Operator
Forge by Lorelle is operated by Lorelle Group as a workforce learning platform for organizations. Client organizations use the platform to manage users, learning programs, exams, assessments, certificates, and training records.
Privacy
Privacy Policy
A practical overview of how Forge by Lorelle handles organization, learner, training, and contact information.
Forge by Lorelle Privacy Policy
Effective date: June 23, 2026
Information we may collect
The platform may collect account details, organization details, role and access information, learner profile data, training assignments, course progress, exam and quiz results, practical assessment records, attendance records, certificate records, public inquiry details, partner application details, proposal workflow records, support requests, and related operational metadata.
How information may be used
Information is used to provide organization portals, deliver learning experiences, manage workforce records, administer exams and assessments, issue certificates, support reporting, maintain security, respond to inquiries, manage demo and quote workflows, review partner applications, and improve platform operations.
Training records and learner data
Training records and learner data may include enrollments, completion status, progress percentages, exam attempts, attendance, practical assessment outcomes, certificates, and related audit history. Access to these records is controlled by organization membership, assigned role, and platform authorization rules.
Organization account data
Organization account data may include organization names, departments, sites, client administrator accounts, instructor assignments, course configuration, reporting preferences, and related operational records.
Public inquiries and sales workflows
Contact, request-demo, and request-quote submissions are used to respond to platform inquiries and manage pre-tenant sales workflows. These submissions may include name, email, company or organization, message details, inquiry type, source path, referrer, campaign fields, duplicate-detection metadata, retention timestamps, assignment history, demo scheduling records, proposal records, and lead-to-client conversion references. Public forms do not automatically create organization accounts, memberships, licenses, entitlements, billing records, or course access.
Partner applications
Partner application submissions are used to review potential authorized training partners, training centers, content partners, implementation partners, resellers, or related pathways. Application submission does not create a partner organization, partner relationship, delivery authorization, marketplace entitlement, user account, membership, or partner portal access unless a separate protected review and onboarding workflow later approves it.
Marketing analytics
Forge by Lorelle uses first-party public marketing analytics to understand page views, CTA clicks, form starts, form submissions, demo requests, quote requests, partner application milestones, lead creation, and lead conversion. Public analytics use source, referrer, UTM, page, form, target, and aggregate event fields. Browser sessions use an ephemeral sessionStorage identifier that is hashed before storage. Analytics events are designed not to store names, email addresses, phone numbers, message text, raw IP addresses, raw user-agent strings, tokens, or secrets.
Cookies and analytics
Forge by Lorelle may use essential cookies for authentication, secure session handling, logout behavior, and platform functionality. The public marketing analytics foundation uses browser sessionStorage rather than third-party marketing cookies. If non-essential cookies, pixels, or third-party analytics are added later, they should be documented and configured with appropriate consent and disclosure.
Data security
The platform is designed with role-based access control, tenant isolation, audit logging, secure configuration, and restricted privileged access. No system can guarantee absolute security, but administrative and technical safeguards should be maintained throughout operation.
Data retention
Training, account, audit, lead, demo, quote, proposal, partner application, and analytics records should be retained according to client agreements, legal obligations, operational requirements, and documented retention policies. Public inquiry and partner application retention review timestamps exist, but deletion/export workflows and final retention schedules must be finalized before broad production launch.
Third-party services
The platform may rely on service providers for hosting, database services, authentication, file storage, email delivery, form verification, analytics, monitoring, and deployment. Current service categories include Vercel for web hosting/deployment, Supabase for database/authentication/storage, Resend for email delivery, and Cloudflare Turnstile for form verification. Provider lists and subprocessors should be reviewed and documented before production launch.
Public catalog and commercial boundaries
Public course and industry pages are marketing surfaces. Public catalog summaries, pricing language, quote requests, proposal workflows, partner applications, certificates, and training records do not create public purchase rights, course access, certification eligibility, partner authorization, or regulatory approval unless a separate signed agreement and protected platform workflow grant those rights.
Contact
For privacy questions, contact Lorelle Group through the public contact page or the company contact channel provided in your service agreement. Enterprise procurement, security review, DPA, accessibility, and data-rights routing should be finalized before broad public launch.