)
  • Legal Obligation: To comply with laws and regulations

10. Children's Privacy

WheelForge is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know: What personal information we collect and how we use it
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
  • Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact us at privacy@wheelforge.io.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective:

  • Immediately for new users
  • 30 days after notice for existing users

We will notify you of material changes via:

  • Email to your registered address
  • Prominent notice on our website
  • In-app notification

Continued use of WheelForge after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

  • Email: privacy@wheelforge.io
  • Support: support@wheelforge.io
  • Website: wheelforge.io/contact

Data Protection Officer

For GDPR-related inquiries: dpo@wheelforge.io

Response Time

We will respond to privacy requests within:

  • 30 days (general inquiries)
  • 30 days (GDPR requests, may extend to 60 days if complex)
  • 45 days (CCPA requests)

Summary (TL;DR)

What we collect: Email, usage data, build metadata

What we DON'T collect: Your code, sensitive personal data

What we do with it: Provide the service, improve performance, send important updates

What we DON'T do: Sell your data, track you across the web, share with advertisers

Your rights: Access, delete, export, opt-out

Security: Industry-standard encryption and protection

Questions?: privacy@wheelforge.io

By using WheelForge, you acknowledge that you have read and understood this Privacy Policy.