ForgeRock Privacy Hub

Transparency, Trust, Responsibility

ForgeRock's Privacy Credo


Protecting your privacy is ForgeRock's top priority.

We believe it is critically important to be transparent with our practices and to protect the data privacy of our customers, their end users, and our guests.

Accordingly, we are committed to maintaining strong data protection for our customers, our products, and within our company.

We strive to earn your trust and validate our trustworthiness by adhering to the following principles:

  1. Design, implement, and maintain strong technical and organisational measures to process all personal data in a responsible and compliant manner.
  2. Secure and protect all personal data and make timely and actionable breach notifications to impacted parties.
  3. Build "privacy by design" into the development of our products and services.
  4. Engage suppliers, sub-processors, and sub-contractors who reflect our values.
  5. Satisfy all individual privacy rights requests in a timely manner.
Key Privacy Resources: Customers

ForgeRock Achieves ISO 27018 Certification




ForgeRock Identity Cloud Privacy




ForgeRock Autonomous Access Privacy


Customer Compliance with Schrems II


Privacy Law Compliance for Customers

Marketing Preferences

We believe that you should have full control over your personal data and how it is processed by ForgeRock.


How We Protect Your Data: Individuals

Privacy Policy

Learn more about how ForgeRock processes your personal data

Update Preferences & Unsubscribe

Update your preferences on how we contact you or unsubscribe

Access Your Personal Data

Request deletion of or access to your personal data

Individual Privacy Rights

ForgeRock is committed to complying with our international privacy law obligations and respecting your data subject rights.

Whenever we receive a request from you relating to your personal information, we engage our partner DataGrail to help us to take the necessary steps to locate and isolate your data.

DataGrail is integrated into all our key databases, so when we ask it to search for your personal information across our IT environment, we have certainty that all the bases are covered.

Once we have identified your personal information and its location, we take the requisite steps to fulfil your request (for example, deleting all records). We will then reach out to you to confirm we've taken action at your request.

It makes no difference whether we receive your request from you or from a partner of ours — the result is always the same.

We believe that your data privacy comes first.

Please let us know if you have any input or questions

Additional Privacy Documentation

Additional Privacy Documentation, such as Data Processing Addendums, Privacy Data Sheets, and Sub Processors & Affiliates.