Privacy Policy
Plain-language summary: SlitForge is a B2B production floor tool. We collect the minimum information needed to run the service — primarily your company name, a contact email, and the production data your team enters (runs, defects, downtime). We do not sell your data. We do not use it for advertising. We do not use it to train AI models. Your production data belongs to your company. We store it securely on Cloudflare infrastructure and delete it 90 days after your account closes. The full details are below.
Who We Are and What This Policy Covers
This Privacy Policy describes how Gannon Labs ("we," "us," or "our") collects, uses, stores, and shares information when you use the SlitForge production tracking platform, accessible at app.slitforge.com and slitforge.com.
SlitForge is a business-to-business (B2B) Software as a Service (SaaS) application. Our customers are companies — typically tape, film, nonwoven, and related converting operations. When we refer to "you" in this policy, we may mean:
- Account holder / company: The company that purchased a SlitForge subscription and owns the account
- End users: Individual operators, leads, supervisors, managers, and administrators who use SlitForge under that company's account
- Visitors: Anyone who visits slitforge.com without creating an account
This policy should be read alongside our Terms of Service, which governs your use of the platform. By using SlitForge, you agree to both documents.
Information We Collect
We collect information in three ways: information you give us directly, information created automatically when you use the service, and limited information from third-party services we use to operate the platform.
1A — Information You Provide Directly
| Data Type | What It Is | When Collected |
|---|---|---|
| Company Name | The name of your organization, as entered during license activation | Account activation |
| Contact Email | An email address used for billing communications, renewal notices, and support | License purchase or support contact |
| License Key | A product key that identifies your subscription tier and company account | Account activation |
| Usernames & Roles | Display names and role assignments for individual users under your account (Enterprise accounts only; Basic and Pro use a single shared account) | When you create users in the app |
| User PINs | 4-digit PINs used to authenticate individual users. PINs are never stored in plain text — only a SHA-256 hash of the PIN is stored. | When you create or update users |
| Production Data | All data your team logs into SlitForge: run records (sets per hour, machine, job profile, shift, performance %), defect events (type, severity, quantity, cost estimate), downtime events (duration, reason, shift), machine profiles, job profiles, and location names | Ongoing, as your team uses the app |
| Support Communications | Emails, messages, or other communications you send to our support or sales addresses | When you contact us |
| Company Logo | A logo image URL or uploaded image provided for branding purposes (Enterprise accounts only) | When you configure company branding in Settings |
1B — Information Collected Automatically
| Data Type | What It Is | Why Collected |
|---|---|---|
| API Request Logs | Records of requests made to our API, including timestamps, endpoint paths, and HTTP status codes. IP addresses may be included in Cloudflare's infrastructure logs. | Security, abuse prevention, and debugging |
| Device & Browser Type | General information about the browser or device used to access SlitForge (e.g., Chrome on Android), derived from the User-Agent header | Compatibility and performance optimization |
| Timestamps | Date and time of account activation, run entries, defect logs, downtime events, and other app actions | Core to the product's time-based reporting features |
| Service Worker Cache Data | Cached app assets and temporary data stored in your browser to support offline PWA functionality. This data stays on your device and is not transmitted to our servers. | PWA offline functionality |
1C — What We Do Not Collect
We want to be explicit about what we do not collect:
- We do not collect real names of individual operators or employees — only the usernames your company assigns
- We do not collect payment card numbers or full payment information — payments are processed by a third-party payment processor
- We do not collect precise GPS location data from devices
- We do not use advertising trackers or third-party analytics pixels
- We do not collect information about your employees outside of SlitForge
How We Use Your Information
We use the information we collect only for the following purposes:
To Provide and Operate the Service
- Authenticating your account and validating your license key and API key on each request
- Storing, retrieving, and displaying your production data (runs, defects, downtime) within the app
- Generating performance reports, Pareto charts, trend charts, and PDF exports based on your data
- Syncing data across devices and users on your account in real time
- Enforcing role-based access permissions for Enterprise accounts
To Manage Your Account and Subscription
- Sending subscription confirmation, renewal reminder, and billing-related emails to your contact address
- Processing cancellations and account closure requests
- Communicating important changes to the service or these legal documents
To Provide Support
- Responding to your support requests and troubleshooting technical issues
- Reviewing API logs or data (with your permission) to diagnose specific problems
To Improve the Platform
- Identifying patterns in aggregate, anonymized usage to guide feature development (for example, understanding which modules are used most)
- Fixing bugs, improving performance, and addressing security vulnerabilities
We do not use your specific production data — your run records, defect logs, or downtime events — for any product improvement purpose. We do not use any of your data to train machine learning or AI models.
