What Forepost stores
Per user:| Category | Storage | What’s in it |
|---|---|---|
| Workspace | Cloudflare D1 (SQLite at the edge) | Company name, support platform, the eight metric values + deltas, your team list (names, ticket counts, CSAT, flags, notes). Capped at 16 KB. |
| Subscriptions | D1 | Email address, IANA timezone, hour preference, Daily Brief on/off, Weekly Watch on/off, last-sent timestamps. |
| Metrics history | D1 | A snapshot of your eight numbers every time you save Settings. Used by Horizon and the Weekly Watch. |
| Archived briefs | D1 | Every Daily Brief and Weekly Watch we successfully email you, stored as plain prose. |
| Rate-limit counters | D1 | Hourly buckets for AI proxy + manual sends. Resets continuously. |
| Browser cache | localStorage on your device | Last brief (so you don’t see a flash on reload). Namespaced by your Clerk user ID. |
What Forepost does not store
- Raw ticket data. When you import a CSV, the rows are parsed in your browser. Only the aggregated metrics are sent to Forepost. The CSV file itself is not retained anywhere.
- Message bodies. Forepost has no access to individual conversations from Intercom/Zendesk/etc., there’s no integration yet. When integrations land, ticket bodies will only be read on demand for source attribution, not bulk-cached.
- Conversation history. Your Ask Forepost chat sessions are not persisted. Each session is in-memory only.
- Read receipts or click tracking. Email links use HMAC-signed tokens for unsubscribe; no analytics pixels.
- Card details or payment info. Beta is free. When billing turns on, payment is handled by a PCI-compliant processor (Stripe) and Forepost never touches card data.
Where data is processed
| Surface | Provider | Region |
|---|---|---|
| App hosting | Vercel | Global edge |
| API + database | Cloudflare Workers + D1 | EU-West (London) primary, replicated globally |
| Email delivery | Resend (via AWS SES) | EU-West (Ireland) |
| Authentication | Clerk | US (with EU residency option for Enterprise) |
| AI generation | Anthropic | US |
Data sent to Anthropic
When a Daily Brief or Board Pack is generated, your eight metrics and team list are included in the system prompt sent to Anthropic’s API. No ticket content. No message bodies. No customer PII beyond what you typed into your team list (typically first names + initials). Anthropic’s data retention policy applies to those calls. For their commercial terms, see anthropic.com/legal/commercial-terms.Cookies & tracking
The Forepost app sets:- A Clerk session cookie (essential).
- A small localStorage entry for the brief cache (essential, performance).
Your rights (GDPR)
Forepost users have:- Right of access. Email privacy@forepost.ai and we’ll send your data export.
- Right to rectification. Edit your workspace anytime in Settings. For account-level data (email, name), use the Clerk account portal.
- Right to erasure. See “Deleting your data” below.
- Right to data portability. The export is JSON; portable as standard.
- Right to object & restrict. Email us; we respond within 30 days.
Deleting your data
The right-to-erasure path is currently manual.- Email privacy@forepost.ai with subject Account deletion request.
- Within 30 days:
- Your Clerk user is deleted (auth + verified emails).
- Your workspace, subscription, metrics history, archived briefs, and counters are removed from D1.
- The browser cache is wiped on the next sign-in attempt (or you can clear it manually).
Sub-processors
| Sub-processor | Purpose | Data it handles |
|---|---|---|
| Cloudflare | Hosting, edge DB | All workspace + subscription data |
| Vercel | SPA hosting | Static assets, no user data |
| Anthropic | AI generation | Metrics + team for brief generation |
| Resend | Email delivery | Subject, body, to-address |
| Clerk | Authentication | Email, name, session tokens |