Security & Trust

Security is foundational to everything we build.

Forge handles the financial and compliance data behind critical infrastructure projects. Protecting it with enterprise-grade controls isn't a feature — it's the foundation of our product.

Visit our Trust Center Request our security docs

Compliance & standards

SOC 2 Type IIIn Progress

Currently undergoing our SOC 2 audit to formally certify our security, availability, and confidentiality controls.

GDPR

Compliant data processing practices for personal data of EU data subjects.

Encryption in Transit & at Rest

TLS 1.2+ for data in transit and AES-256 for data at rest.

View our live security posture and request documentation in our Trust Center.

How we protect your data

A defense-in-depth approach

Security at Forge spans our people, processes, and technology. Every layer is designed to keep your compliance data confidential, available, and trustworthy.

Data Protection

All customer data is encrypted at rest with AES-256 and in transit with TLS 1.2 or higher. Sensitive financial records are logically isolated per tenant so your data is never commingled.

Infrastructure Security

Forge runs on SOC 2-compliant cloud infrastructure with network segmentation, hardened configurations, and automated patching. Production access is restricted and fully audited.

Access Control

Role-based access control, single sign-on (SSO), and the principle of least privilege govern every account. Multi-factor authentication is enforced for all internal systems.

Monitoring & Logging

Continuous monitoring, centralized logging, and automated alerting let us detect and respond to anomalies in real time. Audit trails are retained for compliance and forensics.

Business Continuity

Automated, encrypted backups and a tested disaster recovery plan keep your data durable and available. We design for resilience with redundancy across availability zones.

People & Process

Every employee completes security awareness training, and access is provisioned through documented onboarding and offboarding. Vendors are vetted through a formal review process.

Secure development lifecycle

Security reviews, dependency scanning, and code review are built into our engineering workflow before anything reaches production.

Vulnerability management

We run regular vulnerability scans and engage third-party experts for periodic penetration testing, remediating findings on a risk-prioritized basis.

Data ownership

Your data is yours. We never sell it, and we process it only to deliver and improve the Forge service as described in our agreements.

Report a vulnerability

We welcome reports from security researchers and the broader community. If you believe you've found a security vulnerability in Forge, please disclose it responsibly so we can investigate and resolve it quickly.

security@goforge.io

Have questions about our security program?

Our team is happy to walk through our controls, share documentation, and complete security questionnaires for your procurement process.

Get in Touch