Language

Security Policy

Version 0.1.0Last updated: Jun 2, 2026

Overview

This starter Security Policy summarizes the security posture expected for ForgePay accounts, wallets, transfers, ForgeCode payments and merchant integrations.

Legal review required

This is a starter template and must be reviewed by a qualified lawyer before commercial launch.

Company data

Editable placeholders for the final company, owner and contact details.

Company legal name: [COMPANY_LEGAL_NAME]
Company address: [COMPANY_ADDRESS]
Registration number: [COMPANY_REGISTRATION_NUMBER]
VAT ID: [VAT_ID]
Owner: [OWNER_NAME]
Contact email: [CONTACT_EMAIL]
Support email: [SUPPORT_EMAIL]
Data protection contact: [DPO_EMAIL]
Jurisdiction: [JURISDICTION]
Payment provider: [PAYMENT_PROVIDER]

ForgePay is not a bank.
ForgeCredit is not money issued by a government or central bank.
ForgeCredit is not a savings product.
ForgeCredit does not create ownership, yield or repayment rights.
Ordinary users cannot withdraw FGC to EUR.
Bonus FGC is non-transferable.
Transferable FGC may be sent between users subject to limits and fees.
The user-to-user transfer fee is 0.02%.
Sellers are settled according to Seller Terms.
External merchant API usage is governed by API Terms.

This page is starter content for drafting and product planning only. It must be reviewed and adapted by a qualified lawyer before commercial launch.

₣ForgePayforgepay.ai

Back home

Security Policy

Version 0.1.0. Starter text for review and editing. Last updated: Jun 2, 2026.

This is a starter template and must be reviewed by a qualified lawyer before commercial launch.

This starter Security Policy summarizes the security posture expected for ForgePay accounts, wallets, transfers, ForgeCode payments and merchant integrations.

Editable placeholder variables

[COMPANY_LEGAL_NAME]
[COMPANY_ADDRESS]
[COMPANY_REGISTRATION_NUMBER]
[VAT_ID]
[OWNER_NAME]
[CONTACT_EMAIL]
[SUPPORT_EMAIL]
[DPO_EMAIL]
[JURISDICTION]
[PAYMENT_PROVIDER]
[LAST_UPDATED_DATE]

Core ForgePay statements

ForgePay is not a bank.
ForgeCredit is not money issued by a government or central bank.
ForgeCredit is not a savings product.
ForgeCredit does not create ownership, yield or repayment rights.
Ordinary users cannot withdraw FGC to EUR.
Bonus FGC is non-transferable.
Transferable FGC may be sent between users subject to limits and fees.
The user-to-user transfer fee is 0.02%.
Sellers are settled according to Seller Terms.
External merchant API usage is governed by API Terms.

Account protection

ForgePay separates the main password from the 6-digit transaction PIN, rate-limits sensitive verification attempts and locks confirmation flows after too many failed attempts.

Ledger integrity

FGC movements should be represented as immutable ledger entries. ForgeCredit balances should not rely on a single editable balance field.

Merchant API protection

API keys should be shown only once, stored as hashes, and webhooks should use HMAC signatures with audit events for API activity.

Incident contact

Security reports should be sent to [CONTACT_EMAIL] or [SUPPORT_EMAIL] until a dedicated security mailbox is approved.

No final legal advice

This page is starter content for drafting and product planning only. It must be reviewed and adapted by a qualified lawyer before commercial launch.