Trust, privacy & security

DSPForge generates concept renderings of audio plugin ideas. Generated concepts are visual + structural mock-ups, not compiled VST/AU/AAX binaries. We say so clearly on every concept page.

• Plugin ideas you type into the generator and the resulting concept JSON.
• Email address only when you submit it yourself (beta signup, build order, pricing intent, or optional feedback).
• Anonymous session and event identifiers used to group analytics for a single browser visit.

We do not ask for names, addresses, phone numbers, or payment details on this site.

• All capture tables (beta signups, build orders, pricing intents, feedback) have row-level security enabled with an explicit deny-read rule for browser clients. Only server-side admin code can read them.
• Plugin concepts are fetched through a server function using a privileged key; the browser cannot list or enumerate other people's concepts.
• Traffic to the app and the backend is served over HTTPS.
• Secrets (AI gateway key, database service-role key) are stored as server-only environment variables and are never shipped to the browser.

• Lovable Cloud (managed Supabase) — Postgres database, authentication, storage, and hosting for the app and server functions.
• Lovable AI Gateway — proxies model calls used to generate concepts.

We keep submissions for as long as we operate DSPForge or until you ask us to delete them. To request deletion or export of data tied to your email, contact the address below and we'll respond within a reasonable timeframe.

If you believe you have found a vulnerability, please email the DSPForge team so we can investigate. Please avoid testing that could disrupt other users or access data that is not yours.

This page describes the controls currently enabled in the app. It is not a SOC 2, ISO 27001, HIPAA, GDPR, or PCI certification, and it does not promise specific legal terms. For any binding agreement, contact us directly.