Skip to main content
fremforge

Legal documents

The full set of fremforge legal and compliance documents. Each page below is rendered from a canonical markdown source kept in lockstep with the marketing site; if a rendered page ever disagrees with its source, the source governs.

Customer-facing agreements #

  • Terms of Service — the master agreement governing use of the fremforge product.
  • Privacy Notice — categories of data processed, lawful bases, retention, GDPR rights.
  • Data Processing Agreement — GDPR Art. 28 processor terms, sub-processor list, international-transfers posture, audit rights.
  • Acceptable Use Policy — lawful-use rules, prohibited content, DSA Art. 16 notice-and-action, enforcement actions.
  • Service Level Agreement — uptime targets, planned-maintenance windows, security-patch SLA, incident communication, service-credit calculation.
  • Cookie Policy — cookies, consent posture, analytics stance.

fremverk-as-Controller documents #

Pre-GA website notices #

The pre-GA website at www.frem.sh is governed by separate, narrower notices that cover only the marketing site and private-beta signup surfaces (not the product):

Once self-serve signup opens, the product Terms and Privacy Notice above supersede these website notices for product users.

  • Trust & compliance — overall security posture, sub-processors, and certifications.
  • Security — vulnerability disclosure and incident communication.
  • Status — current uptime and maintenance windows.

DPIA — Audit Monitoring

title: Data Protection Impact Assessment — audit-stream and authentication-monitoring processing controller: fremverk ApS, CVR 39150689 dpo_role: not designated under GDPR Art. 37 — role-equivalent privacy-contact mailbox is compliance@frem.sh (per ROPA + Product Privacy Notice §2 / §2 — DPO assessment) date: 2026-05-25 version: 1.2 status: in force related:

fremforge Acceptable Use Policy

title: fremforge Acceptable Use Policy author: fremverk date: 2026-05-25 status: Published v1.2 version: “1.2” lang: en # Last updated: 2026-05-25

fremforge Cookie Policy

title: fremforge Cookie Policy author: fremverk date: 2026-05-25 status: Published v1.1 version: “1.1” lang: en # Last updated: 2026-05-25

fremforge Data Processing Agreement

title: fremforge Data Processing Agreement author: fremverk date: 2026-05-25 status: Published v1.14 version: “1.15” lang: en # Last updated: 2026-05-25

fremforge Product Privacy Notice

title: fremforge Product Privacy Notice author: fremverk date: 2026-05-25 status: Published v1.10 version: “1.10” lang: en # Last updated: 2026-05-25

fremforge Service Level Agreement

title: fremforge Service Level Agreement author: fremverk date: 2026-05-25 status: Published v1.2 version: “1.2” lang: en # Last updated: 2026-05-25

fremforge Terms of Service

title: fremforge Terms of Service author: fremverk date: 2026-05-10 status: Published v1.1 version: “1.1” lang: en # Last updated: 2026-05-10

fremverk Controller-side Incident Response

title: Controller-side incident response runbook audience: fremverk on-call + compliance officer (privacy contact per ROPA + privacy-product.md §2; no Art. 37 DPO designation) classification: internal — share under NDA only version: 1.0 date: 2026-05-06 owner: shj@fremverk.com (CTO + Compliance Officer / DPO-equivalent — fremverk is not required to designate a DPO under GDPR Art. 37; see privacy-product.md §2) related:

fremverk Record of Processing Activities (ROPA)

title: Records of Processing Activities (Article 30 GDPR) date: 2026-05-14 status: Active. Reviewed quarterly; updated on every sub-processor change, every new processing activity, and every significant change to legal basis or retention. controller: fremverk ApS, CVR 39150689, Ringager 4C, 2. tv, 2605 Brøndby, Denmark contact: compliance@frem.sh dpo: not appointed (fremverk does not meet the Art. 37(1) mandatory-DPO criteria — not a public authority, core activities are Git hosting + CI infrastructure not large-scale systematic monitoring of data subjects, and Customer Personal Data does not include Art. 9 special-category or Art. 10 criminal-conviction data on a large scale). Assessment dated 2026-05-10, re-evaluated annually with the next §A.9 DR-drill review window (or sooner on material change to processing scope). compliance@frem.sh handles DSARs and supervisory-authority correspondence. # Records of Processing Activities # This document is the controller’s Article 30 record for the fremforge product. It reflects the current state of processing as of the date above and is reviewed at every sub-processor change, every privacy-impacting feature release, and at minimum quarterly.