Security & Compliance

Security Compliance Overview

This Security & Compliance page explains how Forge Digital Marketing Group (“Forge,” “we,” “our,” or “us”) approaches secure execution, responsible data handling, website safeguards, vendor readiness, privacy-conscious operations, and compliance-minded business practices.

Forge Digital Marketing Group is a digital marketing agency serving B2B and enterprise clients. Our website is intended to provide information about our company, services, resources, policies, and contact options. This website is not designed for e-commerce transactions and does not process payments through the site.

Security and compliance support the Forge Standard: Strategy First, Measurable Growth, Transparent Reporting, Systems Over Guesswork, Secure Execution, and Relentless Refinement.

1. The Forge Standard for Secure Execution

Forge believes secure execution is part of professional execution. Because B2B and enterprise clients may evaluate vendors based on privacy, security, process, data handling, and operational maturity, Forge aims to build trust into its digital presence from the beginning.

Our approach is designed to support responsible handling of business contact information, website enquiries, CRM records, analytics activity, downloadable resource requests, newsletter engagement, and marketing attribution data.

Security is treated as an operational discipline, not just a technical feature. As Forge scales, these practices are intended to help both clients and Forge operate with more clarity, accountability, and trust.

2. Data Handling and Data Minimization

Forge aims to collect only the information reasonably needed to respond to business enquiries, provide requested resources, manage newsletter subscriptions, prepare proposals, communicate with prospective clients, and improve website performance.

Information submitted through the website may include:

• Name
• Business name or company name
• Business email address
• Phone number
• Website URL
• Job title or role
• Service interest
• Message or enquiry details
• Resource download or newsletter preferences

Forge does not intentionally request Social Security numbers, payment card details, bank account numbers, health information, government identification numbers, biometric data, precise geolocation, or other sensitive personal information through the website.

3. Website Safeguards

Forge may use reasonable administrative, technical, and organizational safeguards to support website security and responsible information handling.

Safeguards may include:

• SSL/HTTPS website protection where available
• Secure website hosting
• Limited data collection through forms
• Spam prevention and abuse prevention tools
• Access controls for administrative systems
• Routine software, theme, plugin, or platform review where appropriate
• Privacy-conscious tool selection
• Vendor review where appropriate
• Data minimization and reasonable retention practices
• Monitoring for suspicious or unauthorized activity where supported

No website, system, vendor platform, or method of electronic transmission is completely secure. While Forge aims to use reasonable safeguards, we cannot guarantee absolute security.

4. Access Controls and Internal Practices

Forge aims to limit access to website submissions, CRM records, marketing automation systems, analytics tools, email platforms, advertising accounts, and administrative accounts to authorized users or service providers with a legitimate business need.

Internal security practices may include:

• Role-based access where available
• Strong password expectations
• Multi-factor authentication where available and practical
• Limiting access to sensitive dashboards and systems
• Removing access when no longer needed
• Keeping business systems organized and accountable
• Using approved communication and storage channels where practical
• Restricting access to client, prospect, and vendor data based on operational need

5. Vendors and Third-Party Tools

Forge may use trusted third-party tools and service providers to operate the website, manage forms, host content, process enquiries, send email communications, maintain analytics, support advertising, manage CRM records, and protect website functionality.

These tools may include, depending on Forge’s active technology stack:

• Website hosting providers
• WordPress, Divi, plugins, and website maintenance tools
• CRM and lead management systems
• Email marketing and newsletter platforms
• Marketing automation systems
• Google Analytics or similar analytics tools
• Google Ads, Meta, LinkedIn, or similar advertising platforms
• Security, firewall, spam prevention, and performance tools
• Reporting and dashboard tools
• Form and downloadable resource tools

Forge expects third-party providers to process information according to their own terms, privacy policies, security commitments, and applicable laws. Forge may review vendors for business fit, security relevance, access needs, and privacy implications where appropriate.

6. Analytics, CRM, Advertising Pixels, and Marketing Data

Forge may use analytics tools, CRM systems, marketing automation platforms, advertising pixels, conversion tags, retargeting tools, and similar technologies to understand website activity, measure campaign performance, manage business enquiries, and improve communication.

These tools may collect or process technical and business-related data such as IP address, device type, browser type, referral source, page views, form submissions, resource downloads, campaign attribution, email engagement, and conversion events.

Forge aims to use these systems responsibly, with a focus on measurable growth, transparent reporting, secure execution, and privacy-conscious data handling.

7. Incident Readiness and Response

Forge aims to maintain practical awareness of security risks involving website access, form submissions, CRM records, email platforms, analytics tools, advertising platforms, and third-party service providers.

In the event of a suspected security issue, Forge may take steps such as investigating the issue, limiting access, reviewing impacted systems, contacting service providers, preserving relevant records, notifying affected parties where appropriate, and taking corrective action.

Incident response needs may vary depending on the nature of the issue, the information involved, the systems affected, applicable legal requirements, and the availability of third-party support.

8. Massachusetts Law and Data Security Notice

Forge is based in Massachusetts and recognizes the importance of protecting information associated with Massachusetts residents, businesses, clients, vendors, employees, contractors, and website visitors.

