ForgeBoxForgeBox

Legal

Privacy Policy

Last updated: 18 May 2026

FuseBox Online CC ("we", "us", "our") operates ForgeBox (forgebox.net). This Privacy Policy explains how we collect, use, store and protect personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and applicable data protection laws.

1. Who this policy applies to

  • Company administrators and managers who use ForgeBox to manage their organisation.
  • Employees whose personal information is captured in ForgeBox by their employer.
  • Visitors to forgebox.net.

2. Information we collect

2.1 Account information

When you sign up we collect:

  • Company name
  • Administrator name and email address
  • Billing information (processed by PayFast — we do not store card details)

2.2 Employee information

Your organisation may upload personal information about employees including:

  • Full name and contact details
  • Identity number
  • Residential address
  • Bank account details
  • Employment information (role, department, start date)
  • Leave records
  • Training records
  • Disciplinary records
  • Contract documents

2.3 Usage information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Cookies and similar technologies

3. How we use your information

We use personal information to:

  • Provide and operate the Service.
  • Process payments and manage subscriptions.
  • Provision and deprovision employee accounts on connected third-party platforms (Microsoft 365, Slack, GitHub etc.) as instructed by your organisation.
  • Send transactional emails (invoices, leave approvals, contract notifications etc.).
  • Provide customer support.
  • Improve and develop the Service.
  • Comply with legal obligations.

4. Lawful basis for processing

We process personal information on the following lawful bases:

  • Contract — processing necessary to provide the Service you have subscribed to.
  • Legitimate interests — improving the Service, preventing fraud and ensuring security.
  • Legal obligation — complying with applicable laws.
  • Consent — where you have provided explicit consent, which you may withdraw at any time.

5. Data storage and security

5.1 Your data is stored on Supabase infrastructure with servers located in the European Union or South Africa.

5.2 Sensitive personal information (identity numbers, bank details, addresses) is encrypted at rest using AES-256 encryption.

5.3 All data is transmitted over TLS 1.3 encrypted connections.

5.4 Access to personal data is restricted to authorised personnel and is controlled by role-based access policies.

5.5 We maintain audit logs of all access to sensitive data.

6. Data retention

6.1 Active account data is retained for the duration of your subscription.

6.2 On account cancellation, data is retained for 30 days then permanently deleted.

6.3 You may request earlier deletion by contacting support@forgebox.net.

6.4 Billing records (invoices) are retained for 7 years as required by South African tax law.

6.5 Audit logs are retained for 3 years.

7. Sharing of information

We do not sell your personal information. We share data only:

  • With third-party platforms you have connected to ForgeBox (Microsoft 365, Slack, GitHub etc.) as directed by your organisation to provision employee accounts.
  • With PayFast to process subscription payments.
  • With Supabase as our infrastructure provider.
  • With email service providers to send transactional emails.
  • Where required by law or court order.

All third-party processors are bound by appropriate data processing agreements.

8. Your rights under POPIA

You have the right to:

  • Access — request a copy of personal information we hold about you.
  • Correction — request correction of inaccurate personal information.
  • Deletion — request deletion of your personal information (subject to legal retention requirements).
  • Objection — object to processing of your personal information.
  • Portability — request your data in a machine-readable format.
  • Withdraw consent — where processing is based on consent.

To exercise any of these rights, contact us at support@forgebox.net. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Regulator of South Africa: inforegulator.org.za.

9. Cookies

9.1 We use essential cookies required for the Service to function (authentication, session management).

9.2 We use analytics cookies to understand how the Service is used. You may opt out via your browser settings.

9.3 We do not use advertising or tracking cookies.

10. Children

ForgeBox is not intended for use by persons under the age of 18. We do not knowingly collect personal information from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you by email and in-app notice at least 14 days before material changes take effect.

12. Contact and complaints

Information Officer
FuseBox Online CC
support@forgebox.net
forgebox.net

For privacy complaints or data subject requests: support@forgebox.net

South African Information Regulator:
inforegulator.org.za
Tel: 010 023 5200