top of page

Trust & Security 

Effective Date: October 21, 2025 

1. Definition of Terms 

For clarity, the following terms are used throughout this document: 

1. RTO (Recovery Time Objective): The maximum acceptable duration of time for the platform to be restored after an incident. 

2. RPO (Recovery Point Objective): The maximum acceptable data loss, measured in time, that can occur after an incident. 

3. RBAC (Role-Based Access Control): A method of restricting system access to authorized users based on their defined roles. 

4. MFA (Multi-Factor Authentication): An authentication method requiring two or more verification factors to grant access. 

5. IRP (Incident Response Plan): A documented procedure for identifying, managing, and resolving security incidents. 

6. SDLC (Secure Development Lifecycle): A process that embeds security activities and testing throughout the software development process. 

7. PII ( Personally Identifiable Information): Information that can be used to distinguish or trace an individual's identity. 

2. Introduction and Commitment 

This document details the security, privacy, and compliance framework governing the Forge aHedge SaaS platform. At Forge aHedge, we are fundamentally committed to protecting our customers' data and maintaining a secure, resilient, and trustworthy service that meets or exceeds relevant industry standards and legal requirements. 
 

Security Objectives 

  • Confidentiality, Integrity, and Availability (CIA): Protect customer data against unauthorized access, modification, or destruction. 

  • Trust and Resilience: Ensure continuous platform security and operational stability. 

  • Regulatory Adherence: Maintain strict compliance with global data protection regulations and established frameworks. 

  • Transparency: Provide clear, open communication regarding our security practices. 

3. Data Security Management 

3.1 Data Classification 

All data handled by the platform is formally classified to ensure appropriate protection controls are applied. 
 

Classification  Description                                                                    Examples 

Public                 Information approved for general disclosure.               Marketing materials, public documentation. 

Internal              Business information not intended for public release. Internal policies, operational data. 

Confidential      Proprietary information with moderate risk.                   Financial forecasts, strategic plans. 

Restricted         Highly sensitive data requiring the strictest controls.   PII, financial records, health data. 

3.2 Data Encryption 

State                      Protocol/Standard          Details 

Data In Transit      TLS 1.2+                               All data transmission between clients and our platform (and between                                                                                       services) is protected using strong ciphers. 

Data At Rest          AES-256                               All customer data, including databases, file storage, and backups, is                                                                                         encrypted using industry-standard AES-256 encryption. 

3.3 Data Retention and Deletion 

State                      Protocol/Standard          Details 

Data In Transit      TLS 1.2+                               All data transmission between clients and our platform (and between                                                                                       services) is protected using strong ciphers. 

Data At Rest          AES-256                               All customer data, including databases, file storage, and backups, is                                                                                         encrypted using industry-standard AES-256 encryption. 

bottom of page