Privacy Policy

Last updated: March 8, 2026

1. Introduction & Scope

ForgeNexus ("ForgeNexus," "Company," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. We believe your data belongs to you — not to us, not to advertisers, and not to any third party.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you visit our website at forgenexus.ai (the "Site"), use our AI automation platform and services (the "Services"), or otherwise interact with us.

This Privacy Policy applies to all users of our Site and Services, including visitors, prospective clients, active clients, and former clients. By accessing or using our Site or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Site or Services.

ForgeNexus is a business-to-business ("B2B") AI automation services company headquartered in Main Line, Pennsylvania, United States. We provide AI-powered automation solutions to businesses across multiple industries.

2. Information We Collect

We practice data minimization — we collect only the information necessary to provide and improve our Services.

2.1 Information You Provide Directly

• Account Information: When you create an account or request a consultation, we collect your name, business email address, company name, job title, phone number, and billing information.
• Communications: When you contact us via email, phone, contact forms, or chat, we collect the content of those communications along with associated metadata (date, time, subject).
• Service Configuration Data: Information you provide to configure and customize our AI automation services for your business needs.
• Payment Information: Billing address and payment method details. We use third-party payment processors and do not store full credit card numbers on our servers.

2.2 Information Collected Automatically

When you visit our Site or use our Services, we may automatically collect:

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages.
• Device Information: Device type, screen resolution, language preferences, and unique device identifiers.
• Usage Data: Features used, actions taken within the platform, error logs, and performance data related to your use of the Services.
• Cookies and Similar Technologies: We use essential cookies for site functionality and, with your consent, analytics cookies to understand how our Site is used. See Section 10 for full details.

2.3 Customer Business Data

In the course of providing our AI automation Services, you may upload or transmit business data, documents, and other content to our platform ("Customer Data"). Customer Data is processed solely to deliver the Services you have engaged us for and is treated as confidential information subject to our service agreements.

2.4 Information We Do NOT Collect

• We do not knowingly collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, sexual orientation, or health information, unless specifically required to deliver contracted Services and expressly authorized by you.
• We do not collect personal information from sources other than you or your authorized representatives.

3. How We Use Your Information

We use collected information strictly for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our AI automation Services as contracted.
• Account Management: To create, maintain, and secure your account; to authenticate your identity; and to process transactions.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Communications: To send you service-related notices, updates, security alerts, and administrative messages. We will only send marketing communications with your explicit prior consent, and you may opt out at any time.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity and to protect the rights, property, and safety of ForgeNexus and our users.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Service Improvement: To analyze aggregated, de-identified usage patterns to improve our Site and Services. This analysis never involves individual customer data or Customer Data.

We do NOT use your information for:

• Selling to third parties
• Advertising or ad targeting
• Profiling for purposes unrelated to our Services
• Training AI or machine learning models
• Any purpose not disclosed in this Privacy Policy

4. AI-Specific Data Handling

As an AI automation services company, we recognize the importance of transparency regarding how AI interacts with your data.

4.1 Customer Data and AI Processing

• Customer Data is processed by our AI systems solely to perform the specific automation tasks you have configured and authorized.
• Your data is processed in isolated, tenant-specific environments. One customer's data is never accessible to or commingled with another customer's data.
• We implement strict tenant isolation at the database level, ensuring complete separation of each customer's information.

4.2 No Training on Customer Data

• We do NOT use Customer Data to train, fine-tune, improve, or develop any AI models, machine learning algorithms, or other technologies — whether our own or any third party's.
• We do NOT use Customer Data to develop new products or services.
• Inputs you provide and outputs generated by our AI systems for your account remain your data and are not retained beyond what is necessary to deliver the Services.

4.3 AI Model Providers

• Where our Services utilize third-party AI model providers (such as large language model APIs), Customer Data transmitted to those providers is subject to data processing agreements that contractually prohibit those providers from using your data for training or any purpose other than generating responses for your specific requests.
• We carefully vet all AI model providers and select only those that offer zero-data-retention or equivalent commitments for API usage.
• We do not send personally identifiable information to third-party AI providers unless strictly necessary for the requested service, and where possible, we anonymize or pseudonymize data before transmission.

