Privacy Policy

Effective Date: February 9, 2026

Entity: Forest Software Ltd (trading as “Forest”)

At Forest, we recognize that the data you entrust to us—ranging from strategic roadmaps to granular financial forecasts—is your most sensitive asset. This policy outlines how we collect, use, and protect your information.

1. Roles and Responsibilities

  • Customer Data (The Platform): When you use our xP&A and EPM tools, you (the Customer) are the Data Controller of the information you upload. Forest is the Data Processor. We process this data only on your instructions.
  • Account & Marketing Data: Forest is the Data Controller for information provided during sign-up, billing, and through our website (e.g., cookies and contact forms).

2. Information We Collect

We collect information through three primary channels:

CategoryTypes of Data
Account InformationName, business email, job title, and company details.
Financial/BillingBilling address, VAT number, and payment processing details.
Usage & TechnicalIP addresses, browser type, and “in-app” activity logs to improve platform performance.
Third-Party IntegrationsData pulled from your ERP, CRM, or HRIS systems (e.g., NetSuite, Salesforce) via API.

3. How We Use Your Data

We process your information to:

  • Provide, maintain, and update the Forest platform.
  • Process transactions and send related information (invoices, confirmations).
  • Send technical notices, security alerts, and support messages.
  • Anonymize and aggregate data for industry benchmarking (only if explicitly opted-in).

4. Data Sharing and Disclosure

We do not sell your data. We only share information in the following circumstances:

  • Sub-processors: To cloud service providers (e.g., AWS or Azure UK regions) and essential tools (e.g., Stripe for billing).
  • Legal Compliance: If required by UK law or to protect the safety and integrity of our platform.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition.

5. Data Security

As an EPM provider, security is our baseline. We implement:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access Control: Role-based access control (RBAC) and Multi-Factor Authentication (MFA).
  • Data Residency: By default, data for UK customers is hosted on servers located within the United Kingdom.

6. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we fix inaccurate information.
  • Erasure: Request that we delete your personal data (subject to legal retention requirements).
  • Object/Restrict: Object to our processing of your data for marketing purposes.

7. International Transfers

While we prioritize UK-based hosting, some sub-processors (like CRM tools) may process data in the US. In such cases, we ensure standard contractual clauses (SCCs) or the UK Addendum are in place to guarantee a level of protection equivalent to the UK.

8. Changes to This Policy

We may update this policy to reflect changes in our practices or for legal reasons. We will notify you of any material changes via the platform or email.

9. Contact Us

If you have questions about this policy or our data practices, please contact us at:

Email: privacy@forest.tools

Address: Lodges Wood Oast, Goodley Stock Road, Westerham, TN16 1TW