Legal

Privacy Policy

Talcott Forge Corporation Privacy Policy

Effective date: May 12, 2026

This Privacy Policy describes how Talcott Forge Corporation ("TFC," "we," "us") collects, uses, discloses, and protects personal information when you use our website, client portal, products, and related services (collectively, the "Platform"). By using the Platform, you acknowledge this Privacy Policy.

1. Information we collect

Information you provide directly

  • Identity information, including full legal name, date of birth, Social Security number where required for filings or account setup, and SSN last four where retained for account verification or records, and other identifying information you provide
  • Contact information, including email address, mailing address, and phone number
  • Financial information, including retirement account details, account balances, custodian information, account type, prior rollover history, and bank account information for payments
  • Business information, including proposed business type, state of incorporation, and officer and director designations
  • Employment information, including employment status, compensation, and hours worked when needed for eligibility, plan administration, compliance, or reporting
  • Communications and documents you submit through the Platform

Some of the information we collect may be considered sensitive personal information under applicable law.

Information collected automatically

  • Device and browser information, including browser type, operating system, and IP address
  • Usage data, including pages visited, features used, and timestamps
  • Cookies and similar technologies, as described in Section 6

Information from third parties

  • Identity verification services or fraud-prevention services, if used in connection with your account
  • Information from other service providers, including recordkeepers, custodians, registered agents, valuation firms, fidelity bond providers, and payment processors

2. How we use your information

We use personal information to:

  • Provide, maintain, and improve our services, including entity formation, 401(k) plan establishment, ROBS transactions, and ongoing plan administration
  • Generate personalized financial assessments, projections, and planning tools
  • Verify your identity and eligibility
  • Process payments and manage your account
  • Communicate with you about your account, services, and compliance deadlines
  • Coordinate with service providers necessary to deliver our services, including, as applicable, recordkeepers, custodians, registered agents, valuation firms, fidelity bond providers, payment processors, and infrastructure providers
  • Comply with legal obligations, including ERISA recordkeeping requirements and tax reporting obligations
  • Detect, prevent, and respond to fraud, security incidents, or unauthorized activity
  • Improve the Platform and develop new features
  • Respond to legal process or government requests

3. How we share your information

We do not sell personal information or share it for cross-context behavioral advertising. We share personal information only as described below.

Service providers and partners: We share information with third parties who perform services on our behalf or are necessary to deliver our services, including plan recordkeepers and custodians, registered agents, valuation firms, fidelity bond providers, payment processors, identity verification services, cloud hosting and infrastructure providers, and professional advisors such as legal, audit, and compliance advisors. These parties are required to use your information only for authorized purposes.

Intelligent processing tools: The Platform may use intelligent processing tools to support compliance monitoring, document generation, operational workflow, or informational features. Where we use third-party providers for these tools, we seek to configure and contract for those services to support Platform functionality and limit provider use of client data, including restrictions on training general-purpose models where available or required.

With your direction or consent: We may share information with third parties you authorize, such as your CPA, attorney, financial advisor, custodian, or other service provider.

Legal and regulatory obligations: We may disclose information when required by law, regulation, legal process, or government request, or to protect the rights, safety, or property of TFC, our users, or the public.

Business transfers: If TFC is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of its assets, personal information may be transferred as part of that transaction.

4. Data retention

We retain personal information for as long as necessary to provide our services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

Examples include:

  • Client records and plan-related records may be retained for the service relationship plus at least six years where required for ERISA or tax records, or longer if required by law
  • Payment records may be retained for tax, accounting, audit, and dispute-resolution purposes
  • Platform usage data may be retained for security, analytics, troubleshooting, and product-improvement purposes

When personal information is no longer needed, we delete, de-identify, or otherwise dispose of it in accordance with applicable law and our internal retention practices.

If you request deletion of your information, we will process the request as required by applicable law, subject to identity verification and any legal, regulatory, security, or operational reason to retain the information.

5. Data security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption of data in transit and, where appropriate, at rest
  • Access controls limited to personnel and service providers with a legitimate business need
  • Security monitoring and periodic security reviews
  • Use of infrastructure and vendors with appropriate security controls

No system is completely secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

6. Cookies and tracking technologies

We use cookies and similar technologies to operate the Platform, maintain sessions, remember preferences, improve functionality, perform security monitoring, and understand usage patterns. We do not use cookies to sell personal information or for cross-context behavioral advertising.

You can manage cookies through your browser settings. Disabling certain cookies may affect Platform functionality. If we use advertising or analytics technologies that require consent under applicable law, we will provide appropriate notice and choice.

7. Your rights and choices

Applicable state privacy laws may grant you rights regarding your personal information. Where required by law, these may include the right to access, correct, or delete your personal information, to request it in a portable format, to opt out of certain processing activities, and to exercise these rights without discrimination. To exercise any rights available to you under applicable law, contact us at support@talcottforge.com. We will verify your identity before processing requests and respond within the timeframe required by applicable law.

8. Children's privacy

The Platform is not directed to individuals under 18. We do not knowingly collect personal information from minors. If we learn we have collected information from a minor, we will delete it as required by applicable law.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Platform, by email, or as otherwise required by law. The effective date at the top reflects the most recent revision.

10. Contact us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at legal@talcottforge.com.