Privacy Policy
Last updated: March 6, 2026
This Privacy Policy for Forest Valley Rocky Inc ("we," "us," or "our"), doing business as Forest Valley, describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our websites at https://fv.dev or https://apps.fv.dev, or any website of ours that links to this Privacy Policy
- Install or use any of our applications published through third-party platform marketplaces
- Contact us or engage with us in other related ways
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you still have questions, please contact us at legal@fv.dev.
Summary
This summary provides key points. Click the section headings in the Table of Contents below for more detail.
- What personal information do we process? We process limited information: contact details you submit via our website contact form, and technical data related to app operation (such as store configuration and URL slugs). We do not process sensitive personal information.
- Do we process sensitive personal information? No.
- Do we collect information from third parties? No.
- How do we process your information? To respond to your inquiries, deliver app functionality, and maintain the security and reliability of our Services.
- With whom do we share your information? We use a limited set of infrastructure providers (Cloudflare, Railway). We do not sell your data or share it for advertising.
- What are your rights? Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal information.
- How do you exercise your rights? Contact us at legal@fv.dev.
Table of Contents
- 1. What Information Do We Collect?
- 2. How Do We Process Your Information?
- 3. What Legal Bases Do We Rely On?
- 4. When and With Whom Do We Share Your Personal Information?
- 5. Do We Use Cookies and Other Tracking Technologies?
- 6. How Long Do We Keep Your Information?
- 7. How Do We Keep Your Information Safe?
- 8. Do We Collect Information from Minors?
- 9. What Are Your Privacy Rights?
- 10. Controls for Do-Not-Track Features
- 11. Do United States Residents Have Specific Privacy Rights?
- 12. Do Other Regions Have Specific Privacy Rights?
- 13. How Can You Review, Update, or Delete Your Data?
- 14. Do We Make Updates to This Policy?
- 15. Relationship with Other Policies
- 16. How Can You Contact Us?
1. What Information Do We Collect?
In short: We collect only the information you provide to us directly, and limited technical data necessary to deliver our apps.
1.1 Information You Provide to Us
Contact form submissions. When you use the contact form on our websites (fv.dev or apps.fv.dev), we collect the personal information you voluntarily provide, which may include your name and email address. We use this solely to respond to your inquiry.
Sensitive information. We do not process sensitive personal information (such as health data, racial or ethnic origin, financial account details, or government identification numbers).
1.2 Information Collected Through Our Apps
When you install and use one of our applications through a third-party marketplace, we process limited data necessary to deliver the app's functionality. This data is tied to your account on the host platform rather than to individual end users.
Depending on the app, this may include:
| Category | Examples | Purpose |
|---|---|---|
| Store profile & settings | Store ID, store URL, platform type, subscription plan | App authentication, feature delivery |
| Store owner contact data | Store owner email address | Service communications, activity log |
| Store catalog data | Product/category names, URL slugs, entity IDs | App functionality (e.g., slug change detection, redirect rules) |
| Storefront visitor behavior | 404 error URL paths, HTTP referrer headers, hit counts, timestamps | Broken URL detection and reporting to the merchant |
We do not collect, store, or process end-customer personal data (such as customer names, emails, payment details, or shipping addresses) belonging to your store's buyers.
1.3 Information Collected Automatically
When you visit our websites, certain technical information is collected automatically by our infrastructure providers (see Section 4), including:
- IP address (processed by Cloudflare for CDN delivery and security)
- Browser type and device characteristics
- Pages visited and timestamps
This information is used for security, abuse prevention, and reliable delivery of our websites. We do not use it for behavioral advertising or tracking across other websites.
2. How Do We Process Your Information?
In short: We process your information only to deliver our Services, respond to inquiries, and maintain the security of our infrastructure.
We process personal information for the following purposes:
- To respond to your inquiries. Information submitted via our contact form is used solely to reply to you.
- To deliver app functionality. Store profile data, catalog data, and storefront visitor behavior are processed to provide the features of our apps (e.g., redirect management, 404 detection, slug tracking).
- To maintain security and reliability. We monitor for errors and abuse to ensure our Services function correctly and securely.
- To comply with legal obligations. We may process or retain data as required by applicable law.
We do not use your information for advertising, behavioral profiling, or sale to third parties.
3. What Legal Bases Do We Rely On?
In short: We process personal information only when we have a valid legal basis to do so.
When we process data on behalf of the users of our apps (such as information about their end users), we act as a Data Processor (or Service Provider under applicable US state laws). The app user acts as the Data Controller and determines the purposes of that processing. When we process account data about our app users themselves (such as account email addresses used for service communications), we act as a Data Controller. The legal bases below apply to data we process as a controller.
If you are located in the EU, UK, or Switzerland
We rely on the following legal bases:
- Contract performance: Processing is necessary to deliver the app functionality you have installed and are paying for, or to respond to your contact form inquiry.
- Legal obligations: We may process data to comply with applicable laws and regulations.
- Legitimate interests: We process limited technical data (such as error logs and IP addresses) to maintain the security and reliability of our Services, where those interests are not overridden by your rights.
We do not rely on consent as a basis for processing app-related data. Consent is relied upon only where separately indicated (e.g., optional communications).
