MForja is committed to protecting client data and maintaining enterprise-grade security standards. We do not store client media, video, audio, or operational data. Only contact and contracting information is retained.
Last updated: March 2026
MForja does not store, retain, or process client media, video, audio, or operational data. We collect only the contact and contracting information necessary to conduct business. Your content is yours — it does not pass through or reside on MForja infrastructure.
This policy applies to all visitors to mforja.com, individuals who submit contact or access request forms, and clients who engage MForja under a contractual relationship.
| Data Category | Examples | Purpose | Stored? |
|---|---|---|---|
| Contact information | Name, work email, company, role | Waitlist management, early access communications | Yes |
| Contracting data | Business name, signatory, address, agreements | Legal and commercial relationship management | Yes |
| Website analytics | Page views, session data (anonymized), browser type | Site performance and content optimization | Aggregated only |
| Client media or video content | Video files, audio files, encoded streams | N/A — MForja does not receive, store, or process client content | Never |
| Pipeline or operational data | Encoding configurations, throughput metrics | N/A — not collected by MForja | Never |
Data collected through mforja.com and direct communications is used solely for:
MForja does not sell, rent, or license personal data to third parties for marketing or commercial purposes.
| Data Type | Retention Period | Basis |
|---|---|---|
| Waitlist and access request contacts | 24 months from submission, or until opt-out | Legitimate interest / consent |
| Commercial contracts and agreements | 7 years from contract end | Legal obligation (tax and commercial law) |
| Invoicing and payment records | 7 years | Legal obligation |
| Website analytics | 26 months (aggregated) | Legitimate interest |
| Support and inquiry correspondence | 3 years | Legitimate interest |
MForja uses the following third-party services that may process limited personal data as part of standard web operations:
MForja does not transfer personal data to countries outside the EEA or UK without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact privacy@mforja.com. We will respond within 30 days.
mforja.com uses minimal cookies necessary for site operation and analytics. We do not use third-party advertising cookies or behavioral tracking for ad targeting. Analytics data is aggregated and not tied to individual identities.
You may configure your browser to refuse cookies. Some site features may be affected, but core content remains accessible without cookies.
For all privacy-related inquiries: privacy@mforja.com
If you are located in the EU or UK and believe your data rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner's Office (ICO). In the EU, contact your national data protection authority.
Where GDPR or equivalent legislation applies, MForja processes personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Responding to contact and access request submissions | Legitimate interests (responding to inbound inquiries) |
| Sending early access and product update communications | Consent (opt-in at point of submission) |
| Executing and administering contracts | Contract performance |
| Retaining financial and legal records | Legal obligation |
| Operating and improving our website | Legitimate interests (service operation and security) |
| B2B visitor identification via Apollo.io | Legitimate interests (sales and marketing to business contacts) |
Where processing is based on consent, you have the right to withdraw that consent at any time by contacting privacy@mforja.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
MForja is based in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction.
When transferring personal data from the EEA or UK to countries not covered by an adequacy decision, MForja relies on the following transfer mechanisms:
A copy of applicable transfer safeguards is available upon request by contacting privacy@mforja.com.
MForja's products and services are designed for enterprise and professional use. We do not knowingly collect, solicit, or retain personal data from individuals under the age of 16 (or under 13 in jurisdictions where COPPA applies).
Our website and contact forms are not directed at children, and we do not have reason to believe that children access our services. If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will delete it promptly. If you believe we have collected data from a child, please contact privacy@mforja.com immediately.
MForja reviews this Data Privacy Policy at least annually and may update it to reflect changes in our data practices, applicable law, or regulatory guidance. When we make material changes, we will:
We encourage you to review this policy periodically. Continued use of our website or services following notice of changes constitutes acceptance of the updated policy. If you do not agree with a material change, please discontinue use and contact us to exercise any applicable rights.
Previous versions of this policy are available upon request.
MForja applies a defense-in-depth security framework grounded in Zero Trust principles, least-privilege access control, and continuous monitoring. Security is embedded into product development, infrastructure operations, and business processes — not applied as an afterthought.
Key principle: MForja does not receive, store, or process client media or video content. This architectural decision eliminates the largest class of data security risk for our clients.
MForja maintains a formal incident response plan reviewed annually. In the event of a confirmed security incident involving personal data:
To report a suspected security incident: security@mforja.com
MForja welcomes good-faith security research. If you discover a potential vulnerability in MForja's systems or website, please report it to security@mforja.com before public disclosure.
We commit to acknowledging all reports within 5 business days, working collaboratively on remediation, and not pursuing legal action against researchers who follow responsible disclosure principles.
Out-of-scope: social engineering attacks on MForja personnel, physical security testing, or testing of third-party services used by MForja.
For security-related inquiries, vulnerability reports, or requests for security documentation as part of vendor assessment:
MForja applies security requirements to all third-party vendors and service providers that access, process, or store data on our behalf. Our vendor security program includes:
Current third-party services processing data on behalf of MForja include Cloudflare (CDN/WAF), Google Workspace (communications), and Apollo.io (B2B visitor identification). Each is assessed for security and privacy compliance prior to and during engagement.
MForja maintains a security-aware culture through structured training and ongoing education programs:
MForja maintains documented business continuity and disaster recovery (BC/DR) plans to ensure operational resilience and data availability in the event of system failure, natural disaster, or other disruptive event:
MForja enforces physical security and endpoint device controls to protect against unauthorized access and data loss:
As a distributed, software-first organization, MForja's physical security posture is designed for a remote-work environment with cloud-native infrastructure. Physical access to data centers is governed by MForja's cloud infrastructure providers (AWS, Google Cloud, or equivalent), whose physical security controls are independently audited and certifiable to SOC 2, ISO 27001, and relevant standards.