Privacy Policy
Last updated: April 13, 2026
1. Introduction
Forenta B.V. ("we", "us", "our") operates the Forenta platform at forenta.tech. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, create an account, or use our services. We process data in accordance with the EU General Data Protection Regulation (GDPR) and the Dutch Implementation Act (UAVG). Our legal basis for processing is contract performance (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f) GDPR), and — where applicable — your explicit consent (Art. 6(1)(a) GDPR).
2. Information We Collect
Account data: name, email address, hashed password, and authentication tokens. Profile data: display name, headline, bio, location, timezone, skills, proficiency levels, work samples, availability status, and collaboration intent. You choose what to share — all profile fields beyond email are optional. Payment data: subscription plan, payment method (processed and stored by Stripe; we never see full card numbers). Usage data: pages visited, features used, IP address, device and browser type, collected via first-party analytics. Communication data: workspace messages, support tickets, and feedback you submit through the platform. Verification data: if you opt into identity verification, we may collect government-issued ID details via our verification partner.
3. How We Use Your Information
We use your data to: (a) operate your account and deliver platform features including matching, workspaces, and messaging; (b) run our AI-powered Forge Idea Engine and matching algorithm — your idea descriptions are processed in real-time and are not stored after the session ends; (c) calculate your Signal Score based on project outcomes, reviews, and platform activity; (d) process subscription payments and manage credit balances; (e) send transactional emails (account confirmations, password resets, trial reminders) and — only with consent — marketing communications; (f) detect and prevent fraud, abuse, and policy violations; (g) improve our services through aggregated, anonymized analytics.
4. How We Share Your Information
With other users: your public profile (name, headline, skills, availability, Signal Score) is visible to other users on the Discover and Builders pages. You control your visibility via Settings → Privacy → 'Discoverable via search'. Setting your profile to private removes it from all public listings. With service providers: Stripe (payments, PCI-DSS Level 1 compliant), Supabase (database hosting, EU region), Netlify (hosting), and fal.ai (AI avatar generation). Each processor is bound by a Data Processing Agreement. With authorities: only when required by Dutch or EU law, court order, or to protect the safety of our users. We never sell your personal data to third parties or use it for third-party advertising.
5. Profile Visibility & Discoverability
You are in full control of who can see your profile. In Settings → Privacy you can toggle 'Discoverable via search' on or off. When enabled, your profile appears on the public Builders page and in AI-powered match results. When disabled, your profile is hidden from all search results and public listings — only users you have directly connected with in a workspace can see your information. You can also set your profile visibility to 'Public', 'Members only', or 'Private' in your profile editor. Additional controls include toggling online status visibility, direct message permissions, and location display.
6. Your Rights (GDPR)
Under the GDPR you have the right to: access a copy of all personal data we hold about you; rectify inaccurate or incomplete data; erase your data ('right to be forgotten') — we will delete your account and associated data within 30 days, except where retention is legally required; restrict or object to processing; data portability — receive your data in a structured, machine-readable format; withdraw consent at any time without affecting prior processing; lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). Submit requests to privacy@forenta.tech. We respond within 30 days.
7. Cookies & Tracking
We use strictly necessary cookies for authentication and session management (no consent required). We use first-party performance cookies for anonymous usage analytics (legitimate interest). We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking. You can manage cookie preferences via your browser settings.
8. Data Retention
Active accounts: data is retained for the duration of your account. After account deletion: profile data is deleted within 30 days. Financial records are retained for 7 years (Dutch fiscal law). Anonymized usage analytics are retained indefinitely. Workspace messages in active workspaces are retained until the workspace is archived. You can request a full data export at any time via Settings.
9. Security Measures
We use reasonable technical and organisational measures to protect personal data. These measures may include authentication controls, role-based access controls, encryption in transit, provider-level protections and logging designed to support security and platform integrity. Payment processing is handled entirely by Stripe (PCI-DSS Level 1). No system can guarantee absolute security.
10. Contact
For privacy-related questions: privacy@forenta.tech. Forenta B.V., Rotterdam, The Netherlands. For urgent data breaches: security@forenta.tech.