4.4 Automated Decision-Making

• Our AI automation tools assist with business process automation as configured by you. They do not make autonomous decisions about individuals that produce legal effects or similarly significant impacts without human oversight.
• If any aspect of our Services involves automated decision-making technology as defined under applicable law, we will provide notice and the opportunity to opt out as required.

5. Data Sharing & Disclosure

5.1 We Do Not Sell or Share Personal Information

We do NOT sell, rent, lease, or trade your personal information to any third party for any reason, including for monetary or other valuable consideration. This applies to all categories of personal information we collect.

For purposes of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): We do not "sell" or "share" (as those terms are defined under CCPA/CPRA) your personal information.

5.2 Limited Disclosures

We may disclose your information only in the following limited circumstances:

• Service Providers: We may share information with a limited number of trusted service providers who perform functions on our behalf (e.g., payment processing, email delivery, cloud hosting). These providers are contractually bound to use your information only as directed by us, solely to provide their services, and are prohibited from using your data for their own purposes.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to (a) comply with a legal obligation; (b) protect and defend the rights or property of ForgeNexus; (c) prevent fraud or address security issues; or (d) protect the personal safety of users or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. In such an event, we will notify you before your information becomes subject to a different privacy policy.
• With Your Consent: We may share information with your explicit consent or at your direction.

5.3 No Third-Party Advertising

We do not allow third-party advertising companies to collect information about our users. We do not participate in ad networks or display third-party advertisements on our Site. We do not use tracking technologies for cross-site behavioral advertising.

6. Data Retention & Deletion

6.1 Retention Periods

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Account Information: Retained for the duration of your active account plus two (2) years following account closure, unless longer retention is required by law.
• Billing and Transaction Records: Retained for seven (7) years to comply with financial, tax, and accounting obligations.
• Communications: Support requests and emails are retained for three (3) years from the date of the communication.
• Usage and Log Data: Retained for twelve (12) months in identifiable form. After this period, data is aggregated and de-identified.
• Customer Data: Retained for the duration of your service agreement. Upon termination or expiration, Customer Data is deleted within thirty (30) days unless you request an earlier deletion or an extension for data export purposes.

6.2 Deletion Practices

When data reaches the end of its retention period or upon a valid deletion request:

• Data is permanently and irreversibly deleted from our active systems within thirty (30) days.
• Backup copies are purged within ninety (90) days following deletion from active systems.
• We use industry-standard secure deletion methods that render data unrecoverable.

6.3 Your Right to Deletion

You may request deletion of your personal information at any time by contacting us at privacy@forgenexus.ai. We will process your request in accordance with applicable law and respond within the timeframes required by the relevant jurisdiction. Certain data may be retained where we have a legal obligation or legitimate need, and we will inform you if any exemptions apply.

7. Data Security

7.1 Security Measures

We implement comprehensive technical and organizational security measures designed to protect your information, including:

• Encryption: All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 encryption.
• Access Controls: Role-based access controls with the principle of least privilege. Multi-factor authentication (MFA) is required for all administrative access.
• Infrastructure Security: Enterprise-grade cloud infrastructure with SOC 2 Type II compliance, physical security controls, and redundant systems.
• Network Security: Firewalls, intrusion detection and prevention systems, and continuous network monitoring.
• Tenant Isolation: Customer data is logically isolated at the database level with customer-specific identifiers, preventing cross-tenant data access.
• Employee Access: Access to personal information is restricted to employees and contractors who have a legitimate business need. All personnel with data access are bound by confidentiality obligations and receive regular security training.
• Vendor Security: Third-party service providers are vetted for security practices and required to maintain appropriate safeguards through contractual obligations.
• Monitoring and Logging: Continuous security monitoring, audit logging, and anomaly detection across our systems.
• Regular Testing: Periodic vulnerability assessments and security reviews of our systems and practices.

7.2 Limitations

While we take the security of your data seriously and employ industry-leading practices, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security issues that may arise.

8. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we are committed to transparent and timely notification.

If we become aware of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information, we will:

• Investigate promptly to determine the scope and impact of the breach.
• Contain the breach by taking immediate steps to prevent further unauthorized access.
• Notify affected individuals without unreasonable delay, and in no event later than the timeframe required by applicable law (within 72 hours for GDPR, and as required by Pennsylvania BPINA and CCPA for U.S. residents).
• Notify relevant authorities, including the Pennsylvania Attorney General (for breaches affecting 500 or more Pennsylvania residents) and applicable state attorneys general or supervisory authorities as required by law.
• Provide affected individuals with a description of the breach, categories and approximate number of records affected, measures taken to address the breach, and recommendations for protective steps.
• Offer credit monitoring services for a minimum of twelve (12) months at no cost, where the breach involves Social Security numbers, financial account numbers, or other sensitive identifiers as required by Pennsylvania law.

9. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. We honor these rights regardless of where you reside, to the extent feasible:

• Right to Access: Request a copy of the personal information we hold about you, including the categories collected, sources, purposes for processing, and third parties with whom it has been shared.
• Right to Correction: Request that we correct or update inaccurate or incomplete personal information.
• Right to Deletion: Request that we delete your personal information, subject to certain legal exceptions.
• Right to Data Portability: Request your personal information in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: Request that we restrict processing under certain circumstances, such as while verifying data accuracy.
• Right to Object: Object to processing where we rely on legitimate interests as the legal basis.
• Right to Opt Out of Sale/Sharing: Although we do not sell or share personal information, you may direct us not to do so. This right is honored by default.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Right to Opt Out of Automated Decision-Making: Where applicable, opt out of decisions made solely through automated processing that produce legal or significant effects.

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@forgenexus.ai or write to ForgeNexus, Attn: Privacy Team, Main Line, PA 19010. We will verify your identity and respond within the timeframes required by applicable law — generally within 45 days for U.S. state law requests and within 30 days for GDPR requests.

You may designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require that you verify your identity directly and confirm that you have authorized the agent to act on your behalf.

10. Cookie Policy

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function properly, improve user experience, and provide analytical information.

10.2 Cookies We Use

• Strictly Necessary Cookies: Essential for the Site to function. Includes session cookies for login state, security cookies for fraud prevention, and load-balancing cookies. These do not require your consent.
• Functional Cookies: Remember your preferences (such as language, theme, or region) for a personalized experience. Set only with your consent.
• Analytics Cookies: First-party analytics to understand how visitors use our Site (pages visited, time on site, navigation patterns). This data is aggregated and anonymized. We do NOT use Google Analytics or any third-party analytics that tracks users across websites. Set only with your consent.

10.3 Cookies We Do NOT Use

• Advertising or targeting cookies
• Third-party tracking cookies
• Cross-site tracking or behavioral advertising cookies
• Cookies to build visitor profiles for marketing

10.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Disabling strictly necessary cookies may affect the functionality of our Site.

10.5 Do Not Track Signals

Our Site respects "Do Not Track" (DNT) signals sent by your browser. When we detect a DNT signal, we do not set any optional cookies or engage in any tracking activity.

11. Children's Privacy

Our Site and Services are designed for business use and are not directed at children under the age of sixteen (16). We do not knowingly collect, maintain, or use personal information from children under sixteen (16) years of age.

If we become aware that we have inadvertently collected personal information from a child under sixteen (16), we will take immediate steps to delete such information from our records and notify the parent or guardian if required by law.

If you are a parent or guardian and believe that your child under sixteen (16) has provided us with personal information, please contact us immediately at privacy@forgenexus.ai. We will promptly investigate and delete any such information.

12. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements this Privacy Policy pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA").

12.1 Sale and Sharing of Personal Information

• We have NOT sold personal information of California consumers in the preceding twelve (12) months.
• We have NOT shared personal information of California consumers for cross-context behavioral advertising in the preceding twelve (12) months.
• We do NOT have actual knowledge that we sell or share the personal information of consumers under sixteen (16) years of age.

