Privacy Policy
Last updated: February 11, 2026
1. Information We Collect
Account Information
Email address, name, and optionally: avatar, bio, promotion channels, audience size. For merchants: Stripe account connection data.
Tracking Data
When visitors click affiliate links, we collect: IP address, user agent, referrer URL, landing page, country (from Cloudflare headers), and device type. This data is used for attribution and fraud detection.
Conversion Data
When a sale occurs, we process: customer email (for fraud detection only), transaction amount, and payment metadata from Stripe webhooks.
2. How We Use Information
- Attribute conversions to affiliates
- Detect and prevent fraud
- Calculate and pay commissions
- Generate analytics and reports
- Send transactional emails
- Improve the Service
3. Cookies
Our tracking script (t.js) sets a first-party cookie (mfbl_ref) on merchant websites to track affiliate referrals. This cookie contains only a random UUID referral identifier. Dashboard sessions use an pf_session httpOnly cookie.
4. Data Sharing
We share data only with: Stripe (payment processing), Resend (email delivery), and Cloudflare (hosting). We do not sell personal data.
5. Data Retention
Click data is retained for 2 years, then auto-purged. Account data is retained while your account is active and for 90 days after deletion.
6. GDPR Rights (EU Users)
You have the right to access, rectify, erase, restrict processing, port, and object to processing of your personal data. Contact privacy@partner-forge.com.
7. CCPA Rights (California Residents)
You have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell data).
8. Security
We use encryption in transit (TLS), hashed passwords (PBKDF2), hashed session tokens, and Cloudflare WAF protection.
9. Contact
Data protection inquiries: privacy@partner-forge.com.