1. Who we are
Forttic Inc. is the data controller for personal information collected through our website and for account, billing, and marketing data relating to our Services. For Customer Data processed on behalf of enterprise subscribers (for example, backup metadata and resilience configuration information from connected systems), Forttic generally acts as a processor and processes such data only on documented instructions from the customer.
Privacy inquiries: privacy@forttic.com · General contact: hello@forttic.com
2. Information we collect
We collect information in the following categories, depending on how you interact with us:
2.1 Information you provide
- Contact and account details — name, business email, phone number, job title, company name, and credentials when you register, book a briefing, complete a CRE assessment, or contact support.
- Communications — content of messages, support tickets, and feedback you send us.
- Commercial information — subscription tier, billing contacts, purchase history, and records of agreements where applicable.
2.2 Information collected automatically
- Website and product usage — pages viewed, referring URLs, approximate location derived from IP address, browser type, device identifiers, timestamps, and interaction events.
- Log and security data — authentication logs, API activity, error reports, and signals used to detect abuse or unauthorized access.
- Cookies and similar technologies — see Section 8.
2.3 Customer Data (enterprise services)
When you connect backup platforms, cloud accounts, or related integrations, Forttic may process metadata and configuration information necessary to discover assets, assess posture, enforce policies, verify recovery, and generate compliance evidence. The categories and sensitivity of Customer Data depend on your environment and the integrations you authorize. We do not require access to production workload content for core enforcement workflows; access is scoped to what you configure through read-only or least-privilege integrations.
3. How we use information
We use personal information to:
- Provide, operate, maintain, and improve the Services;
- Authenticate users and secure accounts;
- Respond to inquiries, deliver assessments and briefings, and provide customer support;
- Process transactions and manage subscriptions;
- Send service-related notices, product updates, and — where permitted — marketing communications (you may opt out at any time);
- Analyze usage to improve reliability, performance, and user experience;
- Comply with legal obligations and enforce our terms;
- Protect the rights, safety, and security of Forttic, our customers, and others.
4. Legal bases (EEA, UK, and Switzerland)
Where the GDPR or equivalent laws apply, we rely on:
- Contract — to perform our agreement with you or your organization;
- Legitimate interests — to operate and improve the Services, secure our platform, and communicate about relevant product updates, balanced against your rights;
- Consent — for non-essential cookies and certain marketing where required;
- Legal obligation — where we must retain or disclose information by law.
5. How we share information
We do not sell personal information. We may share information with:
- Service providers — hosting, infrastructure, email delivery, customer support tools, analytics, and professional advisors, under contracts that require appropriate safeguards;
- Integration partners — only as directed by you when connecting third-party backup or cloud platforms;
- Corporate transactions — in connection with a merger, acquisition, or asset sale, subject to continued protection;
- Legal and safety — when required by law, regulation, legal process, or to protect rights and safety.
A list of key sub-processors is available to enterprise customers upon request or as specified in an applicable DPA.
6. International transfers
Forttic is based in the United States. If you access the Services from other regions, your information may be transferred to and processed in the U.S. and other countries where we or our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities.
7. Retention
We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type — for example, marketing suppression lists may be kept longer to honor opt-out requests, while website logs may be retained for a shorter operational period unless needed for security investigations.
8. Cookies and analytics
We use cookies and similar technologies on our website for essential functionality, preferences, and analytics. We use Google Tag Manager, which may load tags from Google and other vendors you configure. You can control cookies through your browser settings. Where required by law, we will obtain consent before placing non-essential cookies.
9. Security
We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, logging, and secure development practices. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. Your rights and choices
Depending on your location, you may have the right to:
- Access, correct, or delete personal information we hold about you;
- Restrict or object to certain processing;
- Data portability;
- Withdraw consent where processing is consent-based;
- Opt out of marketing emails via the unsubscribe link or by contacting us;
- Lodge a complaint with a supervisory authority (EEA/UK).
California residents (CCPA/CPRA): You have the right to know, delete, and correct personal information, and to opt out of “sale” or “sharing” as defined by California law. Forttic does not sell personal information. To exercise rights, email privacy@forttic.com. We will not discriminate against you for exercising privacy rights.
We may need to verify your identity before responding. If we process your information as a processor on behalf of your employer, please contact your organization’s administrator first.
11. Children
The Services are intended for business use and are not directed to individuals under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.
12. Third-party links
Our website may link to third-party sites. Their privacy practices are governed by their own policies, not this one.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate.
14. Contact us
Forttic Inc.
Email: privacy@forttic.com
Website: https://www.forttic.com