CoreForge Data
Get started
Legal

Privacy Policy

Effective June 19, 2026. This policy describes our current practices and is intended as a clear, plain-language summary — it is not a substitute for the DPA or master agreement.

Who we are

CoreForge Data, Inc. ("CoreForge", "we") provides a B2B revenue intelligence platform. This policy describes how we handle personal information in two contexts: (1) customers and visitors who interact with our website, app, and sales process, and (2) business contacts whose professional information appears in our prospect dataset.

Information we collect

Account data (name, work email, role, company); usage data (logs, device, IP, product events); customer content submitted into workspaces; and business-contact data sourced from licensed providers, public records, partner feeds, and first-party submissions with valid consent.

How we use information

To deliver the service, authenticate users, generate explainable audiences and signals, send service notifications, secure the platform, comply with legal obligations, and — where permitted — improve product features. We do not sell personal information and do not use the dataset for credit, housing, employment, insurance, or healthcare eligibility decisions.

Lawful bases (GDPR)

Contractual necessity for customer accounts; legitimate interest for B2B outreach data balanced against rights of data subjects; consent where required (e.g. marketing email in the EU/UK). Data subjects may object at any time via privacy@coreforge.example.

Your rights

Access, correction, deletion, portability, restriction, and objection. EU/UK residents may lodge a complaint with their supervisory authority. California residents have rights under the CCPA/CPRA including the right to know, delete, correct, and limit use of sensitive information (we do not collect sensitive personal information for the prospect dataset).

Retention

Customer workspace data is retained for the contract term plus 30 days unless deletion is requested earlier. Prospect dataset records are refreshed on a licensed cadence and purged when license, consent, or permitted use lapses.

International transfers

We use Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework principles for transfers out of the EEA/UK/Switzerland.

Sharing

With subprocessors that support the service (hosting, observability, email delivery), with customers in their own workspace, and where required by law. A current subprocessor list is available under NDA via the Trust Center.

Children

The service is intended for business users only and not directed to children under 16.

Contact

Privacy questions, data subject requests, and complaints: privacy@coreforge.example. We acknowledge requests within 5 business days and complete them within 30 days where feasible.

Changes

We may update this policy. Material changes will be announced via the product or email at least 30 days before they take effect.

Need our DPA, subprocessor list, or security packet?
Request documents