Privacy Policy

Last Updated: May 17, 2026

1. Zero Telemetry, Zero Tracking

ForgeReq is a privacy-first, local-only REST API workbench. We believe that your data, API endpoints, credentials, and usage patterns are strictly your business. Therefore, ForgeReq does not include any telemetry, analytics, or tracking software.

2. Local Data Storage & Encryption

All data generated or stored by ForgeReq resides exclusively on your local machine:

Your endpoints, variables, and history are stored locally in an encrypted vault.
The AES-256-GCM encryption key is securely managed by your operating system's keychain (macOS Keychain, Windows Credential Vault, or Linux Secret Service/libsecret).
We do not sync, backup, or transmit your vault to any cloud service.

3. Network Communications

The only network requests initiated by ForgeReq are the ones you explicitly configure and execute within the application (e.g., sending an HTTP request to an API you are testing). ForgeReq does not "phone home" to our servers for any reason.

4. Open Source Transparency

ForgeReq is open-source software licensed under the AGPL-3.0. You are encouraged to inspect our source code on GitHub to verify our privacy claims independently.

5. Changes to this Policy

Because we do not collect any data, there is very little in this policy that can change. If we ever decide to introduce optional cloud features (which would be strictly opt-in), we will update this policy accordingly. Your local-first experience will remain unchanged.

6. Contact Us

If you have any questions or concerns about this Privacy Policy, please open an issue on our GitHub repository.