Security
How we protect your data.
Infrastructure
- Hosted on Hetzner dedicated servers
- Data center: Helsinki, Finland (EU)
- Private networking between services
- No shared hosting — dedicated resources
Encryption
- TLS 1.3 for all data in transit
- AES-256 encryption for data at rest
- Database connections encrypted
- All API communication over HTTPS
Authentication
- Passwords hashed with bcrypt (12 rounds)
- JWT tokens with short expiration (15 minutes)
- Refresh token rotation
- Rate limiting on auth endpoints
- Google OAuth 2.0 support
Backups
- Daily automated backups
- Retained for 30 days
- Tested restoration procedures
- Separate backup storage location
Monitoring
- Sentry for error tracking and alerting
- Uptime monitoring with immediate alerts
- Structured logging for audit trails
- Automated health checks every 30 seconds
Compliance
- GDPR-compliant data handling
- India DPDP Act 2023 compliant
- Working toward SOC 2 Type II certification
- Regular security assessments
Responsible disclosure
Found a security vulnerability? We want to know. Please report it responsibly so we can fix it before it affects anyone.
Email security@forgehq.in with details of the vulnerability. We will acknowledge your report within 24 hours and work with you to understand and resolve the issue.
Bug bounty rewards are evaluated on a case-by-case basis. We appreciate responsible disclosure and will credit researchers who help us improve the security of FORGE.