If you are located in Canada
We rely on express or implied consent as appropriate, and in limited circumstances on the exceptions to consent recognized under PIPEDA and applicable provincial laws (e.g., fraud prevention, legal compliance).
4. When and With Whom Do We Share Your Personal Information?
In short: We share data only with the infrastructure providers necessary to operate our Services. We do not sell your data or share it for advertising.
We use the following sub-processors and infrastructure providers:
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | CDN delivery of websites and storefront JavaScript; network security and proxy | Global edge network |
| Railway (railway.app) | Backend hosting, PostgreSQL database, Redis cache | United States |
We have no other data sharing arrangements. We do not disclose personal data to:
- Advertising networks or data brokers
- Analytics providers
- Marketing platforms
We may disclose personal data if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of Forest Valley Rocky Inc, our users, or others.
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to a successor entity, subject to equivalent privacy protections.
5. Do We Use Cookies and Other Tracking Technologies?
In short: We use only essential technical cookies. We do not use advertising or analytics cookies.
Our websites use a limited number of cookies that are necessary for basic site functionality:
- Session cookies set by our web framework to manage contact form submissions and maintain basic site state. These expire when you close your browser.
- Cloudflare security cookies (e.g.,
__cf_bm,cf_clearance) set automatically by Cloudflare to distinguish human visitors from bots and to maintain CDN session integrity. These are functional and security-related; they are not used for advertising or cross-site tracking.
We do not use:
- Analytics cookies (e.g., Google Analytics, Hotjar)
- Advertising or targeting cookies
- Social media tracking pixels
Because the cookies we use are strictly necessary for the operation of the site and security infrastructure, they do not require your consent under most jurisdictions. If your browser or applicable law requires you to be informed, this section serves as that disclosure.
You can control or delete cookies through your browser settings. Disabling cookies may affect the functionality of our contact form.
6. How Long Do We Keep Your Information?
In short: We retain data only as long as necessary for the purpose for which it was collected.
| Data Type | Retention Period |
|---|---|
| Contact form submissions (name, email, message) | Up to 2 years from the date of last contact, or until you request deletion |
| App store profile & settings | Duration of app installation + 90 days after uninstallation |
| Store owner email | Duration of app installation + 90 days after uninstallation |
| App redirect rules & slug history | Duration of app installation + 90 days after uninstallation |
| Storefront 404 logs | Rolling 90-day window; auto-purged |
| App activity log entries | Rolling 90-day window; auto-purged |
When a retention period expires, data is permanently deleted or anonymized. Data stored in backup systems is securely isolated from active processing and purged on the next backup rotation cycle.
We may retain data for longer periods if required by applicable law, or where data is relevant to an active legal dispute.
7. How Do We Keep Your Information Safe?
In short: We implement appropriate technical and organizational measures to protect your personal information.
Our security measures include:
- Encryption in transit: All data transmitted between your browser and our Services is protected using TLS 1.2 or higher.
- Encryption at rest: Sensitive data (such as access tokens) is encrypted in storage.
- Access controls: Access to personal data is restricted to personnel and systems that require it to perform their functions.
- Error monitoring: We use infrastructure-level monitoring to detect and respond to security incidents.
- Data minimization: We collect only the data that is strictly necessary to deliver our Services.
No method of electronic transmission or storage is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security. Transmission of data to and from our websites is at your own risk.
8. Do We Collect Information from Minors?
In short: No. Our Services are intended for adults and business users only.
Our websites and applications are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. Our apps are designed for use by business professionals operating accounts on third-party platforms.
If you believe we have inadvertently collected data from a person under 18, please contact us at legal@fv.dev and we will promptly delete it.
9. What Are Your Privacy Rights?
In short: Depending on your location, you may have rights to access, correct, delete, restrict, or receive a copy of your personal data.
EU, UK, and Switzerland
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR (or equivalent national law):
- Access: Obtain confirmation of whether we process your data and receive a copy of it.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal exceptions.
- Restriction: Request that we limit how we process your data in certain circumstances.
- Data portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- No automated decision-making: Not be subject to decisions based solely on automated processing that produce significant legal effects.
How to exercise these rights: Email us at legal@fv.dev. We will acknowledge your request within 5 business days and respond within 30 days (extendable by a further 60 days for complex requests).
Supervisory authority complaints:
- EU: Your local data protection authority. A directory is maintained by the European Data Protection Board at edpb.europa.eu.
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
EU Representative (Article 27 GDPR): Our designated representative in the European Union for the purposes of Article 27 GDPR is:
Aleksandr Kovalenko
Portugal
Email: gdpr@fv.dev
Phone: +351 913 670 426
EU and UK residents may contact our representative directly regarding any data protection matters, or contact us at legal@fv.dev.
Brazil (LGPD)
Brazilian residents have the rights listed above, plus:
- Anonymization or blocking of unnecessary or excessive data.
- Revocation of consent at any time.
- Review of automated decisions that affect your interests.
Supervisory authority: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
Canada
Under PIPEDA and applicable provincial legislation, you have the right to:
- Access personal information we hold about you and how it has been used.
