Trust, Legal & Compliance Center

Vellora Forge ("we", "us") operates Convergent360™, an enterprise integration management platform. This Privacy Policy explains what data we process, why, and the rights available to you. It applies to all production tenants under the Vellora Forge ecosystem.

Data we process

• Account identity: name, work email, organization, assigned role.
• Operational data: projects, portfolios, capacity, dependencies, RIDAC items and reports you enter.
• Security signals: authentication events, MFA enrollment status, trusted devices, session assurance levels and audit logs.
• Technical metadata: hashed IP, browser/OS signals and timestamps used for security monitoring.

How we use data

• To provide governance, reporting and integration capabilities.
• To secure accounts via authentication, MFA and Forge Sentinel™ monitoring.
• To meet legal, audit and contractual obligations.

Tenant isolation

All customer data is isolated per tenant through row-level security. We never use one customer's operational data to serve another. Financial data is further restricted to authorized finance and executive roles.

Retention

Operational data is retained for the life of the subscription and removed or returned on termination per contract. Security audit logs are retained for compliance windows. Backups follow the retention schedule in our Disaster Recovery program.

Your rights

Depending on your region (including GDPR, UK GDPR, PIPEDA, Australian Privacy Act), you may request access, correction, deletion or portability of your personal data. Contact privacy@velloraforge.com.

These Terms govern access to and use of Convergent360™. By using the platform you agree to them on behalf of your organization.

License & access

We grant your organization a non-exclusive, non-transferable right to use the platform during your subscription term, subject to the plan and seat limits selected.

Customer responsibilities

• Maintain the confidentiality of credentials and enforce MFA where required.
• Use the platform in compliance with the Acceptable Use Policy below.
• Ensure you have rights to any data uploaded into your tenant.

Availability & support

Service levels and support response targets are defined in the Support SLA below. Planned maintenance is communicated through Status Communications.

Liability

The platform is provided on an enterprise commercial basis. Liability is limited as set out in the master subscription agreement governing your account.

We use a minimal set of cookies and local storage required to operate the platform and remember your preferences.

Categories

• Strictly necessary: authentication session and security tokens.
• Functional: language selection and interface preferences stored locally on your device.
• We do not sell personal data and do not use third-party advertising trackers.

To protect all customers, the following activities are prohibited on the platform:

• Attempting to bypass tenant isolation, authentication, authorization or rate controls.
• Uploading unlawful, infringing or malicious content.
• Probing, scanning or load-testing infrastructure without written authorization.
• Reselling or sublicensing access outside the agreed subscription terms.

Enforcement

Violations may result in suspension under the Ownership Center™ controls and, where appropriate, escalation by Forge Sentinel™ and notification to your administrators.

For personal data processed on your behalf, Vellora Forge acts as processor and you as controller. These Data Processing Terms supplement your subscription agreement.

Sub-processors & hosting

The platform runs on managed cloud infrastructure with encryption in transit and at rest. A current list of sub-processors is available on request.

International transfers

Where data is transferred across regions, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) and offer regional data residency discussions for enterprise customers.

Security measures

• Row-level security and per-tenant isolation.
• Real TOTP multi-factor authentication and session assurance levels.
• Device trust registry and tenant-scoped audit logging.
• Continuous Forge Sentinel™ identity and risk monitoring.

Support response targets apply to active subscriptions. Targets vary by plan tier.

Severity targets

• Critical (production down): 1 business hour response, continuous effort until mitigated.
• High (major feature impaired): 4 business hours response.
• Normal (general issue / question): 1 business day response.

Availability target

We target 99.9% monthly availability for the production environment, excluding announced maintenance windows. Status is published through Status Communications.

Security is governed by the Identity Security Center™ and Forge Sentinel™. We welcome responsible disclosure of vulnerabilities.

How to report

Email security@velloraforge.com with details and reproduction steps. Please do not publicly disclose before we have had a reasonable opportunity to remediate.

Our commitment

• Acknowledge valid reports promptly and keep you informed.
• Investigate and remediate confirmed issues on a risk-prioritized basis.
• Not pursue legal action for good-faith research conducted under this policy.

If a security incident affects your data, we follow a defined disclosure process aligned with regulatory breach-notification expectations.

Process

• Detect & triage via Forge Sentinel™ monitoring and audit logs.
• Contain, eradicate and recover affected systems.
• Assess scope and notify affected tenant administrators without undue delay.
• Provide remediation guidance and a post-incident summary.