Security Policy

Last updated: January 15, 2024

Security Measures

We take the security of your data seriously and implement multiple layers of protection:

Data Encryption

• All data is encrypted in transit using TLS 1.3

• Sensitive data is encrypted at rest using industry-standard encryption

• Database connections are encrypted and authenticated

Access Controls

• Multi-factor authentication for administrative access

• Role-based access controls with principle of least privilege

• Regular access reviews and permission audits

• Secure authentication protocols

Infrastructure Security

• Hosted on secure, SOC 2 compliant infrastructure

• Regular security updates and patches

• Network segmentation and firewalls

• Intrusion detection and monitoring

Data Protection

• Regular automated backups with encryption

• Data retention policies and secure deletion

• Privacy by design principles

• Regular security assessments

Incident Response

In the event of a security incident:

1. We will assess the scope and impact

2. Take immediate steps to contain the threat

3. Notify affected users as required by law

4. Conduct a thorough investigation

5. Implement additional safeguards as needed

Reporting Security Issues

If you discover a security vulnerability, please report it to security@forge.dev. We appreciate responsible disclosure and will work with you to address any issues.

Compliance

We maintain compliance with relevant security standards and regulations, including:

• SOC 2 Type II

• GDPR (where applicable)

• CCPA (where applicable)

Contact

For security-related questions, contact us at security@forge.dev.