- Correction of inaccurate or incomplete data.
- Withdrawal of consent, subject to legal or contractual restrictions.
- Complaint to the Office of the Privacy Commissioner of Canada — priv.gc.ca — or applicable provincial commissioners.
10. Controls for Do-Not-Track Features
Most web browsers include a Do-Not-Track ("DNT") setting that signals your preference not to be tracked across websites. Because we do not engage in cross-site behavioral tracking or advertising, our websites do not respond differently based on DNT signals — not because we disregard your preferences, but because the tracking DNT is designed to prevent is not something we conduct. If a recognized DNT standard is adopted in the future, we will update our practices accordingly.
California law requires us to disclose our DNT practices. As stated above, we do not currently respond to DNT signals.
11. Do United States Residents Have Specific Privacy Rights?
In short: Yes. Residents of many US states have rights to access, correct, and delete their personal data, and to opt out of certain uses. We do not sell personal data.
Applicable State Laws
This section applies to residents of California, Colorado, Connecticut, Virginia, Texas, and other states with applicable consumer privacy laws.
Personal Information We Collect
We have collected the following categories of personal information in the past twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email address (contact form); store ID, store URL (app users) | YES |
| B. Personal information per California Customer Records statute | Name, email address | YES |
| C. Protected classification characteristics | Gender, age, race, etc. | NO |
| D. Commercial information | Transaction or purchase history | NO |
| E. Biometric information | Fingerprints, voiceprints | NO |
| F. Internet/network activity | IP address (via Cloudflare); 404 URL paths and referrers (app users) | YES — limited |
| G. Geolocation data | Approximate location inferred from IP (Cloudflare CDN routing only) | YES — approximate only |
| H. Audio, electronic, or visual information | None | NO |
| I. Professional or employment-related information | None | NO |
| J. Education information | None | NO |
| K. Inferences | None — we do not build profiles | NO |
| L. Sensitive personal information | SSNs, financial data, health data, etc. | NO |
How We Use This Information
See Section 2. We use personal information solely to respond to inquiries and deliver app functionality. We do not use it for advertising, profiling, or sale.
Your Rights
You have the right to:
- Know whether we process your personal data and what categories we hold
- Access the specific personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data, subject to legal exceptions
- Opt out of sale or sharing — we do not sell personal data or share it for cross-context behavioral advertising
- Non-discrimination — we will not discriminate against you for exercising any of these rights
To exercise your rights: Email legal@fv.dev. We will verify your identity before processing the request (by confirming information associated with your inquiry or app installation) and will respond within the timeframes required by applicable state law (generally 45 days, extendable once).
Authorized agents: You may designate an authorized agent to submit requests on your behalf. We may require written proof of authorization before processing the request.
Appeals: If we decline to take action on your request, you may appeal by emailing legal@fv.dev with the subject line "Privacy Request Appeal." We will respond in writing with an explanation. If your appeal is denied, you may contact your state attorney general's office.
California "Shine the Light": We do not disclose personal information to third parties for their own direct marketing purposes.
12. Do Other Regions Have Specific Privacy Rights?
Australia and New Zealand
We comply with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and the New Zealand Privacy Act 2020.
You have the right to:
- Access personal information we hold about you.
- Correction of inaccurate, incomplete, or misleading information.
- Anonymity where practicable and lawful.
- Information about overseas disclosures — when we transfer your data to providers outside Australia or New Zealand (see Section 4), we take steps to ensure those providers apply comparable protections.
Supervisory authorities:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
- New Zealand: Office of the Privacy Commissioner — privacy.org.nz
Brazil
See Section 9 above.
Other Jurisdictions
If you are located in a jurisdiction not specifically addressed above and you have questions about how we handle your personal data, please contact us at legal@fv.dev.
13. How Can You Review, Update, or Delete Your Data?
To request access to, correction of, or deletion of your personal information, contact us at:
Email: legal@fv.dev
We will verify your identity before processing your request and will respond within the timeframe required by applicable law. These requests are generally free of charge. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded or excessive.
14. Do We Make Updates to This Policy?
In short: Yes, we will update this notice as necessary to reflect changes in law or our data practices.
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this document. If we make material changes, we will notify affected users by email (where we hold a contact email) or through a notice within our apps or websites. We encourage you to review this Policy periodically. Continued use of our Services following notice of a material change constitutes acceptance of the updated Policy.
15. Relationship with Other Policies
This Privacy Policy should be read together with our Terms of Service (available at https://apps.fv.dev/terms) and our Regional Data Protection Policy (available at https://apps.fv.dev/rdpp), which provides additional region-specific protections. In the event of any conflict between this Privacy Policy and our Regional Data Protection Policy, the provision that is more protective of the individual's rights shall prevail. In the event of any conflict between this Privacy Policy and our Terms of Service, this Privacy Policy shall prevail with respect to matters relating to the processing of personal data.
16. How Can You Contact Us?
For questions, concerns, or privacy rights requests, contact us at:
Forest Valley Rocky Inc
30 N Gould St, Ste R
Sheridan, WY 82801
United States
Email: info@fv.dev
Website: https://fv.dev
Apps Portal: https://apps.fv.dev