← Back to Home

Privacy Policy

Last Updated: December 15, 2025

1. Information We Collect

1.1 Account Information

When you register for our SaaS services, we collect:

• Name and email address
• Company name and business information
• Billing and payment information (processed securely through PCI-DSS compliant payment processors)
• Contact preferences and communication settings
• Authentication credentials and security information

1.2 Service Usage Data

To provide and improve our cloud services, we automatically collect:

• Device identifiers and IP addresses
• Browser type, operating system, and application version
• Usage patterns, feature interactions, and performance metrics
• API calls, integration data, and service configurations
• Error logs and diagnostic information for troubleshooting
• Session data and authentication logs for security purposes

1.3 Customer Data (SaaS Platform Data)

Depending on the specific SaaS solution you use (e-commerce, ERP, medical billing, booking platforms, etc.), you may upload or generate:

• Customer records and transaction data
• Business analytics and reporting data
• User-generated content and configurations
• Integration data from connected third-party services

Important: We act as a data processor for this information and handle it according to your instructions and applicable data protection regulations (GDPR, CCPA, HIPAA where applicable).

1.4 Communications

We retain records of communications between you and ITForge Ltd, including:

• Support tickets and help desk conversations
• Email correspondence and chat messages
• Phone call records (with consent where required)
• Feedback and survey responses

2. How We Use Your Information

We use collected information for legitimate business purposes to deliver and improve our SaaS services:

2.1 Service Delivery

• Provisioning and maintaining your SaaS account and subscriptions
• Processing transactions and managing billing cycles
• Providing technical support and customer service
• Monitoring system performance, uptime, and service availability
• Ensuring platform security, preventing fraud, and detecting abuse
• Authenticating users and maintaining secure access

2.2 Service Improvement

• Analyzing usage patterns to enhance features and user experience
• Developing new SaaS products and capabilities
• Conducting research and analytics (using aggregated, anonymized data)
• Testing and optimizing platform performance and scalability
• Training machine learning models for intelligent features (with explicit consent)

2.3 Communications

• Sending service notifications, security alerts, and critical system updates
• Providing information about new features and product releases
• Responding to inquiries and support requests
• Sending marketing communications (with your consent, and you may opt-out at any time)
• Conducting customer satisfaction surveys

2.4 Legal Compliance and Security

• Complying with applicable laws, regulations, and industry standards
• Responding to legal requests, court orders, and preventing fraud
• Enforcing our Terms of Service and acceptable use policies
• Protecting our rights and those of our customers
• Investigating security incidents and policy violations

3. Data Sharing and Disclosure

We respect your privacy and do not sell your personal information. We may share data only in these limited circumstances:

3.1 Service Providers and Subprocessors

We engage trusted third-party service providers who assist in delivering our SaaS services, including:

• Cloud infrastructure providers (AWS, Azure, GCP) for hosting and storage
• Payment processors (PCI-DSS compliant) for subscription billing
• Email and communication service providers for transactional emails
• Analytics and monitoring tools for service optimization
• Customer support platforms for helpdesk functionality
• Security and fraud prevention services

These providers are contractually obligated to protect your data and use it only for the specific services they provide to us. We maintain a list of subprocessors available upon request.

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our platform, and the acquiring entity will be subject to the same privacy protections outlined in this policy.

3.3 Legal Requirements

We may disclose your information when required by law, court order, or government request, or when necessary to:

• Comply with legal obligations and regulatory requirements
• Protect our rights, property, or safety and that of our customers
• Prevent fraud, security breaches, or illegal activity
• Enforce our Terms of Service

3.4 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as:

• Integrations with other business tools and platforms you use
• API access you grant to third-party applications
• Data exports you initiate for migration or backup purposes

4. Data Security

Security is fundamental to our enterprise SaaS platform. We implement industry-leading security measures including:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and least-privilege principles
• Infrastructure Security: SOC 2 Type II compliant cloud infrastructure with regular third-party security audits
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS protection
• Monitoring: 24/7 security monitoring, log analysis, and threat detection
• Compliance: PCI-DSS, HIPAA, SOC 2, ISO 27001, and GDPR compliant security practices
• Disaster Recovery: Automated backups with point-in-time recovery and geographic redundancy
• Vulnerability Management: Regular penetration testing, security assessments, and patch management
• Employee Training: Ongoing security awareness training and background checks for all staff
• Incident Response: Documented incident response plan with breach notification procedures

Despite our robust security measures, no system is completely immune to security risks. We encourage you to use strong passwords, enable multi-factor authentication, and follow security best practices when using our services.

