Legal

Privacy Policy

Last updated: March 7, 2026

Fortnetic is designed for compliance workflow execution. We do not store Controlled Unclassified Information (CUI). We store assessment metadata needed to track readiness, remediation, and reporting progress.

What We Collect

  • Assessment metadata such as controls, responses, scoring, POA&M items, and related workflow status.
  • Account and organization identifiers provided by Firebase Authentication for identity and tenant access control.
  • Billing metadata required by Stripe to manage subscriptions and billing events.

Security and Encryption

  • All data is encrypted in transit using TLS 1.3.
  • Data is encrypted at rest in managed infrastructure.

Third-Party Processors

  • Firebase Authentication for identity and access management. See Firebase Privacy Policy.
  • Stripe for payments and subscription management. See Stripe Privacy Policy.
  • AWS for hosting and infrastructure with SOC 2 and ISO 27001-certified controls.

Data Deletion Requests

You can request deletion of your organization data at any time by contacting support. We process deletion requests for stored compliance metadata and associated user records in line with applicable requirements.

Data Sharing

We do not sell your data. We do not share data with third parties except the service providers listed above, only as necessary to operate authentication, payments, email delivery, and hosting.