Forge4 is a complete workforce management platform that combines time tracking, HR management, payroll, expense tracking, and client billing into one integrated system. Built for modern organizations of all sizes.

How much does Forge4 cost?

Forge4 Professional starts at $3 per user per month with all modules included. Enterprise plans at $5 per user per month include dedicated hosting, full white-label branding, 24/7 support, and custom integrations.

Can I customize the branding?

Yes. Forge4 is fully white-label ready. You can customize your company logo, brand colors, email templates, and the entire look and feel of the platform to match your organization's identity.

Yes. Forge4 uses multi-tenant architecture with complete data isolation, role-based access control with 6 configurable roles, encrypted data at rest and in transit, and is SOC 2 ready.

Does Forge4 work on mobile?

Yes. Forge4 is built mobile-first and works on all devices — iPhone, Android, tablets, and desktop browsers including Safari and Chrome.

What features does Forge4 include?

Forge4 includes time tracking, weekly timesheets, client billing, HR management, employee onboarding, org chart, leave management, expense tracking, document compliance, white-label branding, role-based access control, and more. Payroll, invoicing, performance reviews, contractor management, and AI-powered insights are coming soon.

Legal

Privacy Policy

Name: Forge4
Price: 3.00 USD
Author: HiFour Technologies

Last updated: March 2026

1. Introduction

HiFour Technologies ("we," "us," or "our") operates Forge4, a workforce management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Forge4, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, organization name, job title, and phone number when creating an account.
Employee Data: Employee profiles, contact details, employment history, compensation information, emergency contacts, and documents uploaded to the platform by your organization.
Time and Attendance Data: Timesheet entries, clock-in/out times, project allocations, and approval records.
Financial Data: Expense claims, receipt images, billing rates, invoice details, and payment information.
Leave Data: Leave requests, balances, approval history, and leave policy configurations.
Communication Data: Messages sent through our support chat, contact forms, and notification preferences.

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, actions performed, timestamps, and session duration.
Device Information: Browser type, operating system, device type, screen resolution, and IP address.
Cookies and Tracking: We use essential cookies for authentication and session management. See Section 7 for details.

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To operate, maintain, and provide the features of Forge4, including time tracking, HR management, expense processing, and payroll.
Account Management: To create and manage your account, process payments, and provide customer support.
Communication: To send transactional emails (e.g., approval notifications, system alerts), respond to inquiries, and provide updates about the Service.
Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
Improvement: To analyze usage patterns, diagnose problems, and improve the Service's functionality and user experience.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Storage and Security

4.1 Multi-Tenant Data Isolation

Forge4 uses a multi-tenant architecture with complete data isolation between organizations. Each organization's data is logically separated at the database level, ensuring that no organization can access another organization's data under any circumstances.

4.2 Encryption

In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
At Rest: All stored data is encrypted using AES-256 encryption.
Sensitive Data: Passwords are hashed using bcrypt. API keys and tokens are stored in encrypted form.

4.3 SOC 2 Practices

We follow SOC 2 Type II security practices including access controls, audit logging, vulnerability management, incident response procedures, and regular security assessments. Enterprise customers may request our latest compliance documentation.

4.4 Infrastructure

Our infrastructure is hosted on industry-leading cloud providers with certifications including SOC 2, ISO 27001, and GDPR compliance. Enterprise customers receive dedicated hosting with additional isolation guarantees.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following limited circumstances:

Within Your Organization: Data is accessible to authorized users within your organization based on their role-based access control (RBAC) permissions.
Service Providers: We engage trusted third-party service providers (e.g., cloud hosting, email delivery, payment processing) who access data only to perform services on our behalf and are bound by confidentiality obligations.
Legal Requirements: We may disclose data if required by law, legal process, governmental request, or to protect rights, safety, or property.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will provide notice before your data is subject to a different privacy policy.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide you the Service. Specific retention periods:

Active Accounts: Data is retained for the duration of your subscription.
After Cancellation: We retain data for 30 days after account cancellation to allow for data export. After 30 days, data is queued for permanent deletion.
Backups: Encrypted backups may persist for up to 90 days after deletion for disaster recovery purposes.
Legal Holds: Data subject to legal proceedings or regulatory requirements may be retained longer as required by law.
Anonymized Data: Aggregated, anonymized data that cannot identify individuals may be retained indefinitely for analytics and improvement purposes.

7. Cookies and Tracking Technologies

We use the following types of cookies:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Functional Cookies: Remember your preferences (e.g., theme selection, language) for a better experience.
Analytics Cookies: Help us understand how the Service is used so we can improve it. These are anonymized and do not track individual users across sites.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 GDPR Rights (EU/EEA Residents)

Right of Access: Request a copy of your personal data.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing: Request limitation of how we process your data.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing of your data for certain purposes.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

8.2 CCPA Rights (California Residents)

Right to Know: Request disclosure of the categories and specific pieces of personal information collected.
Right to Delete: Request deletion of personal information.
Right to Opt-Out: We do not sell personal information, so the right to opt-out of sale does not apply.
Right to Non-Discrimination: Exercise your rights without discriminatory treatment.

To exercise any of these rights, contact us at privacy@hifour.io. We will respond within 30 days.

9. Third-Party Services

Forge4 integrates with the following third-party services:

Google Workspace: For Single Sign-On (SSO) authentication and calendar synchronization.
Email Services: For transactional email delivery (notifications, approvals, reports).
Cloud Infrastructure: For hosting, storage, and content delivery.

Each third-party service has its own privacy policy. We encourage you to review their policies. We only share the minimum data necessary for each integration to function.

10. Children's Privacy

Forge4 is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized mechanisms.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will also notify you via email or in-app notification. Your continued use of the Service after changes become effective constitutes acceptance.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

HiFour Technologies — Privacy Team

General Inquiries: info@hifour.io

Privacy Requests: privacy@hifour.io

Website: www.hifour.io