Privacy Policy
Last Updated: 12th January, 2026
Your privacy matters to us. This policy explains how Fortva collects, uses, and protects your personal data when you use our platform and services.
1. Introduction and Scope of This Privacy Policy
This Privacy Policy explains how Fortva, a subsidiary of Fanada Group Company Limited, incorporated in Ghana ("Fortva," "we," "us," or "our"), collects, uses, processes, stores, transfers, and protects personal data in connection with the provision of its document management system (DMS), contract lifecycle management (CLM) platform, websites, applications, and related services (collectively, the "Services").
Fortva provides enterprise-grade software designed to enable organizations, government entities, and individuals to securely store, manage, organize, execute, and monitor documents and contracts. In doing so, Fortva necessarily processes certain categories of personal data. We take our data protection obligations seriously and have designed this Privacy Policy to reflect applicable global data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, applicable United States privacy laws, and relevant Ghanaian data protection legislation.
This Privacy Policy applies to:
- Visitors to Fortva's websites;
- Individuals who create accounts or use the Services;
- Authorized users acting on behalf of customers;
- Customer representatives, administrators, and billing contacts;
- Individuals whose personal data is included in documents, contracts, or content uploaded to the Services.
This Privacy Policy does not apply to personal data processed by Fortva on behalf of customers where Fortva acts solely as a data processor and the customer acts as the data controller. In such cases, processing is governed by the applicable customer agreement and data processing addendum (DPA), not this Privacy Policy, except where expressly stated.
2. Data Controller and Contact Information
For the purposes of applicable data protection laws, Fortva is the Data Controller with respect to personal data processed in connection with operating, securing, maintaining, and improving the Services, managing customer relationships, handling billing, and complying with legal obligations.
Data Controller:
Fortva, a subsidiary of Fanada Group Company Limited
Country of incorporation: Ghana
Privacy Contact:
For any questions, requests, or concerns regarding this Privacy Policy or Fortva's data practices, you may contact us at: support@fortva.com
This contact point may be used for privacy inquiries, data subject requests, and communications relating to data protection compliance.
3. Fortva's Role: Controller vs. Processor
3.1 Fortva as Data Processor
In most cases, Fortva acts as a data processor when customers upload documents, contracts, records, or other content to the Services ("Customer Content"). In these scenarios:
- The customer determines the purpose and means of processing;
- The customer is the data controller;
- Fortva processes personal data solely on documented instructions from the customer.
This includes personal data contained in:
- Contracts and legal documents;
- Employee records;
- Vendor agreements;
- Financial or commercial documentation;
- Any other files uploaded by customers.
Fortva does not review, analyze, or use Customer Content except as necessary to provide the Services, ensure security, comply with law, or as otherwise instructed by the customer.
3.2 Fortva as Data Controller
Fortva acts as a data controller with respect to:
- Account registration and user management data;
- Billing and subscription information;
- Usage logs, audit trails, and metadata;
- Support communications;
- Website analytics and essential cookies;
- Compliance, security, and fraud-prevention activities.
4. Categories of Personal Data We Collect
4.1 Account and Identity Information
When an account is created or managed, Fortva may process information such as names, email addresses, usernames, job titles, organizational roles, authentication credentials, and account preferences. This data is necessary to establish user identity, manage access controls, and enable secure collaboration.
4.2 Billing and Transaction Information
Fortva processes billing-related information, including subscription details, invoices, payment status, and transaction identifiers. Payment card data is processed by authorized third-party payment processors; Fortva does not store full credit card numbers. Billing data is used to administer subscriptions, enforce pricing terms, and comply with accounting and tax obligations.
4.3 Customer Content and Uploaded Data
Customers may upload documents and contracts that contain personal data relating to employees, counterparties, clients, suppliers, or other individuals. Fortva processes this data strictly as a processor, under customer instructions, and does not assume responsibility for the legality or accuracy of such content.
4.4 Usage Data and Logs
Fortva automatically collects technical data related to system usage, including access timestamps, IP addresses, device identifiers, log files, audit trails, performance metrics, and feature usage statistics. This data supports security monitoring, system integrity, troubleshooting, and service optimization.
4.5 Support and Communications
When users contact Fortva for support, training, or inquiries, we process communications and related information to respond effectively, improve our Services, and maintain service quality.
4.6 Website and Cookie Data
Fortva's websites use essential cookies and similar technologies required for core functionality, security, and performance measurement. These technologies may collect limited information such as browser type, session identifiers, and aggregated usage statistics.