Massachusetts 201 CMR 17.00 requires applicable persons or businesses that own or license personal information about Massachusetts residents to develop, implement, and maintain a written information security program. That program must include administrative, technical, and physical safeguards appropriate to the size, scope, resources, stored data, and security needs of the business.

Forge’s website is designed to collect limited business contact information, not sensitive financial, health, government identification, or payment information. Forge uses reasonable safeguards to support privacy and data security, including limited data collection, SSL/HTTPS where available, secure hosting, access controls, spam prevention, privacy-conscious tool selection, reasonable vendor review, and data minimization practices.

If sensitive personal information is accidentally submitted through the website, Forge may delete it, restrict access to it, or take other reasonable steps to protect it.

You can review the applicable Massachusetts data security standards here: Massachusetts 201 CMR 17.00 data security regulations .

9. U.S. Federal Security and Privacy Practices

Forge aims to follow responsible business practices for data handling, website security, privacy-conscious operations, vendor management, and incident readiness.

Our approach is informed by recognized federal business guidance around understanding what information is collected, limiting unnecessary collection, protecting retained information, properly disposing of information when it is no longer needed, and planning for potential security incidents.

Forge does not provide financial, healthcare, insurance, employment screening, credit reporting, legal, tax, or payment processing services through this website. If Forge later adds services, tools, portals, or processing activities that create additional obligations, this page and related policies may be updated.

Businesses can review general federal data protection guidance here: FTC Protecting Personal Information: A Guide for Business .

10. U.S. State Privacy and Security Laws

Depending on where users, clients, prospects, vendors, or business contacts are located, additional U.S. state privacy or data security laws may apply. These laws may vary based on business size, revenue, data volume, type of information collected, whether information is sold or shared, and whether targeted advertising tools are used.

Where applicable, users may have rights such as access, correction, deletion, opt-out of sale or sharing, opt-out of targeted advertising, limitation of certain sensitive information uses, or the right not to be discriminated against for exercising privacy rights.

Forge does not sell personal information for money. However, some laws define “sharing,” “targeted advertising,” or “cross-context behavioral advertising” broadly. Advertising pixels, retargeting tools, analytics tools, or third-party advertising platforms may be considered sharing or targeted advertising in some jurisdictions, even when no money is exchanged.

If Forge becomes subject to additional state privacy or security requirements, Forge may provide required notices, controls, request processes, cookie preference tools, or opt-out mechanisms where legally required.

11. Worldwide Privacy and Security Considerations

Forge is based in the United States. If you access the website from outside the United States, information submitted through forms, cookies, analytics tools, CRM systems, email systems, advertising tools, or marketing technologies may be transferred to, stored in, or processed in the United States or by service providers located in the United States or other jurisdictions.

International privacy and security laws may vary by country, region, business type, data type, user location, and the nature of processing. This may include laws or frameworks in the European Economic Area, United Kingdom, Switzerland, Canada, and other jurisdictions.

Where applicable, Forge may rely on consent, legitimate business interests, contractual necessity, security necessity, compliance with legal obligations, or other lawful bases for processing depending on the data type, user location, and applicable law.

International users may have rights related to access, correction, deletion, restriction, objection, withdrawal of consent, data portability, or complaint submission to a data protection authority where applicable.

If Forge later expands services, audiences, resources, tools, or technology systems for international users, this page and related policies may be updated to reflect those practices.

12. Security Framework Awareness

Forge may use recognized security principles and industry-informed practices to guide website, vendor, data handling, and operational decisions as the company grows.

The NIST Cybersecurity Framework is a recognized framework that helps organizations communicate and manage cybersecurity risk. Forge’s current website-facing security practices are not a certification or formal audit against NIST, SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, or any other framework unless separately stated in writing.

You can review the NIST Cybersecurity Framework here: NIST Cybersecurity Framework .

13. Retention and Disposal

Forge aims to retain business contact information, form submissions, CRM records, analytics data, advertising attribution, and marketing information only as long as reasonably necessary for business, legal, operational, security, reporting, or communication purposes.

Information may be deleted, anonymized, archived, or securely retained depending on the nature of the information, applicable obligations, technology systems, vendor capabilities, and business needs.

14. Important Limitations

This page is intended to describe Forge’s general security and compliance approach for website visitors, prospective clients, vendors, and business contacts. It is not a security audit, legal certification, compliance certification, or guarantee that all risks have been eliminated.

Forge does not claim formal certification under SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, or other specialized frameworks unless expressly stated in a separate written agreement or verified certification document.

Security is an ongoing process. Forge may update safeguards, tools, vendors, policies, and procedures as the company grows and as business needs evolve.

15. Related Legal and Trust Pages

Forge provides additional legal, privacy, cookie, and accessibility information through the following website pages:

16. Updates to This Security & Compliance Page

Forge may update this Security & Compliance page from time to time to reflect changes in our website, services, legal obligations, technology, analytics tools, CRM systems, advertising tools, vendors, security practices, or business operations.

When updates are made, the “Last Updated” date at the top of this page will be revised. Continued use of the website after updates are posted means you accept the updated page.

17. Contact Us

If you have questions about this Security & Compliance page, website safeguards, privacy, or data handling, contact us at: