Privacy Policy

1. Information We Collect

When you use Fortify we collect the following categories of information:

Discord profile data. Authentication is handled via Discord OAuth. When you connect your Discord account we receive your Discord user ID, username, avatar, and the email address associated with your Discord account.

Account & subscription data. We store your subscription tier, billing status, credit balance, and account preferences in our database.

Usage data. We collect information about how you use the Service, including features accessed, queries submitted, AI-generated outputs produced, and timestamps of activity. This data is used to improve the Service and enforce fair-use limits.

Payment information. Payments are processed by PayPal. We do not store your full payment card details. We receive transaction confirmations, subscription status updates, and PayPal account identifiers from PayPal.

Connected third-party account data. If you connect external accounts (such as Shopify stores, Stripe accounts, Meta Pages, Google accounts, or TikTok accounts), we store the relevant OAuth tokens and access credentials in encrypted form. We access data from those platforms only as required to perform the automation features you have explicitly enabled.

User-submitted content. This includes any text, URLs, video files, or other materials you upload or submit through the Service, such as media files for the Virality Engine or ICP descriptions for Lead Sourcing.

Log and device data. We may collect server logs including IP addresses, browser type, operating system, and referring URLs for security, debugging, and abuse prevention purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service and its features.
• To authenticate your identity and manage your account.
• To process payments and manage your subscription.
• To perform AI-powered automations and analyses you request (e.g., lead scoring, virality analysis).
• To send you transactional emails such as subscription confirmations, payment receipts, and critical service notifications.
• To enforce our Terms of Service and Acceptable Use policy.
• To comply with applicable legal obligations.
• To detect and prevent fraud, abuse, and security incidents.
• To analyse aggregate usage trends (using anonymised or pseudonymised data) to improve the Service.

We process your personal data on the following legal bases under the UK GDPR: (a) performance of a contract — processing necessary to deliver the Service you have subscribed to; (b) legitimate interests — security, fraud prevention, and product improvement; (c) consent — where you have explicitly opted in (e.g., connecting third-party accounts); (d) legal obligation — where required by law.

3. Data Sharing

We do not sell your personal data. We do not share your personal information with third parties for their own marketing purposes.

We share data with the following categories of third-party service processors, solely as necessary to operate the Service:

• PayPal — payment processing and subscription billing.
• Anthropic (Claude API) — AI language model processing for generating outreach hooks, content ideas, lead analysis, and other AI-powered features. Queries may include contextual data you provide to the relevant features.
• Apify — web scraping and data extraction infrastructure used for competitor monitoring, review scraping, and trend signal collection.
• Brave Search — web search API used for lead sourcing and content discovery.
• Meta (Facebook / Instagram) — when you connect your Meta accounts, we exchange data with Meta’s APIs to retrieve page data, ad account data, and post performance metrics.
• Google (YouTube) — when you connect your Google account, we access YouTube channel data and comment data through the YouTube Data API.
• Shopify — when you connect your Shopify store, we access order data, customer data, and product data necessary for review monitoring and payment rescue features.
• Stripe — when you connect your Stripe account, we access payment and subscription data for the payment recovery automation feature.
• Discord — authentication provider; we receive your Discord profile data on login.

We may also disclose your information if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Fortify, our users, or the public.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you cancel your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as financial records for tax compliance, which we retain for 7 years as required by UK law).

AI-generated outputs and generation logs are retained for up to 12 months for debugging and quality improvement purposes, after which they are deleted or anonymised.

Connected third-party account tokens are deleted when you disconnect an integration or close your account.

5. Your Rights (GDPR)

As a user based in the UK or European Economic Area, you have the following rights under the UK GDPR and applicable data protection law:

• Right of access. You may request a copy of the personal data we hold about you.
• Right to rectification. You may request that we correct inaccurate or incomplete personal data.
• Right to erasure. You may request that we delete your personal data (“right to be forgotten”), subject to our legal obligations to retain certain data.
• Right to data portability. You may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to restrict processing. You may request that we restrict the processing of your personal data in certain circumstances.
• Right to object. You may object to processing based on our legitimate interests.
• Right to withdraw consent. Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please email privacy@fortify-io.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK if you believe your data has been handled unlawfully.

6. Cookies

Fortify uses cookies and similar technologies to maintain your authenticated session and remember your preferences. We use session cookies (which expire when you close your browser) and persistent cookies (which remain for a defined period to keep you logged in).

We do not use third-party advertising cookies or tracking pixels for behavioural advertising purposes. You can configure your browser to refuse cookies; however, doing so may prevent you from logging in to or using the Service.

7. Third-Party Services

The Service integrates with third-party platforms and APIs. When you connect or use those integrations, your data is also subject to the privacy policies of those third parties. We encourage you to review the privacy policies of any third-party service you connect:

• Discord: discord.com/privacy
• PayPal: paypal.com/privacy
• Anthropic: anthropic.com/privacy
• Meta: facebook.com/privacy/policy
• Google / YouTube: policies.google.com/privacy
• Shopify: shopify.com/legal/privacy
• Stripe: stripe.com/privacy
• Apify: apify.com/privacy-policy

We are not responsible for the privacy practices of third-party services. Connecting a third-party account is optional; features that rely on that integration will be unavailable if you choose not to connect.

8. Children’s Privacy

The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a person under 18, we will delete that data promptly. If you believe we have inadvertently collected data from a minor, please contact us at privacy@fortify-io.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice within the Service. The “Last updated” date at the top of this page reflects when the policy was last revised.

Continued use of the Service after changes take effect constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you should stop using the Service and close your account.

10. Contact

Fortify operates from England, United Kingdom. If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Email: privacy@fortify-io.com

For general support enquiries, contact support@fortify-io.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk