Legal

Privacy Policy

Effective Date: January 01, 2026 · Last Updated: May 18, 2026

This Privacy Policy describes how information is collected, used, and protected when you access the enterprise operational platform technology (the “Platform”) owned and operated by ForgedOps LLC and deployed for the use of MASCI General Contractors Inc. and MASCI Corporation (collectively, “MASCI”) as the MASCI Operations Platform, a customer-branded deployment of the underlying ForgedOps™ platform technology.

1. Roles & Relationship

ForgedOps LLC owns and operates the Platform, including its source code, software, infrastructure, and platform technology.

Customer deployments may be customized and branded for operational use while remaining part of the ForgedOps platform ecosystem.

For data protection purposes:

  • ForgedOps LLC acts as a data processor, storing and processing information solely on behalf of MASCI.
  • MASCI acts as the data controller and determines what data is collected, how it is used, and who has access.

MASCI is solely responsible for:

  • Authorizing users
  • Determining data inputs
  • Managing data use within its operations

ForgedOps LLC and MASCI are independent companies. Neither is a parent, subsidiary, affiliate, partner, or co-owner of the other.

ForgedOps LLC does not own Customer Data and does not use it for any purpose other than providing and maintaining the Platform.

2. Information We Collect

The Platform may process the following categories of information:

Account Information

  • Name, email, and phone number (as provided by MASCI for account access)

Authentication Data

  • Hashed passwords and session tokens
  • Passwords are never stored in plain text

Customer Data

  • Forms, reports, photos, signatures, notes, and other job-related data submitted by users
  • All Customer Data is owned and controlled by MASCI

Operational Logs

  • IP addresses, access timestamps, request logs, and error traces
  • Used strictly for system security, fraud prevention, and diagnostics
  • Retained for no longer than 90 days unless required for security or legal purposes

3. How Information Is Used

Information is used solely to:

  • Operate and deliver the Platform
  • Route reports, alerts, and notifications to appropriate MASCI personnel
  • Send operational notifications, workflow alerts, safety notices, maintenance alerts, account notifications, and related system communications via PWA / mobile push, email, or SMS where applicable
  • Maintain commercially reasonable backup, redundancy, and disaster-recovery processes (see Section 5) necessary to support Platform functionality and continuity
  • Monitor system performance and resolve technical issues

ForgedOps LLC does NOT:

  • Sell or monetize Customer Data
  • Use Customer Data for advertising
  • Share Customer Data with third parties except as necessary to operate the Platform or comply with legal obligations

4. Subprocessors

ForgedOps LLC uses a limited number of vetted third-party providers (“Subprocessors”) to operate the Platform. The current Subprocessor list is:

  • MongoDB Atlas — primary database storage and replication.
  • Cloudflare R2 — redundant object storage, photo and signature archival, system backup infrastructure, content delivery, and operational resiliency services.
  • Cloudflare — DNS, edge caching, TLS termination, and DDoS protection for mascidocs.com.
  • Resend — transactional email delivery (operational notifications, password resets, distribution emails, daily report routing).
  • Anthropic Claude — supervised AI text generation for translation, banner localization, and optional AI-assisted drafting features.
  • OpenAI — supervised AI text and image generation where applicable to the Automated Features.
  • Google Gemini — supervised AI text and image generation where applicable to the Automated Features.
  • Cloud infrastructure providers — compute hosting, container orchestration, supervisor services, and related system operations.

Subprocessors process data solely to support Platform functionality and are contractually obligated to protect data. The current Subprocessor list may evolve as the Platform scales; material changes are communicated to MASCI in accordance with the separate services agreement.

5. Security, Backup & Operational Resiliency

The Platform uses industry-standard security measures, including:

  • TLS encryption for data in transit
  • Encrypted storage for data at rest
  • Hashed authentication credentials (bcrypt or stronger)
  • Role-based access controls, scoped per portal (Admin, PM, Shop, HR, Field Leadership)
  • Session-token isolation per portal scope

ForgedOps™ maintains commercially reasonable backup, redundancy, disaster-recovery, and operational-resiliency measures designed to support continuity and system recovery, including:

  • Automated nightly archives of every form, photo, and signature.
  • Redundant cloud object storage on Cloudflare R2 for photos, signatures, and complete-system archives.
  • Periodic recovery testing and integrity checks on archive contents.
  • Diagnostic and alert tooling for backup health (heartbeat email + admin dashboard).

