SOLVED

Your data, your jurisdiction

By @ravnthers

Forge runs on your server, in your country, under your rules. No third-party services, no visitor tracking, no data leaving your infrastructure.

Get started
Your data, your jurisdiction

No dashboard required.

Your AI handles publishing through a structured API. Your team stays in the tools they already use.

Full control, zero risk.

Role-based access means your AI can only do what you allow. Draft content never leaks.

Live in minutes.

Connect once. From that point, a conversation is all it takes to publish.

Your data stays on your server. Not on a cloud provider you did not choose. Not processed by packages you did not audit. Not subject to a terms-of-service update that changes the rules next quarter.

This is not a privacy policy. It is an architectural guarantee.

Zero third-party dependencies

Forge core has zero third-party dependencies. None. Every request your visitors make is handled by your binary, running your code, on your infrastructure.

There is no analytics call phoning home. No CDN edge node in a jurisdiction you have not approved. No package quietly logging traffic.

If a regulator asks what data processors have access to your content, the answer is: the ones you chose.

Your server, your country, your rules

Self-hosting means you pick the server. That means you pick the country. In practice, that means you pick the jurisdiction: which data protection law applies, which compliance framework you operate under, which law enforcement authority can request access.

A team in Germany can run Forge on a Hetzner VPS in Frankfurt. A regulated industry can run it on-premise. The framework has no preferred jurisdiction. You do.

No visitor cookies, by design

Forge does not set session cookies on visitor-facing pages. Authentication uses Bearer tokens, not cookies. A visitor reading your content does not get a cookie. No consent banner required for Forge itself.

We run forge-cms.dev the same way. Analytics is handled by GoatCounter: self-hosted, cookieless, no data leaving our infrastructure. Not a configuration choice. How the site was built from day one.

Open source and auditable

Forge is licensed under AGPL. Every line of the framework is public. Your security team can read it. Your legal team can audit it. A regulator can inspect it.

There are no black boxes in your content stack when you run Forge.

The short version

Your data stays on your server. Zero third-party dependencies. No visitor cookies. No hidden data flows. Open source so anyone with a reason to look can look.

If you are building for an audience that cares where their data goes, or working under a compliance framework that requires you to know, this is where Forge starts.

You may also want to read how Forge handles content access and lifecycle and why owning your stack matters long-term.

Read how Forge is built · See the source on GitHub

Ready to put your AI to work?

Forge is open source and self-hosted. Get started in minutes.

Get started Read the docs