Forco is launching soon. Get in line for early access. It's free to join. Join the waitlist →
Forco
Join the waitlist →

Privacy

Last updated: June 2026.

Who we are

Forco is operated by Fahad Mir, based in Melbourne, Australia. When this policy says "we", "us", or "Forco", it means that one-person operation. If you have a question about anything below, write to [email protected].

What this policy covers

This policy covers everything Forco does: the marketing site (forco.ai), the app (app.forco.ai), every capability we run by email (such as [email protected] or future addresses like [email protected]), and any capability offered through Forco by a third-party builder where Forco still handles the email plumbing.

The data we collect

  • Account info. Your email address, name if you give it, and the date you signed up or joined the waitlist.
  • Email content you send to a Forco capability. The thread, the addresses on it, attachments, and the instructions you give us in plain English. We only ever receive the threads you explicitly CC, BCC, or forward to a Forco address. We have no access to the rest of your inbox.
  • Outbound drafts and approvals. The messages we draft on your behalf, the version you approved, and the timestamp you approved it.
  • Form submissions. If you write to us through the contact or waitlist forms, we store what you typed plus your IP address and browser user-agent for spam-prevention.
  • Billing info. If you upgrade to a paid plan, our payment processor (currently Stripe) collects your card details directly. We only see the last 4 digits and the billing country.
  • Diagnostics. Standard web-server logs (IP, timestamps, requested URL, error traces) for up to 30 days.

How we use it

  • To do the job you asked a capability to do on the threads you handed it.
  • To show you a plan before any outbound message is sent and to run that plan once you approve.
  • To bill you, recover from outages, prevent abuse, and answer support questions.
  • To send service emails about your account (confirmations, billing receipts, breaking changes). We will not send marketing email unless you opt in.

We do not use your email content or account data to train AI models, and we do not sell or rent it to anyone.

Capabilities offered by third-party builders

Some Forco capabilities are built and run by third parties (independent developers or small teams) on their own infrastructure. When you use one of those capabilities, the builder receives the email content you send to its address so it can do the job you asked. Forco still acts as the email gateway and shows you the plan before any outbound message is sent. The capability page in the directory lists who operates each capability and links to their privacy terms when they run on their own servers.

AI providers and other sub-processors

To understand your instructions and draft outbound messages, we use large language models from third-party providers (currently Anthropic and OpenAI). Email content is sent to these providers under their API data-processing terms; they do not retain it for model training.

Other sub-processors we use today:

  • Cloudflare: DNS, CDN, web hosting for the marketing site, and email routing for inbound addresses.
  • Resend: outbound transactional email (confirmations, follow-ups, notifications).
  • Amazon Web Services: inbound email storage (Simple Email Service, Stockholm region).
  • Stripe: payment processing for paid plans.
  • Google Analytics 4: anonymised traffic measurement on the marketing site only.
  • Hetzner: server hosting in Helsinki, Finland.

We will update this list when we add or replace a sub-processor.

Where your data lives

Inbound email is stored in AWS Stockholm (eu-north-1). Application databases run on our server in Helsinki. Backups are encrypted and stored off-site. Cloudflare and the AI providers may process requests through their global networks.

How long we keep it

  • Email threads, instructions, and drafts: as long as your account is open, plus 30 days after closure.
  • Backups: rolled forward on a 90-day cycle.
  • Server logs: 30 days.
  • Billing records: kept for as long as tax law requires (currently 7 years in Australia).

Your rights

You can ask us, at any time, to:

  • Show you what we hold about you.
  • Correct anything that's wrong.
  • Delete your account and all email content stored against it (deletion is completed within 30 days, except for billing records we are legally required to keep).
  • Export your data in a portable format.

Email [email protected] for any of the above. We don't ask why.

Cookies and analytics

The marketing site (forco.ai) sets only essential cookies plus Google Analytics 4 for traffic measurement. GA4 IP addresses are anonymised. The app (app.forco.ai) uses cookies necessary to keep you logged in. We do not run third-party advertising trackers.

Children

Forco is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, write to us and we'll delete the account.

Changes to this policy

If we make a material change (new sub-processor, new category of data, new purpose), we will email account holders before the change takes effect and update the "Last updated" date at the top of this page.

Contact

Any privacy question, request, or complaint: [email protected].