Skip to main content
ForGrit
Sign InGet Started

Security & Data Protection

Last updated: February 2026

Data EncryptionAccess ControlCode PrivacyInfrastructureCompliance Roadmap

Security is built into every stage of the ForGrit pipeline. This page details how we protect your data, your code, and your account.

1. Data Encryption

All data is encrypted both in transit and at rest:

  • In transit: All connections use TLS 1.3 encryption. HSTS is enforced across all endpoints. API traffic, authentication flows, and code generation requests are all encrypted end-to-end.
  • At rest: Stored data (account information, generated projects, session data) is encrypted using AES-256 encryption on our database and storage infrastructure.
  • Passwords: User passwords are hashed using bcrypt with per-user salts. Plain-text passwords are never stored or logged.

2. Access Control

We implement strict access controls at every level:

  • Role-based access: Users can only access their own projects and data. Admin functions are restricted to authorized personnel with MFA enabled.
  • Session management: JWT-based authentication with automatic token expiration. Sessions can be revoked at any time by signing out.
  • Project isolation:Each user's projects are isolated at the database level. There is no cross-tenant data access.
  • API security: All API endpoints require authentication. Rate limiting is enforced to prevent abuse. CORS is configured to allow only authorized origins.

3. Code Privacy

Your code privacy is a foundational principle, not an afterthought:

  • No model training: Your code, prompts, and project data are never used to train or fine-tune AI models. This is a permanent commitment.
  • Private by default: All generated projects are private to your account. No one else can view, access, or discover your projects.
  • No code sharing: We do not share, sell, or expose your generated code to any third party, including our AI providers.
  • Full ownership: You own 100% of the code generated through ForGrit. No license restrictions, no attribution requirements, no lock-in.

This aligns with our Privacy Policy and the trust line on our sign-in page: "Your code stays private. Always."

4. Infrastructure

Our infrastructure is designed for reliability and security:

  • Cloud hosting: Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA, automatic failover, and geographic redundancy.
  • Backup strategy: Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate geographic region.
  • Monitoring: 24/7 infrastructure monitoring with automated alerting for anomalies, performance degradation, and potential security events.
  • Dependency management: Automated security scanning of dependencies with immediate patching for critical vulnerabilities.

5. Compliance Roadmap

We are actively working toward formal security certifications:

  • SOC 2 Type II: Planned. We are implementing the controls and processes required for SOC 2 certification, with an audit planned as we scale.
  • GDPR: We follow GDPR principles for data handling, user rights, and data minimization. Our Privacy Policy details your rights.
  • Penetration testing: Planned regular third-party penetration testing as the platform grows.

Important:We do not overstate our compliance status. The certifications above are planned, not yet achieved. We believe in transparency about where we are today and where we're headed.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@forgrit.com. We take all reports seriously and will respond within 48 hours.