Site is under development. If you find a bug, please let us know — we'll give you a free month of membership!
StarForge Kits

Privacy Policy

Last Updated: December 2025

This Privacy Policy ("Policy") describes how STARFORGE, operated through the website located at https://www.StarForgeKits.com (hereinafter referred to as "STARFORGE," "we," "us," "our," or the "Company"), collects, uses, maintains, processes, stores, transfers, discloses, and protects information collected from users (hereinafter referred to as "User," "you," "your," or "Member") of the StarForgeKits.com website and any associated services, applications, platforms, or digital properties (collectively, the "Services"). This Policy applies to the Site and all products, services, features, content, applications, and widgets offered by STARFORGE. By accessing, browsing, or otherwise using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree to this Policy, you must immediately discontinue use of the Services.

1. Definitions and Interpretation

1.1. For the purposes of this Privacy Policy, the following definitions shall apply unless the context otherwise requires: "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction. "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. "Data Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller. "Consent" means any freely given, specific, informed, and unambiguous indication of the User's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.

1.2. The headings and subheadings contained in this Privacy Policy are inserted for convenience of reference only and shall not affect the meaning or interpretation of this Policy. References to the singular include the plural and vice versa. References to any statute, statutory provision, or regulation include any modification, amendment, extension, or re-enactment thereof. The terms "include," "includes," and "including" shall be deemed to be followed by the phrase "without limitation" or "but not limited to."

2. Information We Collect

2.1. Account and Registration Information. When you create an account, register for membership, or access the Services through authentication mechanisms, we may collect certain information necessary for the provision of the Services, including but not limited to: (a) your selected username or display name as provided during the registration or login process; (b) your membership tier classification (e.g., Wanderer, Merchant, or Starforger), which determines your access privileges, download limitations, and commercial licensing rights within the platform; (c) authentication tokens, session identifiers, and related technical data necessary to maintain your authenticated session and verify your identity upon subsequent visits; and (d) timestamps and metadata associated with your account creation, login events, and authentication activities.

2.2. Payment and Subscription Information. STARFORGE utilizes third-party payment processors, specifically Patreon, Inc. ("Patreon"), to process all membership subscriptions and payment transactions. We do not directly collect, store, process, or have access to your complete payment card information, banking details, or other sensitive financial data. When you subscribe to a paid membership tier through Patreon, Patreon independently processes your payment information in accordance with their own privacy policy and data handling practices. The only payment-related information we receive from Patreon consists of: (a) confirmation of your active subscription status; (b) your membership tier level; and (c) subscription validity dates for the purpose of determining your access privileges and licensing rights. Users are encouraged to review Patreon's Privacy Policy at https://www.patreon.com/privacy to understand how Patreon collects, uses, and protects your payment information.

2.3. Communications and Feedback. When you submit feedback, inquiries, comments, suggestions, requests, or other communications through contact forms available on product pages within the Services, we collect the content of such communications, including any Personal Data you choose to include therein. This may include, but is not limited to: (a) your name or pseudonym as provided; (b) your message content, including any attachments, images, or supplementary materials; (c) the specific product page or context from which the communication was initiated; (d) the timestamp of submission; and (e) any technical metadata associated with the submission. You acknowledge that the decision to provide Personal Data in such communications is voluntary, and you should exercise appropriate discretion regarding the information you choose to share.

2.4. Favorites and Stash Data. The Services include functionality allowing you to designate certain products as "favorites" or add them to your personal "stash" for convenient future reference. This feature is implemented using client-side storage technologies, specifically browser localStorage. As such, your favorites and stash selections are stored exclusively on your local device and are not transmitted to, collected by, or stored on STARFORGE servers. Consequently, this data is not accessible to us, cannot be recovered if you clear your browser data, and will not transfer between different devices or browsers unless you manually export and import such data through functionality that may be provided.

2.5. Download Activity and Rate Limiting Data. To enforce download limitations applicable to certain membership tiers and to prevent abuse of the Services, we collect and process information related to your download activities, including: (a) your IP address at the time of download requests; (b) unique identifiers stored in cookies for session continuity; (c) timestamps of download requests; (d) the specific files or products for which downloads were requested; and (e) the outcome of rate limit checks (approved or denied). This information is used solely for the purpose of enforcing the download limitations described in our Terms of Service and is not used for marketing, advertising, or other unrelated purposes.

2.6. Automatically Collected Technical Information. When you access or use the Services, we automatically collect certain technical information through standard web server logs, analytics tools, and similar technologies. This automatically collected information may include, but is not limited to: (a) your Internet Protocol (IP) address, which may be used to approximate your general geographic location; (b) your browser type, version, and configuration settings; (c) your operating system type and version; (d) your device type and screen resolution; (e) the date and time of your access to the Services; (f) the pages, features, content, and resources you view, access, or interact with; (g) the referring URL or source that directed you to the Services; (h) your click patterns, scroll behavior, and navigation paths within the Services; (i) error logs and performance data; and (j) other similar technical and usage data. This information is collected for the purposes of operating, maintaining, analyzing, and improving the Services, as well as for security, fraud prevention, and compliance purposes.