12.2 California Consumer Rights

As a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, sources, purposes, and third parties with whom information has been shared.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: Although we do not sell or share personal information, you may submit a request and we will honor it.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information beyond what is necessary for service delivery.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

You may make a request up to twice in a twelve-month period. We will respond within forty-five (45) calendar days. If we need more time (up to an additional forty-five days), we will inform you in writing.

12.3 California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents may request information regarding disclosure of personal information to third parties for direct marketing purposes. Because we do not disclose personal information to third parties for their direct marketing purposes, no such disclosure has been made.

13. European & International Privacy Rights

This section applies to individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, pursuant to the General Data Protection Regulation (EU GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (FADP).

13.1 Data Controller

ForgeNexus is the data controller of personal information we collect directly from you. Where we process Customer Data on behalf of our business clients, we act as a data processor, and our client is the data controller.

13.2 Legal Basis for Processing

• Contractual Necessity: Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
• Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. You have the right to object.
• Consent: Where you have given explicit consent for a specific purpose. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with a legal obligation.

13.3 International Data Transfers

ForgeNexus is based in the United States. If you are located outside the United States, your personal information will be transferred to and processed in the United States. To ensure adequate protection, we rely on:

• EU-U.S. Data Privacy Framework (DPF): Where applicable, transfers are made in accordance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework.
• Standard Contractual Clauses (SCCs): Where the DPF does not apply, we use the European Commission's Standard Contractual Clauses.
• Supplementary Measures: Additional technical and organizational measures (encryption, pseudonymization) to ensure adequate protection.

13.4 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable data protection law.

14. Other U.S. State Privacy Rights

In addition to California, residents of states with comprehensive consumer privacy laws (including Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) may have additional rights including the right to:

• Confirm whether we are processing your personal data
• Access, correct, and delete your personal data
• Obtain a copy of your data in a portable format
• Opt out of targeted advertising, sale of personal data, or profiling (note: we do not engage in any of these activities)

Appeals Process

If we deny your privacy rights request, you may appeal by contacting us at privacy@forgenexus.ai with the subject line "Privacy Rights Appeal." We will respond within the timeframe required by applicable law (typically sixty days). If we deny your appeal, we will provide information on how to contact your state's attorney general.

15. Pennsylvania-Specific Provisions

As a company headquartered in Pennsylvania, we comply with the Pennsylvania Breach of Personal Information Notification Act (BPINA), as amended. In the event of a breach affecting Pennsylvania residents, we will provide notice without unreasonable delay and, where required, offer credit monitoring services for a minimum of twelve (12) months at no cost.

For breaches affecting 500 or more Pennsylvania residents, we will concurrently notify the Pennsylvania Attorney General's Office as required by law.

16. Do Not Track & Global Privacy Controls

We honor Do Not Track (DNT) signals transmitted by your web browser. When we detect a DNT signal, we limit data collection to what is strictly necessary for Site functionality.

We recognize and honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of personal information (though we do not sell or share personal information) and limit non-essential data collection accordingly.

17. Third-Party Links

Our Site may contain links to third-party websites, services, or applications that are not operated or controlled by ForgeNexus. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the content, privacy practices, or data handling of third-party sites.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this Privacy Policy.
• Post a prominent notice on our Site for at least thirty (30) days.
• Notify registered users by email at least thirty (30) days before the changes take effect, where feasible.
• Where required by law, obtain your consent before implementing material changes that affect how we process your personal information.

Your continued use of our Site and Services after the effective date of a revised Privacy Policy constitutes your acknowledgment of the revised policy.

19. Accessibility

This Privacy Policy is available in an accessible format. If you have difficulty accessing this Privacy Policy due to a disability, please contact us at privacy@forgenexus.ai, and we will provide the information in an alternative format.

20. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania, United States, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in the Commonwealth of Pennsylvania.

This provision does not limit any rights you may have under mandatory consumer protection laws in your jurisdiction.

21. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy inquiries within five (5) business days and to resolve all requests within the timeframes required by applicable law.