While reasonable safeguards are in place, no system is completely secure and no backup architecture guarantees zero data loss. ForgedOps LLC does not guarantee absolute security, perfect uptime, or any specific recovery time objective (RTO) or recovery point objective (RPO).

Users must:

  • Protect their login credentials
  • Report suspected unauthorized access immediately to MASCI

6. Data Retention

Customer Data is retained according to MASCI’s requirements for compliance and operational recordkeeping.

ForgedOps LLC:

  • Stores data only as long as necessary to provide the Platform
  • Does not retain data beyond normal operational needs unless required by law

MASCI may request:

  • Data export
  • Data deletion

Requests are handled in accordance with MASCI’s agreement with ForgedOps LLC.

7. Data Responsibility & Regulatory Compliance

MASCI is solely responsible for:

  • The accuracy of Customer Data
  • Compliance with applicable laws and regulations — including OSHA, the U.S. Department of Transportation (DOT), the Federal Aviation Administration (FAA), the Federal Motor Carrier Safety Administration (FMCSA), employment law, wage-and-hour law, payroll regulations, and applicable privacy regulations (including GDPR, CCPA, and any state privacy laws)
  • Determining how Customer Data is used within its operations
  • Validating the output of Automated Features (see Section 7B) before relying on it for any operational, regulatory, payroll, safety, or personnel decision

ForgedOps LLC is not responsible for:

  • How MASCI uses Customer Data
  • Any decisions made based on data entered into the Platform
  • Compliance failures resulting from misuse, incorrect data entry, or reliance on Automated Features without human review
  • Demonstrating regulatory compliance on behalf of MASCI — use of the Platform does not by itself ensure compliance with any law or regulation

7A. Notifications & Communications Consent

By using the Platform, users consent to receive operational notifications, workflow alerts, safety notices, maintenance alerts, account-related communications, and security notifications via PWA / mobile push, email, SMS, or in-app messaging.

Notifications may be triggered by workflow events, automated routing rules, scheduled processes, role-based recipient lists, or on-demand actions taken by authorized MASCI personnel.

Users may opt out of non-essential communications but may not opt out of safety, security, or operationally critical notifications without losing access to the affected Platform features.

7B. Automated Processing & AI-Assisted Features

Certain Platform features may utilize automated processing, workflow automation, machine-generated summaries, scheduled background jobs, system-generated recommendations, predictive operational tooling, or AI-assisted drafting (collectively, the “Automated Features”).

Where AI-assisted features are used, the relevant AI subprocessor (Anthropic, OpenAI, or Google) processes only the specific input necessary to generate the requested output (e.g., banner translation, draft text suggestion). AI subprocessors are not granted ongoing access to Customer Data, are not used for model training on MASCI data, and process inputs solely to return the requested output.

Users remain solely responsible for reviewing, validating, approving, and acting on any output produced by an Automated Feature. Automated outputs do not constitute regulatory determinations, legal opinions, engineering certifications, medical advice, or safety clearances.

8. User Rights

If you are an end user of the Platform:

  • Requests for access, correction, or deletion of data must be directed to your MASCI administrator
  • MASCI (as data controller) is responsible for responding to such requests in accordance with applicable laws

ForgedOps LLC will assist MASCI in fulfilling these requests as required.

9. Data Transfers

Data may be processed and stored in the United States or other jurisdictions where the Platform’s infrastructure or subprocessors operate.

By using the Platform, you acknowledge that data may be transferred and processed outside your local jurisdiction.

10. Changes to This Policy

ForgedOps LLC may update this Privacy Policy at any time.

Material changes will be communicated to MASCI and, where appropriate, to users.

Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

11. Contact

For questions regarding Customer Data:
→ Contact your MASCI administrator

For questions regarding the Platform:
→ Contact ForgedOps LLC

See also our Terms of Service.