5. Data Retention

We retain your information only as long as necessary for legitimate business purposes and legal compliance:

• Active Subscriptions: Data is retained while your account is active and you use our SaaS services
• Account Termination: Personal data is securely deleted within 90 days after subscription cancellation or account termination, unless longer retention is required by law or legitimate business purposes (e.g., fraud prevention, dispute resolution)
• Temporary Processing Data: System logs, temporary files, and session data are automatically purged within 48 hours
• Backup Data: Backup copies are retained for disaster recovery purposes and are deleted according to our backup retention schedule (typically 30-90 days rolling window)
• Financial Records: Transaction records, invoices, and billing information are retained for 7 years to comply with tax and accounting regulations
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely for research, service improvement, and benchmarking purposes
• Legal Hold: Data may be retained longer if subject to legal hold, ongoing litigation, or regulatory investigation

You can request data deletion at any time by contacting privacy@itforge.uk. We will comply with your request subject to legal and contractual obligations.

6. Your Privacy Rights

Depending on your location, you have specific rights regarding your personal data:

6.1 European Economic Area (EEA) - GDPR Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data (subject to legal requirements)
• Right to Restriction: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format (JSON, CSV, XML)
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., ICO in the UK)

6.2 California Residents - CCPA/CPRA Rights

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the following rights:

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold in the past 12 months
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (note: we do not sell personal information)
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

6.3 Other Jurisdictions

We extend similar privacy rights to users in other jurisdictions in accordance with local data protection laws, including UK GDPR, PIPEDA (Canada), and other regional regulations.

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at:

• Email: privacy@itforge.uk
• Subject Line: "Privacy Rights Request - [Your Name]"
• Include: Your account email, specific request, and verification information

We will respond to your request within 30 days (or as required by local law). We may need to verify your identity before processing your request to protect your data security. You may also lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

7. International Data Transfers

ITForge Ltd operates globally and may transfer your data to countries outside your jurisdiction to provide our SaaS services. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs for transfers from the EEA/UK
• Adequacy Decisions: We transfer data to countries recognized by the EU Commission as providing adequate data protection
• Data Processing Agreements: We execute comprehensive data processing agreements with all subprocessors
• Binding Corporate Rules: For intra-group transfers within ITForge Ltd entities
• Transfer Impact Assessments: We conduct assessments to ensure data protection standards are maintained

Primary Data Locations: Our primary data centers are located in the UK and EU, with redundant facilities in the US, Canada, and Australia to ensure high availability, low latency, and disaster recovery capabilities. You can specify your preferred data residency region at the time of account setup.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience with our SaaS platform:

8.1 Essential Cookies

Required for basic platform functionality, including:

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance optimization
• User preferences and settings

8.2 Analytics Cookies

Help us understand how you use our services to improve performance and user experience:

• Feature usage and interaction patterns
• Page views, session duration, and navigation paths
• Error tracking and performance monitoring
• A/B testing and feature rollout analysis

8.3 Marketing Cookies

Used to deliver relevant advertisements and measure campaign effectiveness (requires your consent):

• Retargeting and personalized ads
• Conversion tracking and attribution
• Social media integration

8.4 Managing Cookies

You can manage cookie preferences through:

• Our cookie consent banner (displayed on first visit)
• Your browser settings (may affect platform functionality)
• Account settings within the SaaS platform

Note that disabling essential cookies may prevent you from using certain features of our platform.

9. Third-Party Services and Integrations

Our SaaS platform may integrate with third-party services, APIs, and business tools. When you connect these integrations:

• You authorize data sharing with the third-party service as necessary for the integration to function
• The third party's privacy policy governs their use of your data
• We recommend reviewing the privacy policies of any third-party services you integrate
• You can disconnect integrations at any time through your account settings
• We are not responsible for the privacy practices of third-party services
• Integration data may be processed through webhooks, APIs, or data synchronization

Common Integrations: Our platform commonly integrates with payment gateways, CRM systems, accounting software, marketing automation tools, analytics platforms, and communication services. Each integration requires explicit authorization from your account.

10. Children's Privacy

Our SaaS services are designed for businesses and enterprise use and are not intended for individuals under 16 years of age (or 13 in some jurisdictions). We do not knowingly collect personal information from children under these ages.

If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@itforge.uk, and we will promptly investigate and delete such information.

For educational or institutional use cases where minors may access our platform under supervision, special terms and parental consent requirements apply.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach
• Report the breach to relevant supervisory authorities as required by law
• Provide details about the nature of the breach, data affected, and remedial actions taken
• Offer guidance on steps you can take to protect yourself
• Publish a security advisory on our website for transparency

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform dashboard
• Providing a summary of key changes for easy review

Your continued use of our services after such notifications constitutes acceptance of the updated policy. If you do not agree with the changes, you may terminate your account by contacting support.

We maintain an archive of previous versions of this policy available upon request.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ITForge Ltd is committed to protecting your privacy and maintaining the highest standards of data security in all our enterprise SaaS solutions. This Privacy Policy is part of our commitment to transparency, trust, and excellence in our customer relationships.

← Back to Home