Table of Contents
Permian Forge LLC ("we," "our," "us") is committed to protecting the privacy of the companies and individuals who use our products (IronHaul, IronGuard, IronLedger, and the Permian Forge website at permianforge.com) and collectively referred to as "the Services."
This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have regarding your data.
Plain English Summary: We only collect what we need to run the Services. We don't sell your data. We protect it with industry-standard security. You can request, correct, or delete your data at any time.
01Who We Are
Permian Forge LLC is a software company based in Texas, providing digital operations tools for the oilfield services and operations industry. We are the data controller for information collected through our marketing website at permianforge.com, and the data processor for information your organization enters into our Services on behalf of your business.
02Information We Collect
Information You Provide Directly
- Account information: name, email, phone, organization name, role.
- Business information: vehicles, drivers, customers, vendors, locations, rate sheets, invoices, tickets, inspections, certifications, and other operational data you enter into the Services.
- Payment information: billing details for subscription management (processed by our payment provider; we do not store card numbers).
- Communications: messages you send us via email or support channels.
Information Collected Automatically
- Device and usage data: IP address, browser type, operating system, pages visited, features used, timestamps.
- Location data: GPS coordinates when creating tickets, inspections, or audit log entries (with your permission).
- Cookies and similar technologies: see Section 8.
Information from Third Parties
We may receive limited information from authentication providers, email delivery services, or integrations you choose to connect (such as QuickBooks, if enabled).
03How We Use Information
We use the information we collect to:
- Provide the Services: authenticate users, process tickets and invoices, manage inspections, send notifications, and enable core functionality.
- Improve the Services: diagnose technical issues, analyze usage patterns, and develop new features.
- Communicate with you: send service updates, respond to support requests, and provide important account notices.
- Ensure security: detect and prevent fraud, abuse, or unauthorized access.
- Comply with legal obligations: tax records, regulatory requirements, and lawful requests from authorities.
We do not use your business data to train AI models, sell to data brokers, or provide to advertisers.
04How We Share Information
We share information only in these limited circumstances:
- Within the Iron Suite: when your organization uses multiple products (for example, IronHaul and IronGuard), data flows between them as designed (vehicle inspection status, invoice data between haulers and operators when both sides opt in).
- Service providers: Supabase (database and authentication), Vercel (hosting), Gmail/SMTP providers (email delivery). These providers are contractually bound to protect your data and use it only to provide services to us.
- Business partners you authorize: if you connect integrations like QuickBooks, we share the data required for that integration to function.
- Legal compliance: when required by law, subpoena, or to protect rights, property, or safety.
- Business transfer: in the event of a merger, acquisition, or sale, information may transfer to the new owner, who must honor this Privacy Policy.
We do not sell your personal or business information to third parties.
05Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: all data transmitted between your device and our Services is protected by TLS 1.2+.
- Encryption at rest: data stored in our databases is encrypted.
- Access controls: role-based permissions and multi-tenant isolation using row-level security.
- Infrastructure: hosted on Supabase and Vercel, both SOC 2 Type II compliant.
- Authentication: password hashing, session management, optional multi-factor authentication.
- Audit logs: every data change is logged with user attribution and timestamp.
No system is completely secure. If a breach occurs that materially affects your data, we will notify you without undue delay and comply with applicable breach notification laws.
06Data Retention
We retain your data as long as your account is active and as needed to provide the Services. Specific retention periods:
- Active account data: retained for the life of your subscription.
- Canceled accounts: data is retained for 90 days after cancellation to allow recovery, then permanently deleted (or anonymized for aggregate analytics).
- Legal records: some data (invoices, tax records) may be retained longer to comply with legal requirements.
- Backups: encrypted backups may persist for up to 30 days after deletion.
07Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: request a copy of the personal data we hold about you.
- Correct: update or correct inaccurate information.
- Delete: request deletion of your personal data (subject to legal retention requirements).
- Export: receive your data in a portable format.
- Object: object to processing of your data for certain purposes.
- Withdraw consent: where we rely on consent as our legal basis.
To exercise any of these rights, email legal@permianforge.com. We will respond within 30 days.
California residents have additional rights under the CCPA. Texas residents have rights under the Texas Data Privacy and Security Act. We will honor applicable state privacy laws.
08Cookies & Tracking
We use cookies and similar technologies for:
- Essential functions: authentication, session management, security.
- Preferences: remembering your settings.
- Analytics: understanding how the Services are used (we do not use cross-site tracking).
For details, see our Cookie Policy. You can control cookies through your browser settings, though disabling essential cookies may affect functionality.
09Children's Privacy
The Services are intended for use by businesses and their authorized employees, all of whom should be at least 18 years old. We do not knowingly collect data from children under 13. If we become aware that we have collected such data, we will delete it.
10International Users
The Services are hosted in the United States. If you access the Services from outside the U.S., your data will be transferred to, stored, and processed in the U.S. By using the Services, you consent to this transfer. We apply safeguards consistent with applicable data protection laws for cross-border transfers.
11Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice in the Services at least 30 days before they take effect. The "Last Updated" date at the top of this page indicates when it was last revised. Continued use of the Services after changes constitutes acceptance of the revised policy.
12Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your data: