Privacy Policy
Last updated: January 2025
1. Introduction
AccessForge ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Zero Trust Policy Intelligence Platform.
2. Information We Collect
We collect the following types of information:
| Data Type | Purpose | Retention |
|---|---|---|
| Account Information | Email, password (hashed), role | Until account deletion |
| Session Data | Login sessions, IP addresses | 30 days after expiry |
| Audit Logs | User actions for security | 90 days (configurable) |
| Policy Data | Uploaded policies for analysis | Until user deletion |
| Analysis Results | Drift, CRS analysis outputs | 90 days (configurable) |
3. How We Use Your Information
- To provide and maintain the Service
- To authenticate users and manage access
- To analyze policies and generate reports
- To detect and prevent security threats
- To comply with legal obligations
4. Data Security
We implement appropriate technical and organizational security measures including:
- Password hashing using PBKDF2-SHA256
- Session-based authentication with secure cookies
- Rate limiting to prevent brute-force attacks
- Audit logging of all security-relevant actions
5. Data Sharing
We do not sell, trade, or rent your personal information. We may share data only:
- With your consent
- To comply with legal obligations
- To protect our rights and safety
6. Your Rights (GDPR/CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
To exercise these rights, contact your administrator or email info@accessforgesecurity.com.
7. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy. You or your administrator can request data deletion at any time.
8. Cookies
We use essential cookies only:
- Session Cookie: Required for authentication (httpOnly, secure)
- Tab Session Cookie: Required for multi-tab support
We do not use tracking or advertising cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date and, for material changes, by email or prominent notice in the Service.
10. Contact Us
For privacy-related questions or requests:
- Email: info@accessforgesecurity.com