This Privacy Policy governs access to and use of the FortaTech Security LLC (“FortaTech Security,” “Company,” “we,” “our,” or “us”) services, including the FortaTech Security websites (such as BastionGPT) and downloadable application (together, the “Service”) which is provided by FortaTech Security. It explains how we collect, use, disclose, and protect information in connection with the Service, and your choices about the collection and use of Customer (“you” or “your”) information.
The Service enables users to interact with various technologies, including artificial intelligence, to generate text and images. If you do not want your information to be included as part of our Service, you may opt out by contacting us at legal@forta.tech. However, we may retain your information even after you have opted out, so we can keep a record of and process your opt-out and/or if retention is necessary to comply with legal obligations, regulatory requirements, or to prevent fraud or abuse.
By using the Service, you agree to this Privacy Policy. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICE.
This Privacy Policy applies only to information collection on or through the Service. It does not apply to information we collect by other means (including offline) or from other sources other than through the Service.
Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Service.
1. How We Collect And Use Information
Information you provide us directly. We collect a variety of information that you provide directly to us, including:
- Account Information. When you first sign in to your account, you will need to provide us with a username, password, your first and last name, and your email address.
- Your User Content. When you use the Service to interact with our technologies, we collect and retain this information to facilitate our services, and for troubleshooting and abuse monitoring purposes. You may choose to have information shared by you removed at any time by contacting us at legal@forta.tech.
Information we automatically collect. When you use our Service, we may automatically collect certain information, including:
- Analytics information. We may directly collect analytics data, or use third-party analytics tools (such as those of Google Analytics), to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
- Cookies information. When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us or our business partners to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. You can choose to remove a persistent cookie any time by following your web browser’s directions about how to erase or delete cookies. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, key features of the Service may not function properly if the ability to accept cookies is disabled or if you erase our cookies.
- Do Not Track Signals and Similar Mechanisms. While it is FortaTech Security’s intent to honor browser-initiated Do Not Track Signals, industry standards for how to prevent tracking and continue to provide functionality are not defined. Please do not use this service if you are concerned about Do Not Track capabilities.
- Log file information. Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. These server logs may include your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.
2. How We Use Your Information
We use your information for various purposes, including, but not limited to:
- Respond to your requests for information
- Provide you with more effective and efficient customer service
- Contact you regarding our products, services, and other information that we think may be of interest to you;
- Customize the content on the Services;
- Improve the Services and other products and services we may offer;
- Engage in analysis, marketing research, and reports regarding use of our Services;
- Operate, maintain, and provide to you and others the features and functionality of the Service;
- Provide security and monitoring, and address technical issues and bugs; and
- Enforce legal agreements, including our Terms of Service and this Privacy Policy
We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”).
Information provided through the chat functionality of BastionGPT is not sold or used in the development of future AI models.
3. Commercial And Marketing Communications
We may use the information we collect or receive to communicate directly and indirectly with you. We may send you emails containing newsletters, promotions and special offers related to the Service. If you do not want to receive such email messages, you will be given the option to opt out or change your preferences.
4. How We Share Your Information
We may share your information in the following ways:
- Service Providers. We may share your information with contractors and third party service providers, as needed to help us operate our business, where we have a legitimate interest to do so. Service providers who are classified as sub-processors are held to standards of data protection no less rigorous than applicable data protection laws require.
- Protection of FortaTech Security and Others. We will disclose your information where it is required to do so by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of us, our Users or others.
- Aggregate/De-Identified Information. We may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. This Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
- Consent. We may also disclose your information to third parties with legal basis other than consent.
5. How We Store And Protect Your Information
Storage and Processing Location: Information collected through the Service will generally be stored and processed in the United States. However, for users registered in Canada and Australia, your personal data will be stored and processed within Canada and Australia, respectively. By using the Service, you consent to the transfer, processing, and storage of your information in the United States, or, if applicable, in Canada or Australia. This includes using your information in other countries where we may process and store data. Such processing will be conducted in accordance with the purposes outlined in this Privacy Policy and in compliance with applicable laws.
Keeping your information safe: We care about the security of your information, and we use a variety of physical, administrative, and technical safeguards to preserve the integrity and security of information collected through the Service. To protect your privacy and security, we take steps to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your account information, and for controlling access to your email communications from us, at all times. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.
We have rigorous data protection measures in place, including data encryption, alerting and monitoring solutions, and access control measures. Refer to our Security Page for more details.
6. Your Choices About Your Information
Deleting Uploaded Data: If at any time you wish to remove information you have uploaded to the Service or stored in your account, you may request to do so by contacting us at legal@forta.tech. However, we may retain your information even after you have opted out if retention is necessary to comply with legal obligations, regulatory requirements, or to prevent fraud or abuse.
Communications from us: You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. You may opt out of Service-related communications (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices) by reaching out to support@forta.tech. If you have any questions about reviewing or modifying your account information, you can contact us directly at support@forta.tech.
7. Your California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their ‘personal information’ (if any, and as defined under applicable California law) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to legal@forta.tech.
8. Children’s Privacy
The Service and its content are not intended for children under the age of 13. In the event that we learn that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at legal@forta.tech.
9. Links To Other Web Sites And Services
The Service may contain links to third-party websites and services. We are not responsible for the practices employed by these websites or services, including the information or content contained therein. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function.
Because these third-party websites and services are not operated by us, we are not responsible for the content or practices of those websites or services. Please remember that when you use a link to go from the Service to another website, our Privacy Policy does not apply to those websites or services. Your browsing and interaction on any third-party website or service, including those that have a link or advertisement on our website, are subject to that third party’s own rules and policies.
10. Data Subject Rights
Data subjects are entitled, as set out in and subject to the conditions of applicable law, to:
- Request access to the personal data we process about you: you are entitled to know whether we process data about you. If we do, you may obtain a copy of this data.
- Request a rectification of your personal data: you are entitled to request rectification of data about you that is inaccurate or incomplete.
- Request the erasure of your personal data: you are entitled to request deletion of your personal data.
- Request the restriction of the processing of your personal data: you are entitled to request that FortaTech Security restrict processing activities of your personal data.
- Request portability of your personal data: you are entitled to request a copy of your personal data (in a structured, commonly used and machine-readable format) to transfer this data to another data controller.
- Object to processing of your personal data: you are entitled to request that FortaTech Security no longer process your personal data.
Where processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting FortaTech Security’s Legal Team at legal@forta.tech. This will not affect FortaTech Security’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.
11. How To Contact Us
Please contact us at legal@forta.tech if you have any questions about the information we may have collected about you, and to review, revise, or delete such information.
12. Changes To Our Privacy Policy
We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, and so you should review this page periodically. We keep our Privacy Policy under review to ensure it is up to date and accurate. When we make a material change to this policy we will notify you as required by law and update the ‘last modified’ date at the bottom of this page. This privacy policy was last modified September 20, 2024.