← Back

Privacy Notice

Last updated: May 21, 2026

1. Who we are

ViralForge is operated by Derek Thompson, trading as Viral Forge. For the personal data described in this notice, we act as the data controller.

2. Personal data we collect

  • Account data: name, email, password hash, sign-in identifiers.
  • Usage data: prompts you submit, generated outputs, feature usage, and timestamps.
  • Support data: messages you send to us.
  • Technical data: IP address, device identifiers, browser type, log data.
  • Cookies: essential session cookies; see section 8.

Payment data (card details, billing address) is collected directly by our Merchant of Record, Paddle, and is not stored by us.

3. Why we use it

  • Create and operate your account (contract).
  • Provide and improve the Service, including AI generations (contract / legitimate interests).
  • Customer support and communications (contract / legitimate interests).
  • Security, fraud prevention, and abuse detection (legitimate interests / legal obligation).
  • Compliance with legal obligations (legal obligation).

4. Who we share it with

  • Service providers: hosting, database, and analytics infrastructure.
  • AI providers: prompts and related metadata are sent to AI model providers strictly to generate your output.
  • Paddle, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
  • Professional advisers: legal, accounting, and similar advisers when needed.
  • Authorities: where required by law or to protect our rights.

5. Retention

We keep personal data only as long as needed for the purposes described above or as required by law. Account data is deleted or anonymized after account closure, subject to legal record-keeping obligations (typically up to 7 years for billing records).

6. Your rights

Subject to applicable law, you may have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent. EEA/UK users also have the right to lodge a complaint with their local supervisory authority.

To exercise these rights, email thompsonderek9910@gmail.com. We aim to respond within 30 days.

7. Security

We use appropriate technical and organizational measures — including encryption in transit, access controls, and least-privilege practices — to protect your data. No system is perfectly secure, and we cannot guarantee absolute security.

8. Cookies

We use essential cookies to keep you signed in and to provide core functionality. We do not use advertising cookies. You can clear or block cookies in your browser settings, but parts of the Service may stop working.

9. International transfers

Our service providers may process data outside your country, including in the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Changes

We may update this notice from time to time. Material changes will be posted here with an updated date.

11. Contact

Privacy questions? Email thompsonderek9910@gmail.com.