3. Cookies and Tracking Technologies

3.1. Use of Cookies. STARFORGE uses cookies, which are small text files placed on your device, to facilitate the operation of the Services and enhance your user experience. Cookies allow us to recognize your browser or device upon subsequent visits, maintain your authenticated session, remember your preferences and settings, and provide functionality that would not otherwise be possible. The cookies we use are primarily essential cookies necessary for the basic functionality of the Services, including authentication and session management.

3.2. Types of Cookies. We may use the following categories of cookies: (a) Strictly Necessary Cookies, which are essential for the operation of the Services and enable core functionality such as security, authentication, and session management—these cookies cannot be disabled; (b) Functional Cookies, which enable enhanced functionality and personalization, such as remembering your preferences and settings; and (c) Analytics Cookies, which help us understand how visitors interact with the Services by collecting and reporting information in aggregate form. We do not currently use advertising or targeting cookies.

3.3. Cookie Management. Most web browsers are configured to accept cookies by default. You may modify your browser settings to decline cookies or to alert you when a cookie is being placed on your device. Please consult your browser's help documentation for instructions on how to manage cookie settings. Please be aware that if you choose to decline or delete cookies, certain features and functionality of the Services may not operate properly, and you may be required to re-authenticate or re-enter information on subsequent visits.

4. How We Use Your Information

4.1. Provision of Services. We use the information we collect to provide, operate, maintain, and improve the Services, including to: (a) authenticate your identity and manage your account; (b) provide access to downloads in accordance with your membership tier and applicable limitations; (c) enforce rate limits and prevent abuse of the download functionality; (d) process and respond to your inquiries, feedback, and support requests submitted through contact forms; (e) personalize your experience and present content relevant to your interests; and (f) maintain the security and integrity of the Services.

4.2. Communication. We may use your information to communicate with you regarding: (a) responses to your inquiries and feedback submitted through contact forms; (b) important notices regarding changes to the Services, this Privacy Policy, or our Terms of Service; (c) technical alerts, updates, security notifications, and administrative messages; and (d) other information related to your use of the Services. We do not currently send marketing emails or promotional communications.

4.3. Analytics and Improvement. We use aggregated and anonymized data derived from usage patterns to analyze trends, administer the Services, track user engagement, gather demographic information, and improve the overall quality, functionality, and user experience of the Services. This analysis helps us understand how users interact with the Services, identify areas for improvement, and make data-driven decisions regarding future development.

4.4. Legal and Compliance. We may use your information as necessary to: (a) comply with applicable laws, regulations, legal processes, or governmental requests; (b) enforce our Terms of Service and other agreements; (c) protect the rights, property, safety, or security of STARFORGE, our users, or the public; (d) detect, prevent, or address fraud, security issues, or technical problems; and (e) establish, exercise, or defend legal claims.

5. Information Sharing and Disclosure

5.1. No Sale of Personal Information. STARFORGE does not sell, rent, lease, or trade your Personal Data to third parties for their own marketing or commercial purposes. We do not participate in data broker activities or provide Personal Data to data aggregators for commercial exploitation.

5.2. Service Providers. We may share information with third-party service providers who perform services on our behalf and require access to such information to perform those services. Our primary service providers include: (a) Patreon, Inc., which processes membership subscriptions and payments; and (b) Vercel, Inc., which provides website hosting, content delivery, and infrastructure services. These service providers are contractually obligated to use Personal Data only for the purposes of providing services to us and in accordance with this Privacy Policy.

5.3. Legal Requirements. We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or other legal mechanisms. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.4. Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of assets, or other business transaction involving STARFORGE, your Personal Data may be transferred to the successor entity or acquiring party. In such event, we will endeavor to ensure that the successor entity agrees to honor the commitments made in this Privacy Policy.

6. Data Retention

6.1. Retention Periods. We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, to comply with our legal obligations, to resolve disputes, to enforce our agreements, and as otherwise permitted or required by applicable law. The specific retention periods vary depending on the nature and purpose of the data: (a) account information is retained for the duration of your account and for a reasonable period thereafter to allow for account reactivation and to comply with legal requirements; (b) download activity logs used for rate limiting are retained for the period necessary to enforce daily download limits, typically not exceeding 30 days; (c) server logs and automatically collected technical data are retained for operational and security purposes, typically not exceeding 90 days; and (d) communications submitted through contact forms are retained for as long as necessary to respond to and resolve the inquiry.

6.2. Deletion. Upon the expiration of applicable retention periods, or upon valid request as described in Section 7, Personal Data will be deleted, anonymized, or aggregated in a manner that prevents identification of individual users.

