Privacy Policy

Forge Technologies Pty Ltd (ABN pending) ("Forge", "we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, hold, use, disclose, and otherwise manage your personal information when you visit our website (forgetechnologies.com.au), use our wearable products (Forge Genesis smartwatch and Forge Core smart ring), or interact with the Forge One companion application ("App").

We are bound by the Australian Privacy Principles ("APPs") contained in the Privacy Act 1988 (Cth) ("Privacy Act") and applicable state and territory privacy legislation, including the Health Records Act 2001 (Vic). Where our products collect health-related data, that information is treated as "sensitive information" under the Privacy Act and is subject to heightened protections as outlined in this policy.

By using our website, products, or App, you acknowledge that you have read and understood this Privacy Policy. Where we collect sensitive information (including health information), we will obtain your explicit consent before doing so.

"Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not, as defined in section 6 of the Privacy Act.

"Sensitive Information" means personal information about an individual's health (including predictive health information), genetics, biometrics, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal record, as defined in section 6 of the Privacy Act. Health data collected by Forge devices falls within this category.

"Health Information" means information or an opinion about the health, including illness, disability, or injury, of an individual; an individual's expressed wishes about the future provision of health services; or a health service provided to an individual. Data collected by Forge devices, including heart rate, heart rate variability (HRV), blood oxygen saturation (SpO₂), skin temperature, sleep patterns, and activity metrics, constitutes health information.

We collect different categories of information depending on how you interact with Forge. The types of information we may collect include the following.

Account and Contact Information. When you create an account, place an order, or contact us, we may collect your full name, email address, postal and shipping address, telephone number, and account credentials. This information is necessary to fulfil orders, provide customer support, and manage your account.

Health and Biometric Data (Sensitive Information). The Forge Genesis smartwatch and Forge Core smart ring are equipped with sensors that collect health metrics including, but not limited to: heart rate and heart rate variability (HRV), blood oxygen saturation (SpO₂), skin temperature, sleep duration and sleep stage analysis, step count and activity data, calories burned, and GPS-based location data during exercise sessions. This data is classified as sensitive information under the Privacy Act and is collected only with your explicit, informed consent. Health data is initially stored locally on your device and is synced to the Forge One App and our servers only when you actively enable synchronisation.

Payment Information. When you make a purchase, payment processing is handled securely by our third-party payment processor, Stripe. We do not collect, store, or have access to your full credit card number, CVV, or card expiration date. Stripe may share limited transaction details with us (such as the last four digits of your card, transaction amount, and billing address) for order fulfilment and fraud prevention purposes.

Device and Technical Information. We may collect information about the device you use to access our website or App, including device type, operating system, unique device identifiers, Bluetooth connection data, firmware version, browser type and version, IP address, and general location information derived from your IP address.

Usage and Analytics Data. We collect non-identifiable or de-identified information about how you interact with our website and App, including pages visited, features used, session duration, referring URLs, and click patterns. This data is used to improve our products and services.

Communications. If you contact us via email, social media, or our website contact form, we may retain the content of your communications, your contact details, and our responses for quality assurance and record-keeping purposes.

We collect personal information directly from you when you create an account, place an order, subscribe to our newsletter, contact our support team, participate in surveys or promotions, or pair and use a Forge device with the Forge One App. In accordance with APP 3, we collect personal information directly from you wherever it is reasonable and practicable to do so.

We may also collect information from third parties in limited circumstances, including from Stripe (payment confirmation and fraud screening data), analytics providers (aggregated website usage data), and social media platforms (if you interact with our social media accounts or use social login features). Where we collect personal information from a third party, we will take reasonable steps to ensure you are aware of the collection and the purposes for which it is used.

Given that the Forge Genesis and Forge Core collect health information classified as sensitive information under the Privacy Act, we obtain your explicit, informed consent before collecting, using, or disclosing this data. Consent is obtained through the following mechanisms.

Initial Device Setup. When you first pair your Forge device with the Forge One App, you will be presented with a clear consent screen that explains what health data will be collected, how it will be used, where it will be stored, and who may have access to it. You must actively opt in before data collection begins.

Granular Consent Controls. Within the Forge One App, you can control which types of health data are collected and synced. You may enable or disable individual data categories (such as heart rate monitoring, sleep tracking, or GPS tracking) at any time through the App's privacy settings.

