ForgedOps Plans
 Home
Trust · Public Center

ForgedOps Plans Trust Center

Procurement-grade documentation for contractors, municipalities, counties, state agencies, airports, utility owners, CEI firms, and enterprise SaaS customers. Everything below is publicly accessible — no sales call required.

Effective Date · January 1, 2026Last Updated · January 1, 2026
Security
TLS, JWT auth, RBAC, tenant isolation, audit, R2 storage, monitoring, backups.
Privacy
What we collect, how it is used, retention, deletion, no-sale, customer ownership.
Data Ownership
Customers retain ownership of all uploaded data. ForgedOps acts only as a processor.
Reliability
Anonymous health endpoints, daily backups, durable object storage, incident response.
Support
support@forgedopshq.com · same-day response on production-impacting issues.
Legal
Terms of Use, Privacy Policy, Security disclosures — all public, dated January 1, 2026.

Document Downloads

Every document below is a printable, version-stamped PDF dated January 1, 2026. The procurement package bundles all three PDFs plus links to the current Terms of Use and Privacy Policy.

Security Whitepaper
15-section procurement-review document. Identity, isolation, file security, storage, audit, operations, and roadmap.
Data Ownership Statement
Customer-data ownership posture. What ForgedOps does not claim and does not do with your data.
Security Overview
Two-page executive summary suitable for procurement triage.
Procurement Package · ZIP
Everything above bundled — whitepaper, ownership statement, overview, Terms link, Privacy link.

Security at a Glance

  • Transport — TLS 1.2+ for all traffic, HSTS enforced.
  • Identity — JWT access tokens, rotated refresh tokens, salted bcrypt password hashing.
  • Access — six tenant roles enforced server-side; platform admin gated by env allowlist.
  • Isolation — every query scoped by tenant_id; cross-tenant probes return 404.
  • Storage — Cloudflare R2, SSE-S3 encryption at rest, tenant-prefixed object keys, signed URLs only.
  • Uploads — extension allowlist, magic-byte verification, macro-Office rejection, size caps, audit on reject.
  • Audit — tamper-evident rows on every admin / security event, up to 7-year retention capable.
  • Backups — daily database backups on a 90-day rolling window.

Full control narrative + roadmap: /legal/security.

Data Ownership

Customers retain ownership of all uploaded data. ForgedOps acts as a processor on the customer’s behalf and never claims ownership of plans, drawings, photos, project records, exports, or audit data.

ForgedOps does not sell, rent, license, or share customer data with third parties for marketing or advertising. Customer data is never used to train third-party AI models.

For the complete statement, download ForgedOps_Plans_Data_Ownership_Statement_v1.0.pdf.

Platform Reliability

  • Anonymous health endpoint at /api/health — returns database, storage, and email-configuration status.
  • Alternate health endpoint at /api/system_health — same payload for external monitoring tools.
  • Daily database backups, 90-day rolling retention.
  • Object storage on Cloudflare R2 — durable, replicated, independent of container lifecycle.
  • Same-business-day response to production-impacting issues during U.S. Eastern business hours.

Security Contacts

Support
support@forgedopshq.com
Security
security@forgedopshq.com
Information
info@forgedopshq.com

ForgedOps does not currently hold SOC 2, ISO 27001, FedRAMP, or HIPAA certification. Any future certification will be announced on this Trust Center. We do not claim certifications we have not obtained.