Privacy Policy

1. Introduction & Data Controller

Welcome to PrivacyForge ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GDPR compliance platform.

Data Controller: PrivacyForge Ltd. is the data controller responsible for your personal data.

This policy applies to all information collected through our website, platform, and any related services, sales, marketing, or events (collectively, the "Services").

2. Information We Collect

We collect personal data that you voluntarily provide to us when you register on the platform, express an interest in obtaining information about us or our products and services, or otherwise when you contact us.

2.1 Data Categories

2.2 Automatically Collected Information

When you visit our platform, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies installed on your device. Additionally, as you browse the platform, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the platform, and information about how you interact with the platform.

2.3 Information from Third Parties

We may receive personal data about you from various third parties, including: analytics providers, advertising networks, search information providers, and identity verification services.

3. How We Use Your Information

We use the information we collect or receive:

• To provide the Services: We use your data to create and manage your account, process transactions, and provide customer support.
• To improve our Services: We analyze usage patterns to improve functionality, develop new features, and enhance user experience.
• To communicate with you: We send you service-related notices, updates, security alerts, and support messages.
• To ensure security: We use your information to detect, prevent, and address fraud, abuse, security risks, and technical issues.
• To comply with legal obligations: We may process your data when required by law or to respond to valid legal requests.
• For marketing purposes: With your consent, we may send you information about products, services, and events we think may interest you.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we must have a valid legal basis to process your personal data. We rely on the following legal bases:

5. Data Sharing & Third Parties

We may share your personal data with third parties in the following situations:

• Service Providers: We share data with vendors, consultants, and other service providers who need access to such information to carry out work on our behalf.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.
• Legal Requirements: We may disclose your information where required to do so by law or in response to valid requests by public authorities.

5.1 Our Third-Party Service Providers

We never sell your personal data. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place when transferring personal data outside the European Economic Area (EEA), including:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers.
• Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.
• Data Processing Agreements: We maintain comprehensive DPAs with all sub-processors.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and the applicable legal requirements.

When your personal data is no longer required, we will securely delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@privacyforge.io. We will respond to your request within one month (or longer if legally permitted).

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.

9. Your Rights Under CCPA

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You can request information about what personal information we collect, use, disclose, and sell.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You can opt out of the sale or sharing of your personal information. Note: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information.

To exercise these rights, contact us at privacy@privacyforge.io or call us at our designated toll-free number.

10. Security Measures

We have implemented appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Despite our safeguards, no electronic transmission or storage method is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us.

11. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.

If you believe we might have any information from or about a child under 16, please contact us at privacy@privacyforge.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page. We will notify you of any material changes by posting the new Privacy Policy on this page and, where appropriate, by email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:

Last updated: January 16, 2026 | Version: 2.0