Effective date: June 27, 2026
Privacy Policy
1. Overview
FortifyRoot provides observability, safety, and cost analytics for GenAI applications. Customers choose which applications and telemetry to connect. FortifyRoot receives telemetry from customer-instrumented applications when customers configure the SDK or OTLP export.
2. Information We Collect
- Account information: name, email, organization, and authentication metadata.
- Product usage data: pages and actions in the app, configuration changes, and support or contact submissions.
- Telemetry data: traces, logs, metrics, model/provider metadata, token and cost fields, safety findings, retry events, and optional prompt/response content when enabled by the customer.
- Technical data: IP address, browser/device metadata, server logs, and error logs.
3. How We Use Information
- Provide and secure the service.
- Show traces, costs, safety findings, retry waste, provider-role attribution, and related analytics.
- Enforce limits, troubleshoot issues, prevent abuse, and support customers.
- Improve the product and communicate about the service.
4. Customer Controls
Customers control SDK configuration, content-capture settings, API keys, config profiles, and safety rules. Safety detection and masking can run in the customer runtime before model calls, depending on configuration. Customers can mask or avoid capturing sensitive content depending on SDK configuration.
5. Retention
FortifyRoot's MVP cloud deployment is operated in a US single-region environment. Data-access retention is tier-enforced; physical purge, backups, queues, logs, and operational stores follow platform-level retention schedules. Customer-facing query and access windows depend on plan tier.
6. Storage and Processing Location
FortifyRoot's MVP cloud deployment is operated in a US single-region environment. We do not promise contractual data residency unless a separate agreement says so.
7. Sharing and Subprocessors
FortifyRoot uses service providers for hosting, authentication, telemetry/storage, analytics, email/support, and security operations. For current subprocessor details, please contact us.
8. Security
We use encryption in transit and at rest where applicable, along with access controls and operational safeguards. We do not make certification claims that are not current and verified.
9. Your Rights and Requests
For privacy requests, deletion requests, or questions, please contact us.
10. Changes
We may update this policy from time to time. The effective date above reflects the latest version.