FORGE ASSISTANTS

Security & Trust

Effective: June 2026 | Last updated: June 2026

TL;DR Your data is encrypted in transit and at rest. We use scoped App Passwords, not raw credentials. No human at Forge ever reads your email, calendar, or messages. You can delete everything in one email. We're working toward SOC2 Type 1 in Q1 2027.

Forge Assistants handles some of the most sensitive surfaces of your work — email, calendar, messaging. This page describes exactly what we do (and don't do) to protect your data, in plain language. For the legal data-handling terms, see our Privacy Notice.

1. What We Protect

Three categories of data pass through Forge:

Connected account data — emails, calendar events, messages — accessed only when you delegate a task that requires it.
Brainwriting preferences — your role, communication style, priorities, and working context. Used to personalize how your assistant responds.
Task artifacts — research reports, generated code, scheduled cron jobs, the outputs of work you delegated.

2. How We Protect It

🔐

Encryption in Transit & At Rest

All data moves over TLS/HTTPS. Credentials and brainwriting data are encrypted at rest using industry-standard algorithms.

🛡️

App Passwords, Not Raw Credentials

For Gmail and other integrations, we use scoped App Passwords — never your real account password. Revoke in your Google account at any time.

🤖

Your Telegram Bot — Created and Held by Us

Your Forge Assistant runs on a Telegram bot that we create on your behalf. The bot's authentication token is generated and stored by Forge, never shared with you or any third party. It is used solely to route messages between you and your assistant — not to read your other Telegram messages, not to train any model, and not for any purpose beyond delivery.

👤

No Human Reads Your Data

No Forge employee or contractor accesses your email, calendar, messages, or task content. The system processes your data; humans don't review it.

🔑

Access Controls

Only authorized personnel can access infrastructure. No one at Forge has standing access to customer data — access is request-based and logged.

3. What We Don't Do

We don't sell your data. Forge Assistants does not sell, trade, or rent personal data to third parties. Period. We make money from subscriptions.
We don't use your data to train models. Your emails, calendar, and messages are processed to complete tasks you delegate — they're not used to train any AI model.
We don't run ad networks or analytics resellers. No tracking pixels, no third-party data brokers, no remarketing audiences.
We don't grant government backdoor access. We comply with lawful legal process, but we don't voluntarily provide backdoor access to anyone.

4. Data Deletion

You can close your account at any time. Upon closure:

Your data is permanently deleted within 30 days.
This includes brainwriting preferences, task history, connected credentials, and all task artifacts.
Backups are rotated out within 90 days.
Send a deletion request to hello@getforge.ph from the email associated with your account.

5. Incident Response

If we discover a security incident that affects your data, we will:

Notify affected customers within 72 hours of discovery.
Describe what was affected, what was not, and what we're doing about it.
Provide a written post-mortem within 14 days for material incidents.

We have no public history of security incidents. If that changes, this page will say so.

6. Compliance Roadmap

We're a young company. We don't have formal compliance certifications today. Here's where we're headed:

📋

SOC2 Type 1 — Q1 2027

Independent audit of our security controls. Target audit window: January–March 2027.

🌏

PH Data Privacy Act

Already operating in compliance with RA 10173. See our Privacy Notice for the full breakdown.

Until certifications land, the practices on this page are binding internal policy, not marketing copy.

7. Questions?

If you have a security question that isn't answered here, or you're evaluating Forge for a procurement review, email us at hello@getforge.ph. We respond to security questions within 1 business day.

Get Started