Last updated: 2026-05-25
This page summarizes the technical and organizational measures used to protect data in Generations DataForge. DataForge is an internal Generations B.V. tool. Security practices may evolve as the tool changes, but the goal remains to protect confidentiality, integrity, and availability.
Access to DataForge data is limited to authorized Generations staff and trusted internal users who need access for legitimate operational, administrative, security, or support purposes. Administrative access should follow least-privilege principles and be reviewed periodically.
The tool uses account-based authentication and session controls to protect access. Users are responsible for protecting their credentials and reporting suspected misuse or unauthorized access.
Data should be transmitted over encrypted connections where supported. Production infrastructure should use modern transport security and appropriate protection for secrets, credentials, and API keys.
The application is designed around workspace-based data separation. Data is associated with workspace identifiers so the tool can limit access and queries to the correct operational context.
Standalone tools and invited-user clients that use DataForge APIs should use authenticated access, server-side authorization checks, scoped permissions, and least-privilege data access. API integrations should avoid broad shared credentials, limit write-back behavior to authorized Rentman actions, and log important access, export, update, and failed-access events.
Operational logs, error monitoring, and performance diagnostics may be used to detect issues, investigate incidents, maintain availability, and improve reliability. Logs should avoid unnecessary sensitive data where practical.
Production systems should use backups or equivalent recovery mechanisms appropriate for the tool. Backup access should be restricted, and backup retention should be aligned with operational and legal requirements.
Security incidents are investigated based on severity and potential impact. If a confirmed personal data breach affects personal data, Generations B.V. will handle notification and response according to applicable legal requirements and internal procedures.
Dependencies, application code, configuration, and infrastructure should be reviewed for security issues. Relevant vulnerabilities are prioritized based on severity, exploitability, and service impact.
Personnel and providers with access to non-public information must protect it and use it only for authorized purposes related to the tool.
Changes to the tool should follow controlled development practices, including review, testing where appropriate, and attention to privacy, security, and workspace isolation.
For security questions, contact us at hostmaster@marchagen.dev.