Privacy Policy

Last Updated: January 1, 2025

ThalosForge Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use ARIG Enterprise.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, billing address
• Payment Information: Credit card details (processed by Stripe, we don't store card numbers)
• Support Communications: Messages, tickets, and feedback you send us

1.2 Automatically Collected Information

• Usage Data: Feature usage patterns, error logs (anonymized)
• Device Information: Browser type, operating system, IP address
• Cookies: Essential cookies for authentication and preferences

1.3 Information We Do NOT Collect

• Your monitoring data (stays in your infrastructure)
• Your customers' personal information
• Sensitive personal data (health, religion, political views)

2. How We Use Your Information

• Provide and maintain our services
• Process payments and send invoices
• Send product updates and security alerts
• Respond to support requests
• Improve our products (using anonymized data)
• Comply with legal obligations

3. Data Sharing

We do NOT sell your personal data. We may share information with:

• Service Providers: Payment processors (Stripe), email services (SendGrid), hosting (AWS)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger or acquisition

4. Data Security

We implement industry-standard security measures:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• SOC 2 Type II compliance (Enterprise tier)
• Regular security audits and penetration testing
• Employee access controls and training

5. Data Retention

• Account Data: Retained while account is active + 30 days
• Billing Records: 7 years (legal requirement)
• Support Tickets: 2 years
• Usage Analytics: 90 days (anonymized)

6. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured format
• Object: Opt-out of marketing communications
• Restrict: Limit how we process your data

To exercise these rights, email [email protected]

7. Cookies

We use the following cookies:

• Essential: Authentication, security (cannot be disabled)
• Functional: Preferences, language settings
• Analytics: Usage patterns (can be disabled)

You can manage cookies through your browser settings or our cookie consent banner.

8. International Transfers

We process data in the United States. For EU customers, we rely on:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)

Enterprise customers can request EU-only data processing.

9. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or prominent notice on our website.

11. Contact Us