# ForgeCode Privacy & Security Concerns - Feedback Report **Topic:** Data collection, telemetry, privacy **Source References:** GitHub Issue #1318, Discussion #2545, DEV Community, Reddit **Date Compiled:** April 9, 2026 --- ## Overview Despite ForgeCode's claim that "Your code never leaves your computer," there are significant community concerns about telemetry and data collection practices. --- ## Documented Privacy Issues ### GitHub Issue #1318 **Status:** Referenced as "red flag" by community members **Reported Concerns:** - Default telemetry collects: - Git user emails - SSH directory scans - Conversation data sent externally ### GitHub Discussion #2545 **Title:** "Clarity about data collected that involves code" **Key Points:** - Privacy policy mentions collecting commands - Data can be stored and transferred in many ways - ForgeCode Services (optional) may process data differently than local CLI mode **Distinction:** - **Local CLI mode:** Claims to run entirely on local machine - **ForgeCode Services:** Optional features that provide additional capabilities, may process data externally --- ## Mitigation ### Disable Tracking ```bash FORGE_TRACKER=false # Disables all tracking ``` ### ForgeCode Services Clarification From Discussion #2545: > "ForgeCode Services are optional features that provide additional capabilities beyond the purely local CLI experience. If a user chooses to enable those services, some data relevant to those features may be processed by the service." --- ## Community Sentiment ### Reddit r/ClaudeCode > "Specifically for Forgecodedev, I haven't used it yet since they are not transparent about user data which is a red flag to me." ### DEV Community (Liran Baba) - Mentions telemetry concerns in comparison article - Notes the FORGE_TRACKER=false mitigation --- ## Benchmark Controversy Connection Some users connect privacy concerns to benchmark results: > "I am concerned about their proprietary layer, which I believe is a big part of what moved their bench scores from ~25% to ~81%. Currently it is free to use but may change in the future." **Note:** ForgeCode Services (proprietary layer) was used for benchmark evaluations, which differs from purely local CLI mode. --- ## Transparency Issues 1. **Telemetry defaults:** Enabled by default, must explicitly disable 2. **Data scope:** SSH directory scanning not clearly documented upfront 3. **ForgeCode Services:** Connection between services and benchmark results not immediately obvious 4. **Proprietary layer:** Some components not open source --- ## Recommendations for Privacy-Conscious Users 1. **Set FORGE_TRACKER=false** before using 2. **Avoid ForgeCode Services** if local-only operation is required 3. **Audit code:** Harness is open source (Apache 2.0), can be inspected 4. **Use own API keys:** Don't rely on any bundled/free tier that might require data sharing --- ## Source References 1. **GitHub Discussion:** https://github.com/antinomyhq/forgecode/discussions/2545 2. **GitHub Issue #1318:** Referenced in multiple community discussions 3. **DEV Community:** https://dev.to/liran_baba/forgecode-vs-claude-code-which-ai-coding-agent-actually-wins-36c 4. **Reddit r/ClaudeCode:** https://www.reddit.com/r/ClaudeCode/comments/1royhni/someone_is_using_forgecodedev/