← Back to Home

Privacy Policy

Last Updated: November 7, 2025

1. Introduction

FortMind Pte. Ltd. ("FortMind," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our autonomous security platform, or interact with our services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you provide directly to us, including:

  • Account Information: Name, email address, company name, job title, and password when you create an account
  • Contact Information: Information you provide when requesting demos, contacting support, or subscribing to newsletters
  • Job Application Data: Resume/CV, cover letter, and other information you submit when applying for positions
  • Payment Information: Billing details and payment card information (processed securely through third-party payment processors)
  • Communications: Information in messages you send to us, including support inquiries and feedback

2.2 Security Data

When you use our platform, we collect and process:

  • Security Event Data: Alerts, logs, and telemetry from your integrated security tools
  • Investigation Data: Analysis results, attack paths, MITRE ATT&CK mappings, and remediation recommendations
  • Integration Metadata: Configuration details for connected security tools and infrastructure

Note: We process this data solely to provide our Services. We implement strict security controls and data segregation to protect your sensitive security information.

2.3 Automatically Collected Information

We automatically collect certain information when you use our Services:

  • Usage Data: Pages viewed, features used, time spent, click patterns, and interaction data
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, API calls, and performance metrics
  • Cookies and Tracking: See our Cookie Policy for details

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide Services: Deliver, maintain, and improve our autonomous security platform
  • Security Operations: Analyze threats, investigate alerts, generate attack paths, and provide remediation guidance
  • Account Management: Create and manage your account, process payments, and provide customer support
  • Communications: Send service updates, security alerts, marketing communications (with your consent), and respond to inquiries
  • Analytics: Understand usage patterns, optimize performance, and develop new features
  • Legal Compliance: Comply with legal obligations, enforce our terms, and protect our rights
  • AI Model Training: Improve our AI/ML models (using aggregated, anonymized data only)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud infrastructure providers (hosting, storage, compute)
  • Payment processors
  • Email and communication platforms
  • Analytics and monitoring services
  • Customer support tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If FortMind is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Subpoenas, court orders, or legal processes
  • Requests from government authorities
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud, security, or technical issues

4.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

5. Data Security

We implement robust security measures to protect your information, including:

  • Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Authentication: Multi-factor authentication (MFA) for all user accounts
  • Network Security: Firewalls, intrusion detection, and network segmentation
  • Monitoring: 24/7 security monitoring and incident response capabilities
  • Compliance: SOC 2 Type II certified security practices
  • Data Segregation: Customer data isolated in dedicated environments

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet.

For more details, see our Security & Trust page.

6. Data Retention

We retain your information for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements.

  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Security Data: Retained according to your configured retention policies (typically 30-90 days)
  • Logs and Analytics: Aggregated data retained for up to 2 years
  • Legal Records: Information required for compliance retained for applicable statutory periods

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 General Rights

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Request limitations on how we process your data

7.2 GDPR Rights (EU/EEA Users)

If you are in the EU or EEA, you have additional rights under GDPR:

  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

7.3 CCPA Rights (California Users)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if information is sold or disclosed
  • Right to opt-out of sale (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise your rights, contact us at privacy@fortmind.ai

8. International Data Transfers

FortMind is based in Singapore. Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • Privacy Shield certification (where applicable)
  • Regional data residency options for enterprise customers

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@fortmind.ai.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or integrations. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

Our platform integrates with numerous security tools (AWS, CrowdStrike, SentinelOne, etc.). Data sharing with these integrations is controlled by you and subject to their respective privacy policies.

11. AI and Machine Learning

FortMind uses AI and machine learning to power our autonomous security platform. Here's how we handle AI-related data processing:

  • Model Training: We use aggregated, anonymized security data to improve our AI models
  • Customer Data Isolation: Your security data is never used to train models for other customers
  • AI Decision Transparency: Our platform provides explainable AI outputs with MITRE ATT&CK mappings and evidence chains
  • Human Oversight: Critical decisions include human review capabilities

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending email notifications to registered users
  • Displaying prominent notices on our website or platform

Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

FortMind Pte. Ltd.

Email: privacy@fortmind.ai

Address: [Company Address - Singapore]

Data Protection Officer: dpo@fortmind.ai

Related Policies: