Forge by AppAssist
Menu
Trust posture

Security and data handling

Forge is built to create cited, reviewable knowledge from approved business documents while keeping source handling and deletion controls visible.

Access model

Forge uses authenticated workspaces, role-based access, and invite or request workflows when availability is limited. Public request-access records interest; it does not automatically grant workspace access.

What Forge stores

Forge stores source records, source hashes, extracted text when allowed, evidence quotes, reviewed knowledge, processing history, usage and account-activity records, exports, and retention metadata.

What Forge does not store by default

Forge is not a long-term raw-document vault. By default, uploaded files are removed after processing, and external systems or customer-controlled storage can remain the source of truth.

Retention options

Forge supports delete-after-processing uploads, external source references, customer-managed source references, and API-based text ingestion.

Connected sources

Google Drive is available for read-only folder import. SharePoint, customer storage, and web knowledge-base connectors are planned.

Monitoring and controls

Forge records account activity for sensitive actions and failures. Workspace owners can delete documents and use Settings to review billing, retention, export, and deletion controls.

Current limitations

Scanned PDFs need OCR before upload. Spreadsheet support is CSV-first. Enterprise SSO, inherited connector ACL enforcement, custom compliance commitments, and managed raw-file vault guarantees require a separate written agreement.

Recommended use

Use approved, low-risk business documents only. Do not upload regulated, highly sensitive, privileged, payment-card, government-ID, health, trade-secret, or highly confidential material unless AppAssist has explicitly approved that handling path in writing.