Privacy Policy
Last updated July 2026
1. Overview
This Privacy Policy explains how Zimbs Technology LLP (“we”, “us”, or “our”), the operator of PatchForge, collects, uses, and protects information in connection with the Service. It applies to information about you as a PatchForge customer and, separately, to the limited telemetry the PatchForge SDK emits on behalf of your application’s end users.
2. Data We Collect
We collect the information you provide when you create an account and Organization, including your name, email address, billing details, and GSTIN where applicable. When you publish a release, we store the application bundles you upload. When your published apps check in for updates, the PatchForge SDK sends device telemetry to our servers — an opaque, per-install device identifier, app version, and platform — used only to determine which release to serve and to power your rollout analytics. PatchForge itself does not collect any personally identifiable information about your end users.
3. How We Use Data
We use the information described above to operate and maintain the Service, process billing, provide customer support, improve the product, and comply with our legal obligations. We do not sell your data or your end users’ device telemetry to third parties.
4. Data Processor Role
PatchForge acts as a data processor for the application metadata and telemetry generated by your end users; you remain the data controller for your own application and its users. This means you are responsible for ensuring your own privacy notices, and your own compliance obligations toward your end users, are met independently of PatchForge’s role as your delivery infrastructure.
5. Data Retention
We retain your Organization’s data for as long as your account is active and per the retention window associated with your plan. If you cancel your subscription, your data is retained for the retention window shown in your billing portal, after which it is permanently deleted from our systems and backups in the ordinary course.
6. Storage & Security
Application bundles and release artifacts are stored in Cloudflare R2 private buckets and are never publicly readable. All traffic to and from the Service is encrypted in transit via TLS. Published releases are cryptographically signed with RSA-4096 keys so that devices can verify the authenticity of an update before applying it.
7. Third-Party Processors
We rely on a small number of third-party processors to operate the Service: Razorpay for payment processing, and a transactional email provider for account, billing, and product notifications. Each processor only receives the data it needs to perform its function and is bound by its own data-protection obligations.
8. Your Rights
You may request an export of your Organization’s data, or request deletion of your account in accordance with our retention policy above, by emailing support@patchforge.tech from the address associated with your account.
9. Cookies
We use session cookies only, to keep you signed in and to protect against cross-site request forgery. We do not use third-party advertising or tracking cookies on the Service.
10. Changes to this Policy
We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email before the change takes effect. Continued use of the Service after a change becomes effective constitutes acceptance of the updated policy.
11. Contact
Questions about this Privacy Policy can be sent to support@patchforge.tech.