This Privacy Policy describes how Asaptic Labs ("we", "us", "our") collects, uses, and shares information when you visit the CompanyForge website (companyforge.ai) and use the CompanyForge platform and related services ("Services").
1. Information We Collect
Contact enquiries: Name, email address, and message content when you contact us via email or any contact form on this site.
Usage data: Log data including IP addresses, browser type, pages visited, and actions taken within the platform. This data is used for security monitoring and service improvement.
Platform data: Data you input into the platform, including care plans, compliance records, and AI interaction logs. This data is stored in your tenant namespace and is not shared with other tenants.
2. BYOK Architecture and Health Data
The CompanyForge platform uses a Bring-Your-Own-Key (BYOK) architecture for AI processing. Your Anthropic API key is stored locally in your browser session and is not transmitted to or stored by CompanyForge servers. AI inference calls are made directly from your browser to the AI provider using your key. CompanyForge does not have access to the content of AI inference calls made through the BYOK architecture.
3. How We Use Information
- To respond to your enquiries and provide the Services
- To maintain, improve, and secure the platform
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- For anonymised, aggregated analytics to understand site usage (no personal data retained)
4. Data Sharing
We do not sell personal data. We may share data with:
- Service providers: Cloud infrastructure (Cloudflare), email delivery providers, and analytics providers — under data processing agreements
- Legal requirements: Where required by applicable law, court order, or regulatory authority
- Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate prior notice
5. Data Retention
Contact enquiry data is retained for up to 2 years to enable follow-up. Account and usage data is retained for as long as your account is active and for 3 years thereafter. You may request deletion at any time by contacting [email protected].
6. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact [email protected]. We will respond within 30 days. Hong Kong residents may also refer to the Personal Data (Privacy) Ordinance (Cap. 486).
7. Security
We implement appropriate technical and organisational security measures, including tenant namespace isolation, audit logging for all AI actions, and Band D hard blocks preventing AI-initiated financial or contractual actions without human approval. No internet transmission or electronic storage is completely secure.
8. Cookies
This site uses minimal cookies: a language preference cookie stored in localStorage (no server transmission) and session-level analytics cookies (anonymised, no cross-site tracking). You may clear localStorage at any time via your browser settings.
9. Changes
We may update this Privacy Policy from time to time. Material changes will be notified via email or platform notice. Continued use after the effective date constitutes acceptance.
10. Contact
Privacy enquiries: [email protected]
Asaptic Labs / CompanyForge · Hong Kong SAR