Privacy & Security FAQ

Privacy

What data does Forter collect about me?

The types of data that Forter collects about you depends on how you interact with Forter.

Please visit our Website Privacy Policy for more information regarding the data we collect when you interact with us on our website, sign-up to receive any materials from Forter, attend any Forter events, or send us any information on through this website.

Please visit our Services Privacy Policy for more information regarding the data we collect from end users when we provide services to our merchants.

Please visit our Cookie Policy for more information regarding the cookies we use on our website and the information we collect through these cookies.

How does Forter use my data?

How we use your data depends on the circumstances under which we collected your data.

Please visit our Website Privacy Policy for more information regarding how we use data collected from you when you interact with us on our website, sign-up to receive any materials from Forter, attend any Forter events, or send us any information on through this website.

Please visit our Services Privacy Policy for more information regarding how we use data we collect from end users when we provide services to our merchants.

Please visit our Cookie Policy for more information regarding how we use data collected through cookies on our website.

Does Forter share my information with third parties?

Forter only shares your personal data with select trusted third-party providers or as necessary to comply with applicable law. All third-party providers are evaluated by Forter’s legal and information security teams to ensure these third parties can be entrusted with your data.

In particular, we may share your personal data with trusted third-party providers:

  • To maintain our internal business operations;
  • To provide our services to our merchant;
  • To comply with applicable law;
  • To protect your rights; and/or
  • In connection with a merger, acquisition, bankruptcy or other major corporate event.

We do not rent, sell, or share your data with third-parties for any other purposes.

For more information regarding the third parties with whom your data may be shared, please visit our Website Privacy Policy and Services Privacy Policy.

Does Forter sell my data?

No, Forter does not sell your data.

Does Forter comply with international data privacy laws?

Forter is committed to complying with data privacy laws globally and protecting your data to the highest standards.  We work with a team of internal and external legal and security experts to ensure that our products, services, and internal business practices comply with the most significant and wide reaching data privacy laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA).

Who should I contact if I have questions about Forter’s privacy practices?

Please contact us at [email protected] with any questions or concerns about our privacy practices.

Data Retention and Storage & Data Transfers

Where does Forter store my data?

Forter Ltd is based in Israel, which is considered by the European Commission to have an adequate level of protection for the personal information of EU individuals.  Forter Ltd, as well as our affiliates located in the US, the UK and Singapore, may process your information locally as required to maintain our internal business operations and provide our products and services to our customers. We also engage trusted third party services providers, and these providers may process your data in connection with their provision of services to us. We store personal information in our data centers located in the United States.

How does Forter comply with data transfer requirements for EU personal data?

Any transfer of EU personal data to a country that does not ensure an adequate level of protection (according to the European Commission) will be made in accordance with the European Commission’s Standard Contractual Clauses, together with additional technical, contractual and organizational safeguards designed to protect that data.

How do I request to access or delete my data?

If you are a California resident you can exercise your rights under the CCPA by contacting us at [email protected].

If you are located in the EEA or Switzerland you can exercise your rights under the GDPR by contacting us at [email protected] or you can also contact us via our EU representative, Prighter by visiting https://prighter.com/q/12970917510.

More information about how to exercise your rights as a data subject can be found in our Website Privacy Policy and our Services Privacy Policy.

How long does Forter keep my data?

We retain your Personal Data only for as long as we need to in order to fulfill the purposes for which it was collected, unless we need to keep it for a longer period in order to comply with applicable law or regulations.

Please contact [email protected] if you have any further questions about how long we keep your personal data.

Security

How does Forter keep my data safe?

Forter is committed to ensuring that all data that we process, transfer, and store is secured. We employ industry best practices to ensure the security, confidentiality and integrity of your data, both while it resides on Forter’s systems and when it is transferred externally. We have implemented robust physical, technical and organizational security measures to protect your data, including through the use of encryption and secure socket layer (SSL) technology.  We maintain SOC 2 and PCI DSS certifications, as further described below.

We regularly monitor our systems for possible vulnerabilities and attacks, and continuously seek out new ways to enhance the security of our systems.

Is Forter’s Security Program aligned with industry standards?

Forter is fully committed to processing data in compliance with the principles of GDPR. As part of this commitment, we maintain certifications that align with industry best practices.

Forter maintains the following security certifications:

  • PCI DSS Level 1​, the most stringent PCI DSS certification level available
  • SSAE16 – SOC 2 Type II

We also participate in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices. Additionally, We follow NIST-SP 800-88 guidelines for deletion of both electronic and hard copy data, and comply with ISD27005, Mozilla Rapid Risk Assessment, Binary RIsk Analysis, OWASP top 10 and NIST 800-30 standards.

How does Forter maintain regulatory compliance?

Forter has a robust compliance program designed to assess and solve for changes in the regulatory landscape. In particular, Forter has dedicated personnel, including legal, security, and product professionals, responsible for identifying and assessing applicable regulatory changes. These employees fill these responsibilities through proactive research, participation in customer advisory boards, participation in relevant events and conferences, and continuing subject matter education. In addition, Forter invests heavily in its compliance program outside these dedicated staff members, including by engaging international subject matter experts as advisors, sponsoring employees to travel and attend local events and conferences as needed, and allocating resources to research and development targeted at applicable regulatory developments.