Our Privacy Principles
“At Forjed, we believe privacy is a fundamental right—not a luxury. We are committed to collecting only what is necessary, encrypting your files end-to-end (E2E), and safeguarding your information with server-side encryption on Forjed CD”
1. Introduction
Forjed (“we,” “our,” or “us“) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use Forjed CD (the “Service“).
This policy applies only to Forjed CD and complies with the General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
2. Definitions
| Term | Definition |
|---|---|
| Personal Data | Information relating to an identified or identifiable individual (e.g., email, username). |
| Processing | Any operation performed on Personal Data (e.g., collection, storage, use). |
| Service | Forjed CD and all related platforms, including third-party integrations. |
| You/Your | The individual or entity using the Service. |
3. Information We Collect
We collect only what is necessary for the Service to function:
| Data Type | Purpose | Lawful Basis (GDPR) |
|---|---|---|
| Username | Account creation and login. | Contractual necessity (Art. 6(1)(b)) |
| Subscription management. | Contractual necessity (Art. 6(1)(b)) |
We do not collect:
- IP addresses
- Real names
- Browsing or usage analytics
- Payment details (handled by Stripe)
4. Device Login Information
For device management, we store the following with enhanced privacy protections:
| Data Type | Protection Method |
|---|---|
| User ID | Hashed (irreversible) |
| Timestamps | Server-side encrypted |
| Device Type | Generic (e.g., “Chrome browser,” “Safari browser”) |
5. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation/login | Contractual necessity (Art. 6(1)(b)) |
| Subscription management | Contractual necessity (Art. 6(1)(b)) |
| Security (e.g., 2FA) | Legitimate interest (Art. 6(1)(f)) |
Your data is never used for:
- Marketing
- Tracking
- Analytics
- Third-party advertising
6. Data Security & Encryption
Technical Measures
- End-to-end encryption: All files and filenames use AES-256 (with Argon2id for passwords).
- 2FA secrets: Server-side encrypted; unrecoverable even in a breach.
- Access controls: No Forjed staff or servers can decrypt your data.
Organizational Measures
- Regular security audits.
- Data deleted within 30 days of your request or account inactivity.
- Staff trained in GDPR and PIPEDA compliance.
7. Third-Party Services
We integrate only essential third-party services:
| Service | Purpose | Data Shared | Privacy Safeguards |
|---|---|---|---|
| SimpleLogin | Privacy-focused login | Email (masked alias) | No tracking; owned by Proton. |
| Stripe | Payment processing | Email, payment info* | PCI-DSS compliant; we never store payment data. |
| hCaptcha | Bot protection | Interaction data | No PII collected; hCaptcha Privacy Policy. |
*Stripe’s processing is governed by their Privacy Policy.
8. Data Retention & Deletion
- Active accounts: Data retained only while your account is active.
- Deletion requests: Fulfilled within 30 days; data purged from all systems.
9. Your Privacy Rights
GDPR Rights (EU/EEA Users)
- Access your data (Art. 15).
- Correct inaccuracies (Art. 16).
- Request deletion (Art. 17).
- Restrict processing (Art. 18).
- Object to processing (Art. 21).
- Data portability (Art. 20).
PIPEDA Rights (Canadian Users)
- Access your Personal Information.
- Challenge compliance (file a complaint with the OPC).
- Withdraw consent (where applicable).
To exercise your rights, contact us at contact@resulti.org.
10. Children’s Privacy
Forjed CD is not intended for persons under 16 (GDPR) or 13 (PIPEDA). We do not knowingly collect data from minors.
11. International Data Transfers
- EU Users: Your data never leaves the European Economic Area (EEA). In the rare event that data must be transferred outside the EEA, it will only be transferred to Canada, a country recognized by the European Commission as providing an adequate level of data protection under GDPR (Article 45). No other international transfers occur.
- Canadian users: Data stored in GDPR-compliant EU servers.
12. Changes to This Policy
- Updates will be posted here with a 3-day highlight (*) on the policy link.
- Continued use of the Service constitutes acceptance of changes.
13. Contact Us
For any questions, concerns, or requests regarding your privacy or this policy, please reach out to us at: Email: contact@resulti.org
Response Time: We will respond to your inquiry within 7 business days, as required by GDPR and PIPEDA.