Your privacy, precisely defined.

We collect only what is strictly necessary to provide our service. This includes contact details you provide when reaching out (name, email address), technical identifiers required for account authentication, and anonymised service-usage metrics that contain no personally identifiable information.

We do not collect, access, or store any data relating to your personal assets, financial information, communications, device contents, or digital behaviour. Our monitoring services are designed so that we never have visibility of the underlying personal data — only signals that indicate exposure.

Our core infrastructure is built on a zero-knowledge model. Monitoring operations are executed using cryptographic techniques that allow us to detect threats without processing, decrypting, or storing the underlying data. This is not a policy commitment — it is an architectural constraint. We are technically incapable of accessing your personal information.

As a data subject under the General Data Protection Regulation (GDPR), you hold the right to access any personal data we hold about you, rectify inaccurate information, request erasure of your data, restrict or object to processing, and receive a portable copy of your data. You also have the right to lodge a complaint with your national supervisory authority.

Contact enquiry data is retained for up to 24 months to enable follow-up communications, after which it is securely deleted. Account authentication data is retained for the duration of the client relationship and deleted within 30 days of account closure. Anonymised service metrics are retained indefinitely as they contain no personal information.

For any privacy-related queries, requests to exercise your rights, or concerns about how we handle your data, please contact our Data Protection Officer directly at privacy@fortiax.com. We respond to all data subject requests within 30 days in accordance with GDPR obligations.