Privacy Policy

Welcome to Forcivate. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we handle your personal data when you visit our website or use our AI marketing platform, and tell you about your privacy rights.

Forcivate provides specialized AI agents to help small businesses with marketing tasks. In delivering these services, we process certain information about you and your business. This policy explains what information we collect, why we collect it, and how we use it.

We use the information we collect to:

• Provide Our Services: To operate our AI marketing platform, generate marketing content, and deliver the features you request.
• Personalize Your Experience: To customize our services based on your business needs and preferences.
• Improve Our Platform: To analyze usage patterns, identify bugs, and develop new features.
• Communicate With You: To send service updates, respond to inquiries, and provide customer support.
• Ensure Security: To detect and prevent fraud, abuse, and security incidents.
• Comply With Legal Obligations: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We work with third-party service providers who perform services on our behalf, such as hosting, payment processing, analytics, and customer support. These providers have access to your information only to perform specific tasks and are obligated to protect it.
• AI Service Providers: Our AI agents may use third-party AI models (such as OpenAI, Anthropic) to generate marketing content. We only share the minimum necessary information to provide these services.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required by law or in response to valid legal requests.
• With Your Consent: We may share your information for other purposes with your explicit consent.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and privacy
• Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

In addition to the general data security measures described above, Forcivate implements dedicated data protection mechanisms for sensitive data. Sensitive data includes, but is not limited to, authentication tokens, API credentials, payment data, analytics identifiers, and any other information that could grant access to user accounts or third-party integrations.

We protect sensitive data through the following measures:

• Encryption and Key Management: All sensitive data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Encryption keys are stored and rotated securely in accordance with industry standards.
• Tokenization and Limited Access: API tokens (including YouTube, OpenAI, and other third-party integrations) are stored in a secure secrets manager and never exposed to end users or client-side applications. Access is restricted to authorized system processes only.
• Data Minimization and Anonymization: Only the minimal required data fields are collected and processed. Whenever possible, identifiers are anonymized or pseudonymized to prevent identification of individual users.
• Isolated Processing: Sensitive data is processed on isolated servers with role-based access controls (RBAC) to limit exposure. Administrative access is logged and monitored.
• Third-Party Security Compliance: All third-party processors handling sensitive data (including payment gateways, cloud providers, and AI API vendors) are required to meet or exceed SOC 2, ISO 27001, GDPR, and CCPA compliance standards.
• Data Retention and Deletion: Sensitive data is retained only for as long as necessary to provide services or comply with legal obligations, and is securely deleted or anonymized once no longer needed.
• Incident Response: In the event of a suspected or confirmed breach involving sensitive data, Forcivate will promptly investigate, mitigate, and notify affected users and relevant authorities as required by law.

Depending on your location, you may have certain rights regarding your personal information:

• Access: You can request access to the personal information we hold about you.
• Correction: You can request that we correct inaccurate or incomplete information.
• Deletion: You can request that we delete your personal information, subject to certain legal exceptions.
• Data Portability: You can request a copy of your data in a structured, machine-readable format.
• Objection: You can object to certain types of processing of your personal information.
• Withdrawal of Consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights, please contact us at privacy@forcivate.com. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to provide and improve our services. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

We use the following types of cookies:

• Essential Cookies: Required for the platform to function properly.
• Performance Cookies: Help us understand how users interact with our platform.
• Functionality Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us analyze usage and improve our services.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our platform.

Forcivate operates globally, and your information may be transferred to and processed in countries other than your own. When we transfer personal information internationally, we ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

For users in the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection for data transfers outside the EEA.

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal purposes.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by email or through a prominent notice on our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us: