Privacy Policy
Last updated: February 3, 2026
1. Introduction
Forestry.md ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information.
We are based in Norway and comply with the General Data Protection Regulation (GDPR).
Data Controller:
Forestry.md
Email: [email protected]
2. Information We Collect
Information You Provide
- Account Information: Email address, name (optional), password (hashed)
- Payment Information: Processed by Stripe; we do not store card details
- User Content: Text, images, and files you publish from your Obsidian vault
Information Collected Automatically
- Usage Data: Features used, build statistics, timestamps
- Analytics Data: Click behavior, scroll patterns, session recordings (via Microsoft Clarity)
- Device Information: Browser type, operating system
- Log Data: IP addresses, access times
3. How We Use Your Information
We use your information to:
- Provide and operate the Service
- Process payments
- Send service updates and security alerts
- Improve the Service
- Prevent fraud and abuse
- Comply with legal obligations
Legal Basis (GDPR)
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract |
| Processing payments | Contract |
| Security and fraud prevention | Legitimate interest |
| Analytics (Microsoft Clarity) | Legitimate interest |
| Service improvements | Legitimate interest |
| Legal compliance | Legal obligation |
4. Data Sharing
Service Providers
We share data with the following providers who process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| GitHub | Stores your raw content files | US |
| Microsoft Azure | Build infrastructure | EU/US |
| Microsoft Clarity | Analytics (dashboard) | US |
| DigitalOcean | Website hosting | EU/US |
| Supabase | Authentication, database | EU |
| Stripe | Payment processing | US |
How Your Content Flows
- Your Obsidian plugin sends files to GitHub
- Azure retrieves and processes the files
- The published site is served from DigitalOcean
Published Content
Content you publish is publicly available on the internet. You control what is published.
Legal Requirements
We may disclose information if required by law or to protect rights, property, or safety.
5. International Data Transfers
Your data may be transferred to countries outside Norway, including the United States. We ensure safeguards through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all providers
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until deletion + 30 days (for backup removal) |
| Published content | Until deletion + 30 days (for backup removal) |
| Build logs | 90 days |
| Payment records | 7 years (legal requirement) |
| Server logs | 30 days |
7. Cookies and Analytics
Essential Cookies
- Authentication (session cookies)
- User preferences
Analytics
We use Microsoft Clarity to understand how users interact with the dashboard. Clarity may collect:
- Click and scroll behavior
- Session recordings
- Device and browser information
Clarity is configured to mask sensitive input fields for your protection. Clarity data is processed by Microsoft in accordance with their privacy policy. You can opt out of Clarity tracking at https://clarity.microsoft.com/optout
We do not use advertising cookies.
8. Your Rights (GDPR)
You have the right to:
- Access - Request a copy of your data
- Rectification - Correct inaccurate data
- Erasure - Delete your data
- Restriction - Limit how we use your data
- Portability - Export your data
- Object - Object to processing
- Withdraw consent - Where processing is based on consent
Exercising Your Rights
Contact us at [email protected]. We respond within 30 days.
Complaints
You may lodge a complaint with:
Datatilsynet (Norwegian Data Protection Authority)
https://www.datatilsynet.no
9. Data Security
We implement security measures including:
- Encryption in transit (TLS/HTTPS)
- Access controls
- Regular security reviews
No system is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
The Service is not intended for users under 13. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this policy with at least 30 days notice for material changes. The "Last updated" date indicates the latest revision.
12. Contact
For questions or to exercise your rights:
Email: [email protected]
Summary
What we collect: Account info, content you publish, usage data, payment info.
Why: To provide the Service, process payments, and keep things secure.
Who we share with: GitHub (stores raw files), Azure, DigitalOcean, Supabase, Stripe, Microsoft Clarity (analytics).
Your rights: Access, correct, delete, or export your data.
Questions? [email protected]