Privacy Policy

The Forge Cashback Program · Last updated: 8 July 2026

1. Who we are

The Forge Cashback Program is operated by The Forge Gastropub, Seminyak (referred to as "The Forge", "we", "us", or "our" in this policy). This policy explains what personal data we collect when you join and use the Program, and how we handle it. You can contact us by email at any time.

2. What information we collect

We collect only the information needed to run the cashback membership.

Information you provide

  • Name — your first and last name, entered when you register.
  • Email address — used to issue your digital membership card and to send service-related messages (such as your wallet pass link). We do not send marketing emails.
  • Phone number — used to identify your membership and prevent duplicate accounts.
  • Date of birth — used to confirm eligibility and to offer you a birthday reward.

Information generated as you use the Program

  • Cashback balance and transaction history — each time you earn or redeem cashback, the amount and a timestamp are recorded so we can maintain your balance.
  • Preferences — our staff may note preferences you share at the counter (such as a favourite sport or team) to personalise your visits. These are optional.
  • Device and push token — if you add your card to Apple Wallet or Google Wallet, a device identifier and push token are stored so your card can be updated when your balance changes. No personal data is contained in these tokens.
  • Consent record — the date and time you accepted these terms, kept as proof of consent.
  • Staff session cookie — a short-lived, signed cookie is set only when our staff or owner log in with a PIN. It holds no customer data and is not used to track you.

3. How we use your information

  • To issue and maintain your digital membership card.
  • To send your Apple Wallet or Google Wallet pass link by email when you register.
  • To calculate, credit, and update your cashback balance in real time on your wallet pass.
  • To confirm your eligibility for the Program and offer you a birthday reward.
  • To let The Forge's staff and owner manage the Program — viewing your name, contact details, and cashback balance in our management dashboard.

We do not use your data for advertising, profiling, or any purpose beyond operating The Forge Cashback Program.

4. Who we share your data with

We do not sell your personal data. We share it only with the service providers necessary to run the Program:

  • Railway (application and database hosting, United States) — runs the web application and the database that store your membership details, cashback history, and device tokens. Railway Privacy Policy.
  • Resend (email delivery) — sends the service emails described above, such as your wallet pass link. Resend Privacy Policy.
  • Apple— if you add your card to Apple Wallet, your push token is registered with Apple's Push Notification service (APNs) so your card can update. Apple Privacy Policy.
  • Google — if you add your card to Google Wallet, your pass is managed via the Google Wallet API. Google Privacy Policy.

5. Data retention

We keep your personal data for as long as your membership is active. If you ask us to delete your account — or if we remove your record — your name, contact details, cashback history, and any stored device tokens are deleted from our database. Note that an unused cashback balance expires after six months of inactivity (see our Terms & Conditions); this clears the balance but is separate from deleting your account data.

6. Your rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — ask us to delete your account and all associated data.
  • Objection — object to us processing your data in a specific way.

To exercise any of these rights, email us. We will respond within 30 days.

7. Cookies

We use one strictly necessary cookie: a signed session cookie set when The Forge's staff or owner authenticate with a PIN. This cookie holds no personal customer data, is not used for tracking, and expires after a short period. We do not use advertising cookies or third-party analytics cookies.

8. Security

Your data is stored in a managed Postgres database (Railway) over encrypted connections. Membership card links are individually signed with HMAC-SHA256 to prevent forgery, staff access is gated by a PIN, and login sessions are signed and tier-bound. We apply reasonable technical measures to protect your data, though no internet transmission is 100% secure.

9. Age

The Forge Cashback Program is intended for adults; membership requires you to be 21 years of age or older. We do not knowingly collect personal data from anyone under that age. If you believe a minor has registered, please contact us and we will delete the data promptly.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Program after a change constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Contact us.