5. How Personal Data Is Collected
Fortva collects personal data through several channels.
Personal data may be provided directly by users when registering for accounts, configuring user profiles, uploading documents, submitting support requests, or communicating with Fortva. Data may also be collected automatically through the operation of the Services, including system logs, security monitoring tools, and essential cookies.
In limited cases, Fortva may receive personal data indirectly, such as from customers who add authorized users, from payment processors confirming transactions, or from third-party integrations enabled by customers.
Fortva does not intentionally collect personal data from unauthorized sources.
6. Purposes of Processing
Fortva processes personal data only where there is a legitimate and lawful purpose to do so.
Personal data is processed to:
- Provide, operate, and maintain the Services;
- Authenticate users and manage access permissions;
- Secure documents and contracts;
- Process subscriptions, payments, and refunds;
- Provide customer support and technical assistance;
- Monitor system performance and prevent abuse or fraud;
- Improve functionality and user experience;
- Comply with legal and regulatory obligations;
- Enforce contractual rights and policies.
Fortva does not sell personal data and does not use Customer Content for advertising or marketing purposes.
7. Legal Bases for Processing (GDPR and Equivalent Laws)
Where GDPR or similar laws apply, Fortva relies on one or more lawful bases to process personal data.
Processing may be necessary for the performance of a contract where users or customers enter into a subscription agreement with Fortva. Processing may also be necessary to comply with legal obligations, such as financial reporting or responding to lawful requests from authorities.
In certain cases, Fortva processes personal data based on its legitimate interests, such as maintaining platform security, preventing fraud, improving the Services, and managing customer relationships. These interests are balanced against the rights and freedoms of data subjects.
Where required, Fortva relies on user consent, particularly for non-essential cookies or optional communications. Consent may be withdrawn at any time.
8. Contract Templates Disclaimer and Legal Responsibility
Fortva provides built-in contract templates as a functional convenience for users. These templates are provided for general informational purposes only and do not constitute legal advice. They are not jurisdiction-specific and may not reflect applicable laws, regulatory requirements, or industry standards relevant to a user's circumstances.
Users remain solely responsible for reviewing, modifying, approving, and validating any templates before use. Fortva expressly disclaims all liability arising from reliance on contract templates, including any legal, regulatory, or financial consequences.
9. Security Measures
Fortva implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption in transit, monitoring systems, and role-based permissions.
While Fortva follows industry best practices, no system can be guaranteed to be completely secure. Users acknowledge and accept this inherent risk.
10. Children and Age Restrictions
The Services are not intended for individuals under the age of eighteen (18). Fortva does not knowingly collect personal data from children. If Fortva becomes aware that personal data of a minor has been collected, it will take steps to delete such data.
11. Law Enforcement and Legal Requests
Fortva may disclose personal data where required to comply with applicable law, court orders, subpoenas, or lawful requests from government or regulatory authorities. Where legally permitted, Fortva will attempt to notify affected customers before disclosure.
12. Disclosure of Personal Data and Use of Subprocessors
Fortva does not sell personal data and does not disclose personal data to third parties except as necessary to operate the Services, comply with legal obligations, or protect its rights and users.
In providing the Services, Fortva may engage third-party service providers ("Subprocessors") to perform functions on its behalf. These Subprocessors act under contractual obligations that require them to process personal data only for specified purposes, to maintain appropriate confidentiality, and to implement reasonable security safeguards consistent with industry standards.
Subprocessors may include providers of cloud hosting infrastructure, payment processing services, email delivery systems, analytics and monitoring tools, customer support platforms, and security services. Fortva remains responsible for the acts and omissions of its Subprocessors to the extent required by applicable data protection laws when acting as a data processor.
Fortva may also disclose personal data where disclosure is required to comply with applicable law, regulation, legal process, or governmental request, or where disclosure is necessary to protect the rights, property, or safety of Fortva, its customers, users, or others.
13. International Data Transfers
Fortva operates as a global SaaS platform and may process personal data in multiple jurisdictions. Personal data may be transferred to, stored in, or accessed from countries other than the country in which the data subject resides, including the United States and other locations where Fortva or its Subprocessors operate.
Where personal data originating from the European Union, United Kingdom, or other jurisdictions with cross-border data transfer restrictions is transferred outside those regions, Fortva implements appropriate safeguards designed to ensure an adequate level of protection. These safeguards may include reliance on approved transfer mechanisms such as standard contractual clauses, contractual commitments with Subprocessors, and other lawful transfer bases recognized under applicable data protection laws.
