Privacy Policy

Last updated: 2026-05-25 | Effective: 2026-06-01

Smart Sequence Tech (Smart Sequence Tech) operates ForgeHelm, an enterprise code governance and compliance platform. This Privacy Policy explains how we collect, use, and protect personal data when you use smartsequence.tech or the ForgeHelm SaaS service. It addresses GDPR (EU 2016/679), CCPA (California), and Taiwan PDPA.

1. Data Controller

FieldDetails
EntitySmart Sequence Tech(智序資訊工作室)
Tax ID60295398
Contactservice@smartsequence.tech
Data Protection Inquiriesservice@smartsequence.tech

2. What Data We Collect

2.1 Website Visitors

  • Contact forms: Name, business email, company, job title, headcount, inquiry type
  • Analytics: Anonymized page views and sessions (IP anonymized)
  • Cookies: Session and language preference; optional analytics (opt-in)

2.2 ForgeHelm SaaS Customers

  • Account data: Business email, name, company, role, subscription tier
  • Usage data: Feature logs, login times, API records (no source code in SaaS)
  • Billing data: Processed by payment provider; we do not store full card numbers
  • Support data: Tickets and correspondence

2.3 What We Do NOT Collect

  • Source code — Agent processes code locally; only desensitized metrics go to SaaS
  • GDPR Art. 9 special categories of personal data

3. Legal Basis for Processing (GDPR)

PurposeLegal Basis
Inquiries and demosLegitimate interest (Art. 6(1)(f))
Contracted SaaS servicesContract (Art. 6(1)(b))
Billing and taxLegal obligation (Art. 6(1)(c))
Optional analytics cookiesConsent (Art. 6(1)(a))
Service improvement commsLegitimate interest (Art. 6(1)(f))

4. How We Use Your Data

  • Respond to demo, PoC, and sales inquiries
  • Provision and operate ForgeHelm SaaS accounts
  • Issue invoices and process subscriptions
  • Provide support and maintain reliability
  • Send service-critical notifications (not marketing unless opted in)
  • Meet legal and tax obligations

5. Data Retention

Data CategoryRetention Period
Pre-sales inquiries2 years from last interaction
Active SaaS account dataSubscription term + 90 days after termination
Billing records7 years (legal obligation)
Support tickets3 years after closure
Analytics (anonymized)13 months rolling

You may request early deletion of non-billing data (see Section 7).

6. Third-Party Services

We execute DPAs with sub-processors handling personal data. Enterprise customers may request the sub-processor list.

  • Vercel: Marketing site hosting (EU/US; DPA in place)
  • Stripe: Subscription billing (PCI-DSS Level 1; no raw card data to us)
  • Analytics: Aggregated anonymized traffic; no cross-site tracking
  • Email: Transactional email only

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access Request a copy of data we hold about you
Rectification Correct inaccurate or incomplete data
Erasure Request deletion (subject to legal retention)
Portability Receive data in a structured, machine-readable format
Objection Object to processing based on legitimate interest
Restriction Request limited processing while a dispute is resolved

California residents may opt out of sale/sharing (CCPA). We do not sell personal data.

Taiwan PDPA provides access, correction, deletion, and portability rights.

Contact service@smartsequence.tech. We respond within 30 days.

8. Cookies

Cookie TypePurposeOpt-out
Strictly necessarySession authentication, language preferenceCannot be disabled
Analytics (optional)Aggregate page views; IP anonymizedCookie banner or browser settings

We do not use advertising or cross-site tracking cookies.

9. International Data Transfers

ForgeHelm is designed for data sovereignty. Source code and sensitive analysis stay on-premises; only desensitized compliance metrics go to SaaS.

Where account/billing data leaves the EEA or Taiwan, we rely on EU Standard Contractual Clauses, adequacy decisions, or Taiwan PDPA safeguards.

10. Security Measures

We will notify you within 72 hours of a breach affecting your rights (GDPR Art. 33).

  • Encryption in transit: TLS 1.2+
  • Encryption at rest: Sensitive database fields encrypted
  • Access control: RBAC for personnel
  • Audit logs: Immutable admin action logs
  • Vulnerability management: Regular scanning and dependency updates

11. Policy Updates

  • Published on this page with an updated effective date
  • Active SaaS customers notified by email at least 30 days before material changes

12. Contact & Complaints

Privacy inquiries: service@smartsequence.tech

Business entity: Smart Sequence Tech(智序資訊工作室, Tax ID 60295398)

GDPR complaints may be lodged with your local supervisory authority.