FORGESTACK LABS

Legal Information

Privacy Policy

Effective Date: February 5, 2026

1. Introduction

Forgestack Labs LLP ("Forgestack Labs", "Company", "we", "us", or "our") is a product-first technology company incorporated in India. We are committed to protecting the privacy, confidentiality, and security of personal and business data entrusted to us.

This Privacy Policy governs the collection, use, storage, and disclosure of information in connection with:

  • Our Website: www.forgestacklabs.com
  • Our Products & Platforms: Including proprietary SaaS applications and software products
  • Our Services: Custom software development, consulting, and related professional services

By accessing or using our website, products, or services, you agree to the data practices described in this Privacy Policy, in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, along with applicable rules and regulations thereunder.

2. Information We Collect

We collect information based on the nature of your interaction with Forgestack Labs.

A. Website Visitors & Prospective Clients

  • Identity & Contact Information: Name, email address, phone number, company name, and other details submitted through contact forms or inquiries.
  • Project & Business Information: Information relating to project requirements, budgets, timelines, or service requests.
  • Technical Information: IP address, browser type, device identifiers, and usage metadata collected through cookies and analytics tools for security and performance optimization.

B. Users of Our Products (SaaS / Software Platforms)

  • Account Information: Usernames, encrypted passwords, authentication tokens, and role-based access credentials.
  • Operational & Business Data: Data entered into our platforms as part of normal usage, including inventory records, staff details, transaction logs, or operational metrics.

Important: For operational and business data processed through our SaaS platforms, Forgestack Labs acts strictly as a Data Processor. Ownership and control of such data remain with the client. We process this data solely to provide agreed-upon software functionality.

  • Usage & System Logs: Activity timestamps, feature usage patterns, and diagnostic logs used for system monitoring, performance improvement, and issue resolution.

3. Purpose of Data Processing

Forgestack Labs does not sell or commercially exploit personal or business data. Information is processed strictly for the following lawful purposes:

  • Product Operation: User authentication, session management, and delivery of core software features.
  • Service Fulfilment: Execution of contractual obligations, including development, deployment, and maintenance of software solutions.
  • Security & Risk Management: Fraud detection, access control, monitoring, and safeguarding platform integrity.
  • Communication & Support: Account notifications, service updates, billing communications, and customer support.
  • Legal & Regulatory Compliance: Compliance with applicable Indian laws, tax regulations, audits, and lawful governmental requests.

4. Data Security Measures

Security is foundational to our operations. We implement reasonable and industry-accepted safeguards in line with the IT (Reasonable Security Practices and Procedures) Rules, 2011.

Our security framework includes:

  • Encryption in Transit: All data exchanged between user devices and our servers is secured using SSL/TLS encryption.
  • Encryption at Rest: Sensitive information, including credentials and databases, is encrypted within our storage systems.
  • Access Controls: Production data access is strictly limited to authorized personnel and protected by role-based permissions and Multi-Factor Authentication (MFA).
  • Periodic Reviews: Regular internal assessments of data handling practices to identify and mitigate potential risks.

5. Data Sharing & Third-Party Disclosures

We disclose information only where necessary to operate our services securely and efficiently.

  • Infrastructure & Hosting Providers: Trusted cloud service providers (such as AWS, Google Cloud, or Vercel) for hosting and infrastructure management.
  • Analytics Services: Limited use of analytics tools (e.g., Google Analytics) to evaluate anonymized usage trends.
  • Legal Obligations: Disclosure when required under applicable laws, court orders, or requests from authorized government agencies.

We do not sell, rent, or share personal or business data with advertisers or unauthorized third parties.

6. Data Retention

  • Client & Contractual Data: Retained for the duration of the engagement and thereafter as required by applicable tax, accounting, or legal obligations (generally 5–8 years).
  • Product & Operational Data: Retained while the account remains active. Upon termination, clients may request a data export. Operational data will be deleted from active systems within 60 days, subject to backup retention and legal requirements.

7. Your Rights Under DPDPA, 2023

As a Data Principal, you have the right to:

  • Access: Request information about personal data processed by us.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of personal data, subject to statutory retention obligations.
  • Grievance Redressal: Raise concerns regarding data protection or privacy practices.

Requests may be made using the contact details provided below.

8. Cookies & Tracking Technologies

We use:

  • Essential Cookies: Required for authentication, session management, and security.
  • Non-Essential Cookies: Analytics cookies, which can be managed through browser settings.

Disabling certain cookies may affect platform functionality.

9. Contact Information & Grievance Officer

For questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Grievance Officer / Privacy Officer

Forgestack Labs LLP

Email: forgestacklabs@forgestacklabs.com

Address: Mangaluru, Karnataka, India