By using the Services, users acknowledge that their personal data may be transferred internationally as described in this Privacy Policy.
14. Data Retention and Deletion
Fortva retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements.
Account and billing information is retained for the duration of the customer relationship and thereafter for a period necessary to comply with applicable accounting, tax, and legal requirements. Usage logs and technical records are retained for limited periods consistent with security and operational needs.
Customer Content uploaded to the Services is retained in accordance with customer instructions and the applicable subscription agreement. Upon termination or expiration of a customer's subscription, Fortva will make Customer Content available for retrieval for a limited period, after which such data may be deleted or anonymized in accordance with Fortva's retention policies, unless retention is required by law. Fortva does not guarantee indefinite retention of any data.
15. Data Subject Rights
Where required by applicable law, including GDPR and UK GDPR, individuals have certain rights with respect to their personal data.
These rights may include the right to request access to personal data, to request correction of inaccurate or incomplete data, to request deletion of personal data, to request restriction of processing, to object to processing based on legitimate interests, and to request data portability.
Where Fortva acts as a data processor, requests relating to Customer Content should be directed to the relevant customer acting as data controller. Fortva will assist customers in responding to such requests where required by law and contract.
Requests relating to Fortva's controller processing activities may be submitted to support@fortva.com. Fortva may require verification of identity before responding to a request and may deny requests where permitted by law.
16. Right to Withdraw Consent
Where Fortva relies on consent as a legal basis for processing personal data, individuals have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Withdrawal of consent may limit the availability of certain features or Services.
17. Cookies and Similar Technologies
Fortva uses cookies and similar technologies primarily to ensure the secure and reliable operation of its websites and Services. Essential cookies are required for authentication, session management, and security purposes and cannot be disabled without affecting functionality.
Fortva may also use limited analytics technologies to understand aggregate usage patterns and improve performance. Where required by law, Fortva will obtain consent before deploying non-essential cookies.
Detailed cookie preferences may be managed through browser settings or applicable consent mechanisms.
18. Security Incident and Data Breach Response
Fortva maintains internal policies and procedures designed to identify, respond to, and mitigate security incidents involving personal data. In the event of a confirmed personal data breach, Fortva will take reasonable steps to contain the incident, assess its impact, and comply with applicable notification obligations.
Where Fortva acts as a data processor, it will notify affected customers without undue delay after becoming aware of a personal data breach involving Customer Content, in accordance with applicable law and contractual obligations.
19. Government, Enterprise, and Regulated Customers
Fortva's Services may be used by government entities, regulated organizations, and enterprises subject to specific compliance requirements. Customers are responsible for ensuring that their use of the Services complies with applicable sector-specific regulations, recordkeeping obligations, and internal policies.
Fortva does not represent or warrant that the Services alone ensure regulatory compliance. Customers remain solely responsible for configuring and using the Services in a compliant manner.
20. Marketing and Communications
Fortva may send service-related communications, including account notices, security updates, billing information, and changes to the Services. These communications are considered essential and cannot generally be opted out of.
Where permitted by law, Fortva may send marketing or promotional communications. Users may opt out of such communications at any time by following the instructions provided in the message or by contacting Fortva.
21. Third-Party Integrations and Links
The Services may integrate with or link to third-party applications, services, or websites. Fortva is not responsible for the privacy practices of third parties, and this Privacy Policy does not apply to data processed by third-party services.
Users are encouraged to review the privacy policies of any third-party services they choose to connect to the Services.
22. Changes to This Privacy Policy
Fortva may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or business practices. Updated versions will be posted on Fortva's website with a revised "Last Updated" date.
Where changes are material, Fortva may provide additional notice through the Services or by other reasonable means. Continued use of the Services after an update constitutes acceptance of the revised Privacy Policy.
23. Complaints and Supervisory Authorities
Individuals located in the European Union or United Kingdom have the right to lodge a complaint with a competent data protection supervisory authority if they believe that Fortva's processing of personal data violates applicable law.
Fortva encourages individuals to contact support@fortva.com first so that concerns may be addressed directly.
24. Limitation of Responsibility
To the maximum extent permitted by law, Fortva disclaims liability for personal data processed as part of Customer Content where Fortva acts solely as a data processor and processes such data in accordance with customer instructions.
Nothing in this Privacy Policy limits rights that cannot be waived under applicable law.
25. Contact Information
For privacy-related questions, requests, or concerns, please contact:
Fortva
A subsidiary of Fanada Group Company Limited
support@fortva.com