Withdrawal of Consent. You may withdraw your consent to the collection of health data at any time by adjusting your settings in the Forge One App or by contacting us directly. Withdrawal of consent will not affect the lawfulness of any processing carried out before withdrawal. Please note that withdrawing consent for certain data types may limit the functionality of your Forge device.

In accordance with APP 6, we only use or disclose your personal information for the primary purpose for which it was collected, or for a secondary purpose that is directly related to the primary purpose and that you would reasonably expect. The primary purposes for which we collect and use your information are as follows.

Order Fulfilment and Customer Service. To process and fulfil your orders, arrange shipping and delivery, send order confirmations and shipping notifications, process returns and refunds, and respond to your enquiries and support requests.

Health Monitoring and Product Functionality. To provide the core functionality of Forge devices, including displaying health metrics, generating health insights and trends, providing sleep analysis, and enabling activity tracking through the Forge One App.

Product Improvement and Research. To analyse aggregated, de-identified health and usage data to improve our products, develop new features, and enhance the accuracy of our health monitoring algorithms. Individual health data is never used for product improvement without being first de-identified.

Communications and Marketing. To send you important product updates, firmware updates, safety notices, and warranty information. With your separate, opt-in consent, we may also send you promotional communications about new products, offers, and events. You may opt out of marketing communications at any time. Marketing and welcome communications are sent from [email protected].

Legal Compliance and Safety. To comply with applicable laws, regulations, and legal processes; to protect the rights, property, or safety of Forge, our users, or the public; and to detect, prevent, or address fraud, security issues, or technical problems.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may disclose your personal information to the following categories of recipients, solely for the purposes described in this policy.

Payment Processors. Stripe processes all payment transactions on our behalf. Stripe's handling of your payment information is governed by its own privacy policy, available at stripe.com/privacy.

Shipping and Logistics Partners. We share your name, shipping address, and contact details with Australia Post or other courier services as necessary to deliver your orders.

Cloud Infrastructure and Hosting Providers. Our website and App data are hosted on servers located in Australia. We use Australian-based cloud infrastructure to store your data, ensuring compliance with Australian data sovereignty requirements.

Analytics Providers. We may use third-party analytics services to help us understand website and App usage. These services collect de-identified or aggregated data and do not have access to your health information.

Professional Advisors. We may disclose personal information to our legal, accounting, or insurance advisors in connection with the operation of our business.

Law Enforcement and Regulatory Bodies. We may disclose personal information where required or authorised by law, including in response to a court order, subpoena, or request from a law enforcement agency or regulatory authority.

All third-party service providers with whom we share personal information are contractually required to protect your information, use it only for the purposes we specify, and comply with applicable privacy laws.

Forge Technologies is proudly Australian owned and operated. We are committed to keeping your data on Australian soil. Your personal information and health data are stored on servers located within Australia, subject to Australian law and the jurisdiction of Australian courts.

We do not routinely transfer personal information overseas. In the event that a cross-border disclosure becomes necessary (for example, if a third-party service provider operates servers outside Australia), we will comply with APP 8 by taking reasonable steps to ensure that the overseas recipient handles your personal information in accordance with the APPs. We will not transfer your health information overseas without your explicit consent.

Our commitment to Australian data sovereignty means that your health data is not subject to foreign government access requests or surveillance programmes that may apply in other jurisdictions.

In accordance with APP 11, we take reasonable steps to protect your personal information from misuse, interference, loss, and from unauthorised access, modification, or disclosure. Our security measures include the following.

Encryption. All data transmitted between your Forge device, the Forge One App, and our servers is encrypted using industry-standard TLS (Transport Layer Security) encryption. Health data stored on our servers is encrypted at rest using AES-256 encryption.

Access Controls. Access to personal information is restricted to authorised personnel who require access to perform their duties. We implement role-based access controls and multi-factor authentication for administrative access to our systems.

Secure Payment Processing. All payment transactions are processed through Stripe, which is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

Regular Security Reviews. We conduct regular reviews of our security practices and update our measures as necessary to address emerging threats and vulnerabilities.

While we implement robust security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with our obligations under the Notifiable Data Breaches scheme.

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are as follows.

Account Information. Retained for the duration of your account and for a period of two (2) years after account closure, unless a longer retention period is required by law (for example, for tax or accounting purposes).

