Privacy Policy

Last updated: 2025-12-06

1) Who we are

ForgeIT L.P. provides software engineering, DevOps and ERP services and develops the ManagoStores suite.

Registered in Greece. Email: [email protected].

2) Scope

This policy covers personal data we process on this website and in our products/services, including the ManagoStores web app and the React Native companion app (“Services”).

3) Data we collect

  • Contact data: name, email, company, message (when you submit our contact form).
  • Account data: name, email, roles/permissions (when you use our apps).
  • Usage data: pages viewed, actions, timestamps, IP, device/browser info (server logs, security and performance).
  • Cookies: essential cookies for site operation; optional analytics only if you consent.
  • Mobile app: barcode scan input, device camera permission (for scanning), crash/diagnostic data (if enabled).

4) Legal bases (GDPR Art. 6)

  • Contract (Art. 6(1)(b)) for providing our Services to you or your organization.
  • Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, improving Services.
  • Consent (Art. 6(1)(a)) for optional analytics/marketing; you can withdraw anytime.
  • Legal obligation (Art. 6(1)(c)) for tax/accounting or compliance.

5) How we use data

  • To provide and maintain the Services, roles & permissions, and support.
  • To respond to inquiries and proposals you send us.
  • To secure our systems (audit logs, rate limiting, abuse detection).
  • To analyze performance and improve UX (only with consent for non-essential analytics).

6) Cookies & analytics

We use essential cookies for session and security. Non-essential analytics cookies (e.g., Google Analytics or Matomo) are used only with your consent.

CategoryPurposeRetention
EssentialAuthentication, securitySession / short-term
Analytics (optional)Usage statistics to improve ServicesAs configured by provider

7) Sharing & processors

We share data only with trusted processors as necessary, under GDPR agreements:

  • Hosting/Infrastructure (e.g., VPS/cloud provider).
  • Email delivery (transactional emails).
  • Optional analytics provider (only if you consent).

We do not sell personal data.

8) International transfers

If data leaves the EEA, we use lawful mechanisms (e.g., SCCs) and ensure adequate protection.

9) Retention

We keep data only as long as needed for the purposes above, contractual obligations, and legal requirements. Logs are typically kept short-term unless needed for security or audits.

10) Security

We follow industry practices (access control, encryption in transit, least privilege). No method is 100% secure, but we work to protect your data continuously.

11) Your rights (EU/EEA)

You can request access, rectification, erasure, restriction, portability, or object to processing. You may withdraw consent at any time.

Contact: [email protected]. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

12) Children

Our Services are not directed to children under 16 and we do not knowingly process their data.

13) Changes

We may update this policy; we’ll post the latest version here and update the “Last updated” date.

14) Contact us

Email: [email protected]