top of page

Security Policy

Effective: April 18, 2025 (last updated 04/18/2025)

At Agent Forge Labs, we take the security of your data seriously. We are committed to maintaining a secure environment for all users, partners, and visitors by implementing industry-standard protocols, technologies, and practices.

1. Overview

This Security Policy outlines the technical and organizational measures we take to protect the integrity, confidentiality, and availability of our systems, services, and your data.

2. Data Encryption

  • In Transit: All data transmitted between our servers and your browser is encrypted using TLS 1.2 or higher.

  • At Rest: Sensitive data is stored in encrypted form using industry-standard AES-256 encryption.

3. Authentication & Access Control

  • User Authentication: We implement secure authentication mechanisms, including hashed and salted passwords using bcrypt or equivalent methods.

  • Role-Based Access: Access to sensitive information is limited to authorized personnel based on role and business need.

  • Session Management: Inactive sessions are automatically timed out, and session tokens are invalidated on logout.

4. Infrastructure Security

  • Our platform is hosted on secure, industry-leading cloud infrastructure providers with the following protections:

    • Firewalls and intrusion detection systems.

    • Continuous infrastructure monitoring.

    • Regular patching and security updates.

5. Application Security

  • We conduct regular code reviews and follow OWASP Top 10 guidelines for secure development.

  • Frequent vulnerability scans and pen-testing are performed to detect and fix security flaws.

6. Data Backup & Recovery

  • Data is backed up regularly and stored in geographically distributed, secure locations.

  • We maintain a disaster recovery plan to restore critical systems and data in the event of a major incident.

7. Monitoring & Incident Response

  • All systems are continuously monitored for suspicious activity.

  • We have a documented incident response plan in place. If a breach is detected, affected users will be notified within the timeframe required by applicable laws.

8. Third-Party Services

  • All third-party providers (e.g., payment processors, analytics tools) are vetted for security compliance (e.g., SOC 2, ISO 27001, or equivalent).

  • We use Data Processing Agreements (DPAs) where required to ensure data is handled securely by vendors.

9. User Responsibilities

While we take strong measures to protect your data, users also play a role in security:

​

  • Use strong, unique passwords.

  • Keep login credentials confidential.

  • Report suspicious activity immediately to info@kraftforgelabs.com.

10. Policy Updates

This policy may be updated periodically to reflect changes in our practices or legal obligations. Any changes will be posted to this page and effective upon update.

11. Contact

If you have any questions or concerns regarding our Security Policy or data protection practices, please contact:

​

📧 info@kraftforgelabs.com

bottom of page