Privacy Policy

Last updated: February 21, 2026

1. Introduction

TorqueDesk is a shop management platform operated by Forgeborn ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use torquedesk.dev and related services (the "Service"). By using the Service you agree to the practices described below.

2. Information We Collect

2.1 Shop & Account Data

When you create an account we collect your name, email address, and shop details (shop name, address, phone number). If you invite team members we also collect their name and email.

2.2 Customer & Vehicle Data

You may enter customer personally identifiable information ("PII") into TorqueDesk, including customer names, phone numbers, email addresses, vehicle identification numbers (VINs), and vehicle details. You are the data controller for this information; we process it on your behalf.

2.3 Repair Order & Financial Data

We store repair order details, labor and parts line items, estimates, invoices, payment records, and accounting entries that you create through the Service.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including IP address, browser type, device information, pages visited, and timestamps.

3. Cookies

We use cookies and similar technologies for the following purposes:

  • Authentication cookies — to keep you signed in and maintain your session.
  • Preference cookies — to remember your settings such as theme preference.
  • Security cookies — to protect against cross-site request forgery and other threats.

We do not use third-party advertising or tracking cookies.

4. Payment Processing (Stripe)

Subscription payments are processed by Stripe, Inc. We never store your full credit card number, CVC, or bank account details on our servers. Stripe collects and processes payment information in accordance with Stripe's Privacy Policy. We receive only a tokenized reference, last four digits of your card, and transaction status from Stripe.

5. SMS Notifications (Twilio)

If you enable SMS notifications for your customers (e.g., repair status updates, appointment reminders), messages are sent via Twilio, Inc. Twilio receives the recipient phone number and message content to deliver the SMS. We do not sell phone numbers or message data to any third party. Customers can opt out of SMS notifications at any time by replying STOP or by contacting the shop.

6. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To process payments and manage your subscription.
  • To send transactional emails (account verification, password resets, billing receipts).
  • To send SMS notifications on your behalf to your customers.
  • To improve the Service, fix bugs, and develop new features.
  • To comply with legal obligations.

7. Data Sharing & Third Parties

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing.
  • Twilio — for SMS delivery.
  • Infrastructure providers — hosting and database services necessary to run the platform.
  • Law enforcement — when required by law, subpoena, or court order.

8. Data Retention

We retain your account and shop data for as long as your account is active. Repair orders, customer records, and financial data are retained for a minimum of seven (7) years after creation to comply with tax and accounting regulations. Usage logs and analytics data are retained for up to twelve (12) months and then automatically deleted.

9. Your Rights & Data Deletion

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Deletion — request that we delete your account and associated data, subject to legal retention requirements.
  • Export — request a machine-readable export of your data.

To exercise any of these rights, email us at privacy@forgeborn.dev. We will respond within 30 days.

When you request account deletion, we will delete or anonymize your personal data within 30 days, except for records we are legally required to retain (e.g., financial transaction records for tax compliance).

10. Security

We use industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted database connections, secure session management, and role-based access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

Forgeborn
Email: privacy@forgeborn.dev
Web: forgeborn.dev