Privacy Policy

Last Updated: March 10, 2026

1. Introduction

Welcome to MigrateForce, a product of Social Protocol Labs LLC ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://www.migrateforce.com (the "Site") and use our services, including our CLI tools, cloud API, web dashboard, and related offerings (collectively, the "Services").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Site or use our Services.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide

  • Account registration information (name, email address)
  • Profile information you choose to add
  • OpenAPI specifications you upload for migration analysis
  • Contact form submissions and support requests
  • Payment information (processed by our third-party payment processor; we do not store full payment card details)

2.2 Information Collected Automatically

  • Device and browser information (type, version, operating system)
  • IP address and approximate geographic location
  • Usage data (pages visited, features used, session duration)
  • Referral source and search terms

2.3 Information from CLI and Cloud API

When you use MigrateForce CLI with the --cloud flag, we receive metadata about your OpenAPI specification (endpoint count, HTTP methods, path structures) to provide enrichments such as readiness scores, improvement advice, and skill matching. Generated MCP server code is produced locally on your machine and is never transmitted to our servers. See our Local vs Cloud documentation for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Services
  • Process your migration projects and generate MCP server code
  • Improve, personalize, and expand our Services
  • Understand and analyze how you use our Services
  • Communicate with you for customer service, updates, and marketing (with your consent where required)
  • Process transactions and send related information
  • Detect, prevent, and address fraud and security issues
  • Comply with legal obligations

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you. The types of cookies we use include:

  • Essential cookies: Required for the operation of our Site and Services, including authentication and session management.
  • Analytics cookies: Help us understand how visitors interact with our Site so we can improve the user experience.
  • Preference cookies: Remember your settings and preferences (such as cookie consent choices).

You can manage your cookie preferences through the cookie consent banner displayed when you first visit our Site, or through your browser settings. Disabling essential cookies may affect the functionality of our Services.

5. Disclosure of Your Information

We may share your information in the following situations:

  • Service providers: We share data with third-party vendors who perform services on our behalf (see Section 6 for sub-processors).
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
  • With your consent: We may share information for any other purpose with your explicit consent.

We do not sell your personal information to third parties.

6. Data Processing, Retention & Sub-processors

We process data under Data Processing Agreements (DPAs) with trusted sub-processors. For full details on our data processing commitments, see our Data Processing Agreement. Our current sub-processors include:

  • Google Cloud Platform: Infrastructure and hosting
  • Supabase: Database and authentication
  • Resend: Transactional email delivery

Data is retained for as long as your account is active or as needed to provide you with our Services. After account deletion, we retain data for up to 12 months for legal and operational purposes, after which it is deleted or anonymized. Anonymized data may be used for benchmarking and product improvement.

A current list of sub-processors is available upon request at privacy@sociallabs.com.

7. Your Data Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for certain purposes, including direct marketing.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@sociallabs.com. We will respond to your request within 30 days (or within applicable legal timeframes).

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt out of sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to limit use of sensitive information: If we collect sensitive personal information, you may limit its use to what is necessary to perform the Services.

To exercise these rights, contact us at privacy@sociallabs.com with the subject line "CCPA Request." We may ask you to verify your identity before processing your request.

9. International Data Transfers

Our Services are hosted on Google Cloud Platform with infrastructure located in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international data transfers, including standard contractual clauses or other mechanisms recognized under applicable data protection regulations.

By using our Services, you acknowledge that your information will be processed in the United States. If you have concerns about data transfers, contact us at privacy@sociallabs.com.

10. Security of Your Information

We use administrative, technical, and physical security measures to protect your personal information. Our infrastructure runs on Google Cloud Platform, and we follow industry security best practices including encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews.

While we take reasonable steps to secure the personal information you provide to us, no security measures are perfect or impenetrable. No method of data transmission or storage can be guaranteed against interception or misuse.

11. Third-Party Websites

Our Site may contain links to third-party websites and services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We encourage you to read the privacy policy of every site you visit.

12. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@sociallabs.com, and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where required by law, sending you an email notification. Your continued use of the Services after any changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

14. Governing Entity

MigrateForce is a product and service of Social Protocol Labs LLC, a limited liability company organized and existing under the laws of the State of Delaware. All references to "MigrateForce," "we," "our," or "us" in this Privacy Policy refer to Social Protocol Labs LLC.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws including GDPR Article 33 and state breach notification statutes. Notification will be provided via email to the address associated with your account and, where appropriate, through a prominent notice on our Site.

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Social Protocol Labs LLC
A Delaware Limited Liability Company
Attn: Privacy