To Comply with Legal Obligations
- Responding to lawful requests from courts, law enforcement, or regulatory authorities
- Enforcing our Terms of Service
- Detecting and preventing fraud, abuse, or security threats
We do not use your information for advertising, marketing profiling, or any purpose not listed above. We do not sell your data to anyone, ever.
Data Storage and Security
Where Your Data Is Stored
All SlitForge account and production data is stored in Cloudflare D1, a globally distributed SQLite database service operated by Cloudflare, Inc. Cloudflare maintains data centers across North America, Europe, and other regions. Your data may be replicated across multiple locations for redundancy and performance.
The SlitForge application is delivered via Cloudflare Pages and processed by Cloudflare Workers. All communications between your device and our servers are encrypted using HTTPS/TLS.
Security Measures
We implement the following technical security measures:
- Encrypted transit: All data transmitted between your device and our servers uses HTTPS with TLS encryption
- Hashed credentials: User PINs and API keys are stored only as SHA-256 hashes — the original values are never stored in plain text
- API key authentication: Every request to our backend API requires a valid API key associated with your account
- Role-based access controls: Enterprise accounts restrict data access based on user roles configured by your Administrator
- Infrastructure security: Cloudflare provides DDoS protection, firewall rules, and physical data center security for our underlying infrastructure
Limitations
No security system is impenetrable. We cannot guarantee the absolute security of your data. If you discover a potential security vulnerability in SlitForge, please report it responsibly to support@slitforge.com and we will investigate promptly.
You are responsible for maintaining the security of your license key, API key, and user credentials. See Section 2 of our Terms of Service for your account security responsibilities.
Data Breach Notification
In the event of a data breach that affects your account information, we will notify you as soon as reasonably practicable and in accordance with applicable law. Notifications will be sent to the contact email associated with your account.
Data Retention
While Your Account Is Active
We retain all your account and production data for as long as your subscription is active. There is no system-imposed limit on how far back your historical data goes — your run records, defect logs, and downtime entries are retained indefinitely while you are a paying subscriber.
After Account Closure or Cancellation
Following the cancellation or termination of your account:
- Your data remains accessible for 90 days from the account closure date, during which you may request a full data export
- After 90 days, all your data — including production records, user accounts, machine profiles, and account settings — is permanently and irreversibly deleted from our systems
- Anonymized, aggregated statistics (such as total number of accounts or total runs logged across the platform) that do not identify your company may be retained for internal reporting purposes
Support Communications
Emails and support communications are retained for up to 3 years to maintain a record of your account history and allow us to reference previous interactions if issues recur.
Deleting Your Data Before Closure
You can delete specific records within SlitForge at any time from within the app. Individual run, defect, and downtime records can be deleted by authorized users. To delete your entire account and all associated data before the 90-day automatic deletion, contact us at support@slitforge.com with a deletion request and we will complete it within 30 days.
Your Rights and Choices
As a SlitForge subscriber, you have the following rights with respect to your information:
Access
You can access all your production data at any time through the SlitForge application. Account-level information (company name, subscription tier, API key) is visible within the Settings panel.
Export
Pro and Enterprise subscribers can export production data as CSV files directly from within the app at any time — no need to contact us. Basic subscribers may request a data export by emailing support@slitforge.com.
Correction
You can edit or correct individual run, defect, and downtime records directly within the app using the edit function on each record. To update account-level information (such as your contact email or company name), contact us at support@slitforge.com.
Deletion
You can delete individual records within the app at any time. To delete your entire account and all associated data, contact us at support@slitforge.com. We will complete account deletion within 30 days of your verified request. Note that deleted data cannot be recovered.
Objection and Restriction
If you object to how we are processing your information, or wish to restrict our processing to specific purposes, contact us at hello@slitforge.com and we will work with you to address your concern.
Opt Out of Non-Essential Communications
We send very few emails — primarily subscription receipts, renewal reminders, and responses to your support requests. These transactional emails are necessary to operate the service and cannot be opted out of while your account is active. We do not send marketing newsletters or promotional emails unless you have specifically requested them.
Note on B2B Accounts: SlitForge is a company-level product. Individual operators and users on your team do not have separate accounts with Gannon Labs — their data exists only within your company's account. Rights requests from individual users should be directed to the company Administrator, who manages the account. The company (account holder) is responsible for communicating privacy practices to their employees who use SlitForge.
