Futforce legal documents

Product & Services Privacy Policy

Last Updated: [10/10/2025]

I. Scope & Dual Role

This policy governs how Futforce and the AI agent Fora process data when you use our product, integrations, AI features, or internal services. Depending on the context:

  • Futforce may act as data processor, under your employer’s direction

  • In limited contexts (e.g. administering your account, support logs), Futforce may act as controller

II. Data Processed as a Processor

When Futforce operates under your employer or organization:

A. Types of Data & Purpose

  • User Profiles & Directory Data — name, role, department, custom fields

  • Authentication & Access Logs — login timestamps, IPs, device metadata

  • Content & Communications — messages, posts, comments, attachments

  • Workflow & Task Data — approvals, status changes, task records

  • Integration Metadata — IDs, tokens, linked system attributes

  • Usage Analytics — feature usage, performance metrics, error logs

B. AI / Automated Processing

  • Fora responds to queries, generates suggestions, routes tasks, processes text, summarises content, triggers workflows.

  • Processing is scoped to the context of the user request; broader separation is maintained.

  • No unauthorized use of whole datasets for model training without explicit agreement.

C. Deletion & Retention

  • Users may submit deletion requests, but deletion occurs only after administrator approval in compliance with corporate audit needs.

  • Once approved, personal identifiers are anonymized (e.g. “Deleted User”).

  • Organizations may define longer retention or anonymization policies; aggregated data may be retained.

III. Data Where Futforce Acts as Controller

In limited product contexts (e.g. feedback, support requests):

  • Support & Logs — support tickets, chat transcripts, crash logs

  • User Feedback / Surveys — responses, ratings, comments

These are collected and controlled by Futforce directly, under our own legal basis (e.g. consent or legitimate interest).

IV. Cookies, Tokens, & Local Storage

  • We issue session tokens or JWTs for authentication.

  • Local storage may store UI preferences, client-state caches.

  • Cookies may be used for “remember me” or session persistence.

  • Use of third‑party cookies may occur in integrated parts (e.g. analytics) with consent.

V. Security, Transfers, & Subprocessors

  • Use encryption (TLS in transit, AES or equivalent at rest).

  • Access control: role-based, logging, audits.

  • Cross-border transfers use SCCs, adequacy, or approved frameworks.

  • Subprocessors (e.g. hosting, analytics, backup providers) are contractually bound to privacy and confidentiality.

  • We maintain incident response plans, monitoring, backups, vulnerability scanning, penetration testing, etc.

VI. User Rights & Administrative Governance

  • As applicable, users may request access, correction, anonymization, restriction, portability or objection (subject to organization policy).

  • Administrators (your HR/IT) have oversight and can approve or deny deletion requests or override per policy.

  • Consent-based features (e.g. notifications, advanced AI features) may be opt-in and revocable.

VII. Disclosures, Sharing & Accountability

  • We do not sell corporate user data.

  • We may share with service providers (e.g. backup, analytics) under strict confidentiality.

  • Legal obligations (court, regulatory) may require disclosure.

  • We may use anonymized or aggregated dataset for product improvement or benchmarking, without identifying individuals.

VIII. Fora & AI-Specific Safeguards

  • Scoped permissions: Fora only accesses data allowed by configuration and system permissions.

  • Audit logs: All AI activity (queries, generated outputs, actions triggered) is logged for traceability.

  • Prompt & Response filtering: Prevents sensitive data leakage or misuse.

  • Privilege constraints: Fora only acts within its lowest privilege envelope (no overreach).

IX. Security Incidents & Breach Notification

  • We maintain a formal incident response plan.

  • In case of personal data breach, we notify affected organizations and, where required, regulatory bodies within statute deadlines.

  • Logs and backups assist reconstruction and forensic analysis.

X. Policy Changes

We may update this policy over time. Notable changes will be communicated to administrators and/or via in-product notices. The revision date reflects the current policy version.

XI. Contact & Requests

Futforce Inc
Address: 12250 Queenston BLVD, Houston, TX 77095
Email: marketing@futforce.com (for data/privacy inquiries)

For product-level issues, please contact your organization’s administrator first.