Privacy Policy

Last updated: February 12, 2026 — Effective: February 12, 2026

1. Introduction

Forward Foundry (“we,” “us,” or “our”) operates the website at by-lance.com and related services, including the Forward Foundry Control Panel (FFCP). This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our services. This policy applies to all Forward Foundry ventures, subsidiaries, and “doing business as” (DBA) entities, including but not limited to MyGripShop, OpenPlay, and Surveyor AI. By using our Services, you consent to the practices described in this policy.

2. Information We Collect

We collect information in three categories:

Information you provide directly:

  • Contact form submissions (name, email address, message)
  • Communications you send to us via email or other channels
  • Payment information (processed securely by Stripe; we do not store card numbers)
  • Phone number (if provided for SMS communications)

Information from integrated services:

  • GitHub event data (commits, pull requests, deployments, issues)
  • Slack messages and interactions with FFCP Bot
  • Stripe payment and subscription event metadata
  • Twilio SMS delivery status and voice call metadata
  • Google Analytics website traffic metrics
  • Ahrefs SEO metrics and backlink data
  • GoDaddy domain registration and expiration data
  • Replit project status and deployment information

Information collected automatically:

  • IP address, browser type, and operating system
  • Pages visited, time spent, and referral sources
  • Device identifiers and general location data

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent — when you submit a contact form, opt into SMS communications, or voluntarily provide information
  • Contractual necessity — to deliver services you have engaged us to provide and to process payments
  • Legitimate interest — to operate our business, generate operational intelligence, improve our services, and maintain security
  • Legal obligation — to comply with tax, financial reporting, and other regulatory requirements

4. How We Use Your Data

We use collected information to:

  • Deliver, operate, and improve our professional services
  • Generate operational intelligence dashboards and reports
  • Create AI-powered daily digests and status summaries
  • Process payments and manage billing
  • Send transactional communications (invoices, service updates, delivery confirmations)
  • Send promotional communications (with your consent and opt-out available)
  • Send notifications via Slack for critical operational events
  • Monitor system health, domain expirations, and service availability
  • Respond to inquiries and provide customer support
  • Comply with legal obligations and prevent fraud

5. AI Processing Disclosure

Certain data may be processed by Anthropic's Claude AI to generate operational summaries, daily digests, and conversational responses within the FFCP platform. This data is transmitted to Anthropic via secure API calls. Anthropic processes this data according to their own data use and privacy policies, which are available at anthropic.com/privacy. We do not send sensitive personal information (such as payment card numbers or social security numbers) to AI services.

6. Third-Party Service Providers

We share data with the following third-party service providers as necessary to operate our Services. We do not sell your personal information to any third party.

  • Supabase — Database hosting (PostgreSQL), United States
  • Vercel — Application hosting and CDN, United States
  • Anthropic — AI processing (Claude API), United States
  • Stripe — Payment processing, United States
  • Slack — Team communication and notifications, United States
  • Twilio — SMS and voice communications, United States
  • Google Analytics — Website traffic analytics, United States
  • Ahrefs — SEO analytics, Singapore / European Union
  • GoDaddy — Domain registration services, United States
  • Replit — Development platform, United States

Each provider processes data under their own privacy policies. We only share the minimum data necessary for each provider to perform their designated function.

7. Cookies and Tracking Technologies

Our websites may use cookies and similar tracking technologies:

  • Google Analytics cookies (_ga, _gid) — for website traffic analysis and performance measurement
  • Vercel Analytics — for application performance monitoring
  • Essential cookies — for basic site functionality and session management

You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of the Services. We honor “Do Not Track” browser signals where technically feasible.

8. Communications and Unsubscribe

Email Communications

We may send you transactional emails (invoices, service updates, account notifications) and promotional emails (newsletters, announcements, offers). Every promotional email includes an unsubscribe link at the bottom. You may also opt out of promotional emails by contacting us at eric@by-lance.com or through our contact form. Transactional emails related to active service engagements cannot be opted out of while the engagement is active. We will process unsubscribe requests within 10 business days.

SMS Communications

By providing your phone number and opting in, you consent to receive SMS messages from Forward Foundry or its affiliated ventures. Message frequency varies. Message and data rates may apply.

  • Reply STOP to any message to opt out of SMS communications
  • Reply HELP for assistance or contact eric@by-lance.com
  • Consent to receive SMS is not a condition of purchasing any service
  • We do not sell or share phone numbers for third-party marketing purposes

Carrier Disclaimer: Carriers are not liable for delayed or undelivered messages. Delivery is subject to effective transmission by your wireless carrier.

9. Data Retention

We retain data for the following periods:

  • Operational event data — retained for the operational lifetime of the platform and periodically archived
  • Contact form submissions — retained for 2 years, then deleted unless an ongoing business relationship exists
  • Payment and financial records — retained for 7 years as required by tax and financial regulations
  • AI-generated digests and artifacts — retained indefinitely for operational reference
  • Communication opt-out records — retained indefinitely to ensure we honor your preferences

You may request deletion of your personal data at any time, subject to our legal retention obligations.

10. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit via TLS 1.2 or higher (HTTPS)
  • Encryption at rest in our database (Supabase PostgreSQL)
  • API key authentication for all service endpoints
  • Webhook signature verification (HMAC-SHA256) for GitHub, Slack, Stripe, and Twilio
  • Row-level security (RLS) policies in our database
  • Environment variable isolation for sensitive credentials

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. International Data Transfers

Our Services are primarily hosted in the United States. If you access the Services from outside the United States, your data may be transferred to and processed in the United States. By using the Services, you consent to this transfer. Where required by applicable law (such as GDPR), we rely on standard contractual clauses or other approved transfer mechanisms to ensure adequate data protection.

12. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data (subject to legal obligations)
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at eric@by-lance.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

13. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to know — request information about the categories and specific pieces of personal data we have collected
  • Right to delete — request deletion of your personal data (subject to exceptions)
  • Right to opt-out of sale — we do not sell your personal information to third parties
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise your rights, contact us at eric@by-lance.com or through our contact form. We will verify your identity and respond within 45 days.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will: (a) notify the appropriate supervisory authority within 72 hours of becoming aware of the breach, where required by law; (b) notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms; and (c) document the breach, its effects, and the remedial actions taken.

15. Children's Privacy

Our Services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at eric@by-lance.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. For significant changes, we may also provide notice via email or through the Services. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

17. Contact

For privacy-related questions, data access requests, or to exercise any of your rights, contact Forward Foundry at by-lance.com/contact or email eric@by-lance.com. We will respond to all privacy-related requests within 30 days.