Data Processing Agreement

For customer content and operational data you place into sites, servers, databases, repositories, and backups, you are generally the controller and ForgedBase acts as a processor where applicable.

For account administration, billing, security, and service improvement data, ForgedBase may act as an independent controller.

ForgedBase processes data to provide the platform, including provisioning, deployment, logging, backups, notifications, provider sync, security, support, and billing operations.

Your configuration choices, dashboard actions, API requests, provider connections, scheduled jobs, commands, backup settings, and support requests are treated as processing instructions for the applicable workspace.

Access to customer content and operational data is limited to what is needed to operate, secure, troubleshoot, and support the service.

Users invited to a workspace may be able to view or manage resources according to their permissions, so workspace owners should review member access regularly.

ForgedBase uses administrative, technical, and organizational measures intended to protect account data, credentials, provider tokens, API keys, operational records, and customer content.

Security measures may include encryption for sensitive credentials, permission checks, audit records, access controls, provider token handling, TLS where supported, and operational monitoring.

ForgedBase may rely on infrastructure, email, payment, observability, storage, authentication, and support providers to deliver the service. Customer-selected providers are also involved when you connect them to a workspace.

You are responsible for reviewing and approving the third-party providers you connect, including their regions, data handling terms, availability, costs, and account permissions.

Where applicable, ForgedBase will provide reasonable assistance for security reviews, data access, correction, deletion, export, and incident investigation through the dashboard or support channels.

When data is deleted from ForgedBase, provider-side resources, external backups, DNS records, repositories, mail domains, and storage objects may need to be removed directly with the relevant provider if they remain outside ForgedBase control.