Skip to content

Privacy policy

Last updated: July 2, 2026

Data controller

The controller of your data is FORGE AGENCY (SASU), 47 rue Vivienne, 75002 Paris, France.

For any question about your personal data: contact@forge-agency.fr.

Data we collect

Account data: name, email address, password (stored encrypted), role (coach or athlete) and language.

Service usage data: training programs, assigned and completed workouts, loads, repetitions, RPE, notes and adherence indicators.

Technical data: session information and logs required for the operation and security of the service.

Payment data: when a coach subscribes or enables charging their athletes, payments are processed by Stripe. Your card details are entered and stored directly by Stripe; they never pass through our servers and we never store them. We only keep technical transaction identifiers (for example a Stripe payment ID, the amount, currency and status) for tracking and reminder purposes.

Purposes and legal bases

Providing and operating the service (creating programs, tracking workouts, connecting coach and athlete) — basis: performance of the contract.

Securing the service and preventing abuse — basis: legitimate interest.

Sending you service-related emails (invitation, password reset, trial information) — basis: performance of the contract and legitimate interest.

Improving the product during the beta phase — basis: legitimate interest.

Recipients and processors

Your data is never sold.

It is processed by technical sub-processors acting on our behalf: Neon (database hosting, European Union — Frankfurt), Vercel (application hosting, USA), Resend (email delivery), Stripe (payment processing and coach–athlete charging), Clever Cloud (storage of your progress photos, hosted in France), Sentry (technical error detection, European Union region) and PostHog (site audience measurement, European Union region).

For payments between an athlete and their coach (Stripe Connect), the coach is the merchant of record and can access the related transaction information through their Stripe dashboard. Legal basis for processing payment data: performance of the contract and compliance with our legal (accounting and tax) obligations.

Within a coaching relationship, your coach accesses the data needed to follow your progress, and vice versa for strictly relevant information.

Transfers outside the European Union

The database is hosted within the European Union (Frankfurt).

Some sub-processors (Vercel, Resend, Stripe) are established in or operate from the USA. These transfers rely on the European Commission's adequacy decision of 10 July 2023 on the EU-U.S. Data Privacy Framework, to which Vercel, Resend and Stripe adhere. As an additional safeguard, the European Commission's Standard Contractual Clauses also apply through each provider's data processing agreement.

The error-detection tool Sentry is configured in the European Union region, where data is stored; as its publisher is established in the USA, the European Commission's Standard Contractual Clauses govern any residual access. No direct personal data is intentionally sent to this tool (error reports exclude identifying information).

The audience-measurement tool PostHog is configured in the European Union region, where data is stored; as its publisher is established in the USA, the European Commission's Standard Contractual Clauses govern any residual access. Audience measurement runs without any cookie or persistent tracker, is limited to aggregated usage statistics and is never cross-referenced for advertising purposes; no health or progress data is sent to it.

Retention period

Account and training data: kept as long as your account is active.

Inactivity: after 24 months without login, your account and data are anonymized or deleted, following a prior warning email.

Account deletion: your data is erased or anonymized within 30 days, unless a legal retention obligation applies.

Payment data: information required for accounting and tax obligations is kept for the legal duration (up to 10 years).

Technical and security logs: kept for up to 12 months.

Your rights

In accordance with the GDPR, you have the right to access, rectify, erase, restrict, object to and port your data.

You can exercise these rights by writing to contact@forge-agency.fr.

You also have the right to lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr).

Cookies

Adhérence uses only strictly necessary cookies, in particular to keep you signed in. These cookies do not require your consent.

No advertising cookies are used. The site's audience measurement (PostHog) runs without any cookie or persistent tracker and is limited to aggregated usage statistics, with no advertising profiling.

Security

Passwords are stored encrypted, communications are encrypted via HTTPS, and access to data is restricted to what is strictly necessary.

Changes

This policy may be updated. The date of the latest update is shown at the top of this page.