Privacy Policy

1. Introduction

BigForgeOne LLC ("Company," "we," "us," or "our") operates the FORGE defense logistics platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, username, organizational affiliation, and role designation. Authentication is managed through Amazon Cognito.

2.2 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, IP addresses, and referring URLs. We use Google Analytics (tracking ID: G-SS7V9CY6DV) to aggregate and analyze usage patterns.

2.3 Device Information

We collect information about the device you use to access the Service, including browser type, operating system, device identifiers, and screen resolution. For mobile app users, we may collect device model and OS version.

2.4 Data You Provide

Any data you enter into the Service (inventory records, work orders, inspection results, vendor information, etc.) is stored and processed on your behalf.

3. How We Use Your Data

• Service Delivery: To provide, operate, and maintain the FORGE platform and its features
• Analytics: To understand usage patterns via Google Analytics and improve the Service
• Security: To detect, prevent, and respond to security incidents and unauthorized access
• Communication: To send you service-related notifications, including alerts, maintenance notices, and account security communications via Amazon SES
• Compliance: To fulfill legal obligations and comply with applicable regulations

4. Data Storage and Security

Your data is stored in Amazon DynamoDB in the AWS us-east-1 region with encryption at rest provided by AWS Key Management Service (KMS). File uploads and attachments are stored in Amazon S3 with server-side encryption.

• All data is encrypted in transit via TLS 1.2 or higher
• All data is encrypted at rest via AWS KMS
• Multi-tenant data isolation ensures organizational data separation
• Role-Based Access Control (RBAC) restricts data access by user role
• Audit logging tracks all data access and modifications
• The platform is architected for future migration to AWS GovCloud (US)

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• AWS Infrastructure: Your data is processed and stored using Amazon Web Services infrastructure. AWS acts as a data processor on our behalf.
• Legal Requirements: We may disclose information if required to do so by law, regulation, subpoena, court order, or other governmental request.
• Safety: We may disclose information when we believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.

6. Cookies and Local Storage

The Service uses the following cookies:

Google Analytics also sets cookies to collect anonymized usage data. You may disable cookies in your browser settings, though this may impact Service functionality.

7. Mobile Application Data

If you use the FORGE mobile application, the following additional data practices apply:

• Biometric Data: If biometric authentication is enabled, biometric data (fingerprint/face ID) is processed and stored locally on your device only. We never transmit or store biometric data on our servers.
• Push Notifications: If you opt in, we store your device push notification token to send you alerts. You can disable push notifications at any time in your device settings.
• Camera Access: The app may request camera access for barcode/QR scanning and inspection photo capture. Photos are uploaded to S3 with encryption.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination, we retain data for thirty (30) days to allow for data export, after which it is permanently deleted.

Audit log data may be retained for longer periods as required by applicable defense regulations and compliance requirements.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to certain processing of your data

To exercise any of these rights, contact us at chris@bigforgeone.com. We will respond within thirty (30) days.

10. Children's Privacy

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11. CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

12. GDPR Compliance (EEA Residents)

If you are a resident of the European Economic Area (EEA), our legal basis for processing your personal data includes: performance of a contract (providing the Service), legitimate interests (security, analytics), and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy, please contact us: