Trust & Security

Your data stays where you put it.

ForgeSend is the only cold email platform you can self-host on your own VPS. Your lead lists, credentials, and campaign data never touch our servers. AES-256-GCM encryption at rest. No telemetry. No surprises.

View pricing →

How we protect your data

01Architecture

Self-hosted by design

ForgeSend runs on your own server. PostgreSQL, Redis, and the NestJS backend are all containerised with Docker Compose. Deploy to any VPS or bare-metal host in under 10 minutes. Your data never touches our infrastructure unless you choose the cloud-hosted tier.

02Encryption

AES-256-GCM credential encryption

Every OAuth token and SMTP credential stored in ForgeSend is encrypted at rest with AES-256-GCM using a key you control. The encryption key lives in your environment — not in the database. Even a full database dump exposes no usable credentials.

03Transparency

Transparent by design

ForgeSend is proprietary software you deploy on your own infrastructure. The send path, AES-256-GCM encryption implementation, and Docker Compose configuration are fully visible in your running instance. There are no telemetry callbacks, no obfuscated modules, and no hidden billing layers. Every external call your deployment makes is to providers you configured.

04Isolation

Workspace isolation

Every piece of data in ForgeSend — contacts, campaigns, inboxes, enrichment ledger entries — is scoped to a workspace. Cross-workspace access is enforced at the service layer, not just in the UI. Multi-tenant deployments keep client data fully separated.

Security specification

Credentials at restAES-256-GCM, key in env
TransportTLS 1.3 for all API + SMTP connections
Auth tokensJWT in httpOnly cookies, 7-day expiry
Two-factor authTOTP 2FA via any authenticator app, with backup codes
Password hashingbcrypt with per-user salt
OAuth tokensEncrypted before write, decrypted on use
SMTP passwordsAES-256-GCM, never stored in plaintext
Workspace isolationEnforced at service layer per request
Data ownershipSelf-hosted: 100% yours. Cloud: standard SaaS.
Audit logEnrichment ledger — full per-action cost trail

What we will never do.

Six hard commitments. Not aspirations — these are things we will not do regardless of commercial pressure.

Sell or share your data

Your contacts, campaigns, and pipeline data are never sold, licensed, or shared with any third party under any condition.

Train AI models on your data

Your sequences, lead lists, and campaign content are never used to train AI models. When AI processes your input, it returns output — nothing is retained.

Access your inbox without consent

Email integrations are opt-in and revocable at any time. We do not access mailbox content outside of explicit connection grants.

Store your card details

Payment card data never touches ForgeSend servers. All card processing is handled directly by Stripe (PCI DSS Level 1). We retain only an encrypted payment reference token.

Allow cross-workspace data access

Workspace isolation is enforced at the database and service layer. No user, support agent, or process can query data across workspace boundaries.

Retain data after account deletion

When you delete your account or cancel your subscription, your data is permanently deleted within 30 days. There is no hidden retention window.

Staff access policy

ForgeSend staff cannot access your workspace data.

Under normal operations, no employee has access to workspace contents — contacts, campaigns, inbox data, or enrichment records. Support investigations require explicit authorisation, are fully logged, and are conducted only with the account holder's knowledge. Self-hosted operators control access entirely — we have no path into your infrastructure.

Data residency

Cloud tier data is hosted in the United Kingdom.

All cloud-hosted ForgeSend accounts are stored on servers physically located in the United Kingdom. Data is not replicated to regions outside the UK without explicit disclosure. Self-hosted operators choose their own residency — your server, your jurisdiction.

Sub-processors

ForgeSend (cloud tier) uses the following sub-processors. Self-hosted operators do not use Stripe or Anthropic sub-processors — those are cloud-tier only.

Stripe
PurposePayment processing
DataBilling data only
RegionUK / US
AnthropicCloud only
PurposeAI sequence generation
DataPrompt content only
RegionUS
Google Cloud Storage
PurposeFile storage
DataUploaded files
RegionUK
Backblaze B2
PurposeBackup storage
DataDatabase backups
RegionEU

Who you're dealing with.

ForgeSend is operated by a registered UK company. You can verify these details independently.

Registered nameStudio Launch Ltd
Company number16430935
JurisdictionEngland and Wales
Registered officeTwelve Quays House, Egerton Wharf, Wirral, CH41 1LD
GDPR roleData processor — you remain the data controller
Verify on Companies House →Read the DPA →
Self-hosted tier

ForgeSend is the only cold email platform you can run on your own VPS.

No competitor in the category — Instantly, Smartlead, Woodpecker, QuickMail, Saleshandy — offers self-hosting. ForgeSend ships with a Docker Compose file that runs the entire stack. Your lead lists never touch our servers. Your credentials are yours.

docker compose up -d

Infrastructure & compliance

🔒
Encryption in transit
TLS 1.3 for all API and SMTP connections
🗄️
Encryption at rest
AES-256-GCM for all stored credentials and tokens
💾
Data backup
PostgreSQL backups built in when self-hosting with Docker
🇬🇧
UK GDPR compliant
Self-hosting means your data never leaves your server
📋
SOC 2 in progress
Certification planned for the cloud-hosted tier
📬
Responsible disclosure
Found a vulnerability? Email [email protected]
View live system status at status.forgesend.cloud →

Common questions

Can I really run ForgeSend on my own server?

Yes. ForgeSend ships with a Docker Compose file that starts PostgreSQL 16, Redis 7, and the NestJS backend. Deploy to any VPS — Fasthosts, Hetzner, DigitalOcean, bare-metal — in under 10 minutes. See the README for the exact setup steps.

Where is the encryption key stored?

The AES-256-GCM encryption key is a base64-encoded 32-byte value that lives in your .env file as ENCRYPTION_KEY_BASE64. It is never written to the database. If someone obtains a database dump without the key, all stored credentials are unreadable.

What data does ForgeSend send to Anthropic?

Self-hosted deployments make no calls to Anthropic by default. The AI Sequence Copilot feature on the cloud-hosted tier uses the Anthropic API to generate sequence copy — your prompt structure is processed to produce output; no lead data or credentials are sent. Self-hosted operators who enable AI Sequence Copilot supply their own Anthropic API key. Sending infrastructure never touches Anthropic.

What is the difference between self-hosted and cloud-hosted?

Self-hosted: you run ForgeSend on your own server, your data never leaves your infrastructure, and there is no per-seat fee. Cloud-hosted: we run ForgeSend for you, standard SaaS data handling applies, SOC 2 certification is in progress for this tier.

What happens to my data if I cancel?

You can export everything at any time — contacts, campaigns, inbox history — before cancelling. After cancellation, all data is permanently deleted within 30 days. There is no hidden retention window and no re-activation lock-in.

Who can access my data?

ForgeSend staff cannot access workspace data under normal operations. Support investigations require explicit authorisation, are fully logged, and are conducted only with the account holder's knowledge. Self-hosted operators control access entirely — we have no access to your infrastructure.

Your data. Your server. Your rules.

Self-hosted on your VPS. AES-256-GCM encryption. No telemetry. No surprises.

View pricing →Explore all features →

Security posture last reviewed: June 2026