Cookies and Tracking Technologies
What We Use
SlitForge uses browser localStorage (not traditional cookies) to store session information on your device. localStorage is a browser-based storage mechanism that does not transmit data to third parties automatically. The following items are stored locally:
- API key and license key: Used to authenticate your requests without requiring you to re-enter credentials on every visit
- User preferences: App settings such as theme (dark/light mode), selected language, and last-used machine or profile
- Offline cache: The PWA service worker caches app files locally to enable offline functionality and fast loading
What We Do Not Use
- We do not use third-party advertising cookies
- We do not use tracking pixels or analytics beacons from platforms such as Google Analytics, Meta Pixel, or similar services
- We do not use session recording or heatmap tools
- We do not use cross-site tracking technologies
Cloudflare Infrastructure Cookies
Cloudflare, our infrastructure provider, may set a technical cookie (typically __cf_bm) as part of its bot management and DDoS protection services. This cookie does not track your browsing activity across other websites and is used solely for security purposes. It expires at the end of your browser session. For more information, see Cloudflare's Cookie Policy.
Managing Local Storage
You can clear localStorage and cached PWA data at any time through your browser settings (Settings → Privacy → Clear browsing data → Cached images and files / Local storage). Note that clearing this data will log you out and remove any locally cached settings — you will need to re-enter your API key to reconnect.
Third-Party Services
SlitForge uses a small number of third-party services to operate. The following table summarizes those services and their role in how your data is handled:
| Service | Purpose | Data Involved |
|---|---|---|
| Cloudflare | Hosting, CDN, API infrastructure, database, DDoS protection, and security | All app data, API requests, IP addresses |
| Payment Processor | Processing subscription payments | Billing contact email, transaction amount |
| Google Fonts | Delivering web fonts (Bebas Neue, Inter, IBM Plex Mono) used in the app interface | IP address in font request (standard browser behavior) |
SlitForge does not use Google Analytics, Meta Pixel, Intercom, HubSpot, Mixpanel, Hotjar, or any other marketing, analytics, or customer data platform. The links within SlitForge to external resources (such as Cloudflare's privacy policy) are for reference only — visiting those external sites is governed by those sites' own privacy policies.
Children's Privacy
SlitForge is a professional business software product designed for use in commercial manufacturing and converting operations. It is not directed at, marketed to, or intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction).
We do not knowingly collect personal information from anyone under the age of 13. If you believe that a child under 13 has provided us with personal information, please contact us at support@slitforge.com and we will promptly delete that information.
Operators who use SlitForge in a workplace context are expected to be adults employed by the subscribing company. The account holder (company) is responsible for ensuring that only appropriate personnel have access to the SlitForge account.
International Users
SlitForge is operated from the United States by Gannon Labs. If you are accessing SlitForge from outside the United States, please be aware that your information will be processed and stored in the United States and in other countries where Cloudflare operates its infrastructure.
By using SlitForge, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.
European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent legislation may apply to the processing of your personal data. As a B2B SaaS provider, we primarily process data on behalf of our business customers (who are the data controllers for their employees' data). In that context, Gannon Labs acts as a data processor.
Our legal basis for processing personal data is primarily contract performance (providing the service you subscribed to) and legitimate interests (security, fraud prevention, and service improvement). If you have questions about GDPR applicability to your use of SlitForge, contact us at hello@slitforge.com.
California Users (CCPA)
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA). As a B2B SaaS provider, many CCPA provisions apply at the business level rather than to individual employees. SlitForge does not sell personal information as defined by the CCPA. For questions about your CCPA rights, contact us at hello@slitforge.com.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time as our practices evolve or as required by law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active subscribers by email at least 14 days before the revised policy takes effect
Your continued use of SlitForge after a revised Privacy Policy takes effect constitutes your acceptance of the updated policy. If you disagree with a material change, you may cancel your subscription in accordance with our Terms of Service.
Non-material changes — such as clarifications, formatting corrections, or contact information updates — may be made at any time without prior notice.
We recommend bookmarking this page. The version number and Last Updated date at the top always reflect the current version. Previous versions of this policy are available on request by emailing hello@slitforge.com.
Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or the handling of your information, please reach out. We take privacy seriously and will respond to all inquiries promptly.
Gannon Labs — SlitForge
Privacy & data inquiries: hello@slitforge.com
Technical support: support@slitforge.com
Website: slitforge.com
App: app.slitforge.com
We aim to respond to all privacy-related inquiries within 5 business days. For urgent data deletion or security matters, please include "PRIVACY URGENT" in the subject line.