ForgedOps Plans Privacy Policy

This Policy applies to the ForgedOps Plans application, APIs, marketing website, and customer-facing services operated by ForgedOps LLC (“ForgedOps,” “we,” or “us”). It does not apply to third-party services you may choose to integrate with the Platform — those are governed by the third party’s own policies.

We collect only what is needed to operate, secure, and improve the Platform on your behalf:

• Account information — name, work email, role/title, tenant/organization assignment.
• Uploaded files — PDF plan sheets, drawings, specifications, and supporting documents.
• Photos — field photos, progress photos, EXIF metadata, and any geotag the device records.
• Drawings — sheet metadata, revisions, calibration points, measurements, overlays, and annotations.
• Project records — projects, plan sets, punch items, conflicts, exports, and acknowledgments.
• Audit logs — every administrative and security-relevant action, including IP address and user-agent.
• Browser information — user agent, referrer, supported features, and rendered viewport.
• Device information — operating system, device model, and (when permission is granted) GPS coordinates used to position you on a calibrated drawing.
• Usage analytics — anonymized counters, latency, and feature-usage telemetry used to keep the Platform reliable.
• Cookies — strictly-necessary cookies for authentication and session management.
• Session tokens — short-lived access tokens and refresh tokens stored as httpOnly cookies.

We collect information in three ways: (a) directly from you when you sign in, upload files, or interact with the Platform; (b) automatically from your browser or device when you use the Platform (for example, IP address, viewport, and authenticated API calls); and (c) from authorized administrators within your tenant who provision users, share projects, or issue invitations.

We use collected information to:

• Provide, operate, and maintain the Platform.
• Authenticate users and enforce role-based access control.
• Render plan sheets, measurements, photos, and field acknowledgments.
• Detect and prevent abuse, fraud, credential stuffing, and unauthorized access.
• Diagnose errors, performance issues, and capacity limits.
• Send transactional notifications (mentions, assignments, digests, password resets).
• Comply with legal obligations and respond to lawful requests.

We do not use Customer Data to train third-party models, sell to data brokers, or build advertising profiles.

All Platform traffic is served over HTTPS/TLS. Customer Data is stored in tenant-scoped namespaces with explicit tenant_id checks enforced at the API layer. Access to production systems is limited to authorized engineering personnel under principle of least privilege. Authentication uses salted password hashes and short-lived JWT access tokens, with refresh tokens rotated on use.

For a full description of technical and operational controls, see our Security page.

Customer Data is retained while your subscription is active. Following termination, Customer Data is retained for thirty (30) days for export, then deleted from production systems. Backup snapshots may persist for up to ninety (90) days, after which they are overwritten as part of standard rotation. Audit logs may be retained for up to seven (7) years to satisfy security, compliance, and forensic obligations.

You may request deletion of Customer Data at any time by contacting info@forgedopshq.com from a verified tenant administrator address. We will confirm the request, perform the deletion, and provide written confirmation. Certain records required for legal, tax, or audit purposes may be retained for the periods required by law.

We may disclose information when required by law, court order, subpoena, regulator, or to protect the rights, property, or safety of ForgedOps, our customers, or the public. Where legally permitted we will notify the affected tenant administrator in advance.

ForgedOps does not sell customer data. We do not rent, lease, or share Customer Data with third parties for marketing or advertising purposes.

You retain all right, title, and interest in and to Customer Data uploaded to the Platform. ForgedOps acts as a processor of Customer Data on your behalf and only as necessary to operate, secure, support, and improve the Platform.

We maintain technical, organizational, and operational safeguards designed to protect Customer Data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, tenant isolation, role-based access control, audit logging, infrastructure monitoring, and routine backup. See /legal/security for detail.

The Platform uses strictly-necessary cookies and session tokens to keep you signed in, prevent CSRF, and operate authenticated APIs. We do not use third-party advertising or tracking cookies. You may clear cookies at any time, but doing so will end your current session and require re-authentication.

The Platform is intended for use by professionals in the construction, engineering, surveying, utility, transportation, and infrastructure industries. It is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 16, we will delete it.

We may update this Policy from time to time. Material changes will be highlighted on the Platform or communicated to tenant administrators. The “Last Updated” date at the top of this page reflects the current version.

For questions, deletion requests, or privacy concerns, contact info@forgedopshq.com.