Health Data. Retained for as long as your account is active and you have consented to its storage. You may request deletion of your health data at any time through the Forge One App or by contacting us. Upon receiving a valid deletion request, we will delete or de-identify your health data within thirty (30) days, except where retention is required by law.

Transaction Records. Retained for a minimum of seven (7) years in accordance with Australian taxation and corporate record-keeping requirements.

Communications. Customer support communications are retained for two (2) years from the date of the last interaction.

When personal information is no longer required, we will take reasonable steps to destroy or permanently de-identify it in accordance with APP 11.2.

Under the Privacy Act and the APPs, you have the following rights in relation to your personal information.

Right of Access (APP 12). You have the right to request access to the personal information we hold about you. We will respond to your request within thirty (30) days. In most cases, we will provide access free of charge, although we may charge a reasonable fee for administrative costs associated with providing access in certain circumstances. We may refuse access in limited circumstances permitted by the Privacy Act, and if we do, we will provide you with written reasons for the refusal.

Right of Correction (APP 13). You have the right to request that we correct any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to correction requests within thirty (30) days.

Right to Withdraw Consent. Where we rely on your consent to collect, use, or disclose your personal information (including health information), you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal.

Right to Opt Out of Marketing. You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email, by adjusting your communication preferences in the Forge One App, or by contacting us directly.

Right to Request Deletion. You may request that we delete your personal information, including health data. We will comply with your request unless we are required to retain the information by law or for a legitimate business purpose (such as resolving disputes or enforcing our agreements).

Right to Anonymity (APP 2). Where it is lawful and practicable, you have the option of interacting with us without identifying yourself or by using a pseudonym. However, certain services (such as placing an order or using health tracking features) require us to collect your identity information.

To exercise any of these rights, please contact us using the details provided in Section 15 of this policy.

We comply with the Notifiable Data Breaches ("NDB") scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach (that is, a data breach that is likely to result in serious harm to any individual whose personal information is involved), we will take the following steps.

Containment and Assessment. We will promptly contain the breach, assess the nature and extent of the information involved, and determine whether the breach is likely to result in serious harm.

Notification. If we determine that an eligible data breach has occurred, we will notify the Office of the Australian Information Commissioner ("OAIC") and all affected individuals as soon as practicable. Our notification will include a description of the breach, the types of information involved, and recommended steps that affected individuals should take.

Remediation. We will take all reasonable steps to remediate the breach and prevent future occurrences, including reviewing and strengthening our security measures where necessary.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and to collect usage data that helps us improve our services.

Essential Cookies. These cookies are necessary for the website to function properly and cannot be switched off. They include cookies that enable core functionality such as security, session management, and accessibility.

Analytics Cookies. With your consent, we may use analytics cookies to collect information about how visitors use our website, including which pages are visited most frequently, how long visitors spend on each page, and how visitors navigate between pages. This data is collected in aggregate form and does not identify individual visitors.

Marketing Cookies. With your consent, we may use marketing cookies to deliver relevant advertisements and to measure the effectiveness of our advertising campaigns. These cookies may be set by third-party advertising partners.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling certain cookies may affect the functionality of our website.

Our products and services are not directed at children under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental or guardian consent, we will take steps to delete that information as soon as practicable. If you believe we may have collected information from a child under 16, please contact us immediately using the details provided in Section 15.

If you have any questions about this Privacy Policy, wish to exercise your rights, or would like to make a complaint about how we have handled your personal information, please contact us.

Forge Technologies Pty Ltd
Privacy Officer
Keysborough, Victoria 3173, Australia
Privacy enquiries: [email protected]
General support: [email protected]
Marketing & communications: [email protected]
Website: forgetechnologies.com.au

We will acknowledge receipt of your complaint within five (5) business days and will endeavour to resolve it within thirty (30) days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: oaic.gov.au
Online complaint form: oaic.gov.au/privacy/privacy-complaints

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last updated" date. For significant changes that affect how we handle your health information, we will provide prominent notice through the Forge One App and, where practicable, seek your renewed consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

This Privacy Policy is governed by the laws of the State of Victoria and the Commonwealth of Australia. You agree to submit to the non-exclusive jurisdiction of the courts of Victoria and any courts which may hear appeals from those courts in respect of any proceedings in connection with this Privacy Policy.