7. Your Rights and Choices

7.1. General Rights. Depending on your jurisdiction, you may have certain rights regarding your Personal Data, including: (a) the right to access and obtain a copy of the Personal Data we hold about you; (b) the right to request correction or rectification of inaccurate or incomplete Personal Data; (c) the right to request deletion or erasure of your Personal Data, subject to certain exceptions; (d) the right to restrict or object to certain processing of your Personal Data; (e) the right to data portability, allowing you to obtain your Personal Data in a structured, commonly used, machine-readable format; and (f) the right to withdraw consent previously provided, where processing is based on consent.

7.2. California Consumer Privacy Act (CCPA). If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"). These rights include: (a) the right to know what Personal Information we collect, use, disclose, and sell; (b) the right to request deletion of your Personal Information; (c) the right to opt-out of the sale of your Personal Information (note: we do not sell Personal Information); (d) the right to non-discrimination for exercising your CCPA rights; and (e) the right to correct inaccurate Personal Information. To exercise these rights, please submit a verifiable consumer request through the contact form on any product page. We will respond to verifiable requests within 45 days, or within such extended period as permitted by law.

7.3. General Data Protection Regulation (GDPR). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable local data protection laws. These rights include: (a) the right of access (Article 15 GDPR); (b) the right to rectification (Article 16 GDPR); (c) the right to erasure, also known as the "right to be forgotten" (Article 17 GDPR); (d) the right to restriction of processing (Article 18 GDPR); (e) the right to data portability (Article 20 GDPR); (f) the right to object (Article 21 GDPR); and (g) rights related to automated decision-making and profiling (Article 22 GDPR). To exercise these rights, please submit a request through the contact form on any product page. We will respond to requests within one month, or within such extended period as permitted by the GDPR. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

7.4. Exercising Your Rights. To exercise any of the rights described in this Section 7, please submit a request through the contact form available on any product page within the Services. To protect your privacy and security, we may require verification of your identity before processing your request. We will endeavor to respond to all legitimate requests within 30 days, or within such other period as required or permitted by applicable law. In certain circumstances, we may be unable to fully comply with your request, such as where doing so would adversely affect the rights and freedoms of others, where we are legally required to retain certain information, or where an exception applies under applicable law.

8. Data Security

8.1. Security Measures. We implement and maintain reasonable administrative, technical, and physical security measures designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to: encryption of data in transit using Transport Layer Security (TLS); access controls limiting access to Personal Data to authorized personnel; and regular security assessments.

8.2. No Guarantee. While we strive to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your Personal Data. You acknowledge and accept that you provide Personal Data at your own risk. In the event of a security breach affecting your Personal Data, we will notify affected users and relevant authorities as required by applicable law.

9. Children's Privacy

9.1. Age Restrictions. The Services are not intended for, directed at, or designed to attract children under the age of 13 (or such higher age as may be required by applicable law in your jurisdiction). We do not knowingly collect, solicit, or maintain Personal Data from children under 13. If we become aware that we have collected Personal Data from a child under 13, we will take reasonable steps to delete such information as promptly as practicable.

9.2. Parental Notification. If you are a parent or guardian and believe that your child has provided Personal Data to us without your consent, please contact us through the contact form on any product page. Upon verification, we will delete the child's Personal Data from our records.

10. International Data Transfers

10.1. Data Location. The Services are operated from and hosted on servers located in various jurisdictions, including the United States. If you access the Services from outside the United States, your Personal Data may be transferred to, stored in, and processed in the United States or other countries. These countries may have data protection laws that are different from, and potentially less protective than, the laws of your country of residence.

10.2. Transfer Mechanisms. Where required by applicable law, we implement appropriate safeguards for cross-border transfers of Personal Data, which may include Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

11. Third-Party Links and Services

11.1. External Links. The Services may contain links to third-party websites, applications, or services that are not operated or controlled by STARFORGE, including but not limited to Patreon. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through links from the Services. We are not responsible for the privacy practices, content, or security of third-party websites or services.

12. Changes to This Privacy Policy

12.1. Modifications. We reserve the right to modify, amend, or update this Privacy Policy at any time, in our sole discretion, to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. Any changes will be effective immediately upon posting of the revised Policy on the Services. The "Last Updated" date at the bottom of this Policy indicates when the Policy was last revised.

12.2. Notification of Material Changes. In the event of material changes to this Privacy Policy that significantly affect our processing of your Personal Data, we will endeavor to provide notice through the Services or by other means prior to the changes becoming effective. Your continued use of the Services following the posting of any changes constitutes your acceptance of such changes.

13. Contact Information

13.1. Questions and Requests. If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your rights as described herein, please contact us by submitting a message through the contact form available on any product page within the Services. We will endeavor to respond to all inquiries within a reasonable timeframe.

14. Governing Law

14.1. This Privacy Policy and any disputes arising out of or relating to this Policy or your use of the Services shall be governed by and construed in accordance with applicable law, without regard to conflict of law principles. This provision does not limit any rights you may have under mandatory consumer protection laws in your jurisdiction.