Back

Privacy Policy

1. Introduction

Forte ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our contact discovery service. We are SOC 2 compliant and adhere to GDPR and CCPA regulations.

2. Information We Collect

2.1 Information from Google

When you sign in with Google, we collect:

  • Your Google profile information (name, email address, profile picture)
  • Your Google account ID for authentication purposes

2.2 Gmail Access

We request access to your Gmail account with the gmail.send scope to:

  • Send emails on your behalf when you use our contact features
  • Enable direct communication through your Gmail account

Important: We do not read, store, or access your existing emails. We only send emails when you explicitly request to do so through our service.

2.3 Usage Data

We automatically collect certain information when you use our service:

  • Log information (IP address, browser type, operating system)
  • Usage patterns and feature interactions
  • Search queries and contact lookups (anonymized)
  • Device information and technical specifications

3. How We Use Your Information

We use the collected information for the following purposes:

  • Authentication: To verify your identity and provide secure access to our service
  • Service Delivery: To provide contact discovery and communication features
  • Email Communication: To send emails on your behalf when you request to contact discovered individuals
  • Service Improvement: To analyze usage patterns and improve our features
  • Security: To detect and prevent fraud, abuse, or security incidents
  • Compliance: To comply with legal obligations and enforce our terms

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share specific information
  • Service Providers: With trusted third-party service providers who assist in operating our service (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or government regulation
  • Safety and Security: To protect the rights, property, or safety of Forte, our users, or the public

5. Data Security

We implement industry-standard security measures to protect your information:

  • SOC 2 Type II compliance for security controls
  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your information.

6. Your Privacy Rights

6.1 GDPR Rights (EU Residents)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability
  • Object to processing of your personal data
  • Withdraw consent at any time

6.2 CCPA Rights (California Residents)

Under CCPA, California residents have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete personal information we have collected
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

7. Google API Services Compliance

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the minimum necessary permissions (gmail.send scope)
  • We use Google user data solely for providing our contact discovery service
  • We do not store or cache Gmail content beyond what is necessary for service functionality
  • We do not use Google user data for advertising or other commercial purposes
  • Human access to Google user data is limited to specific, authorized personnel for security and service purposes

8. Data Retention

We retain your information only for as long as necessary to provide our services and comply with legal obligations:

  • Account information: Until you delete your account or request deletion
  • Usage logs: Up to 12 months for service improvement and security purposes
  • Communication records: As required by law or for legitimate business purposes

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by regulatory authorities
  • Adequacy decisions by relevant data protection authorities
  • Industry-standard security measures during transit and storage

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide at least 30 days advance notice.

12. Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or need to report a privacy concern, please contact us through our official communication channels.

For GDPR-related inquiries, you also have the right to lodge a complaint with a supervisory authority in your jurisdiction.