Privacy Policy

Effective Date: April 15, 2026 · Last Updated: April 15, 2026

1. Introduction

Fortis Enterprises LLC ("Fortis," "we," "us," or "our") operates the website located at fortis.enterprisesand the associated client portal (collectively, the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Site or use our services.

By accessing the Site you agree to this Privacy Policy. If you do not agree, please discontinue use of the Site.

2. Information We Collect

2.1 Information You Provide

  • Contact Form: first name, last name, email address, phone number, company name, number of employees, industry, description of your challenge, and how you heard about us.
  • M&A Checklist Form: full name, email address, company name, and approximate deal size.
  • Client Portal Registration:name, email address, and profile picture provided through your identity provider (Microsoft Entra ID, Google Workspace, or email magic link).

2.2 Information Collected Automatically

  • IP Address: we process your IP address transiently (in server memory only) to enforce rate limiting on form submissions. IP addresses are not persisted to any database or log file.
  • Session Cookies:when you sign in to the client portal, we set a session cookie (JSON Web Token) that expires after 8 hours. This cookie is essential for authentication and cannot be disabled.

2.3 Information We Do Not Collect

We do not use analytics tracking, advertising cookies, third-party pixels, or browser fingerprinting on the Site. We do not sell or share your data with data brokers.

3. How We Use Your Information

  • To respond to your inquiries and provide the services you request.
  • To create and manage leads in our customer-relationship management system.
  • To deliver requested downloads (e.g., IT due-diligence checklists).
  • To authenticate you and provide access to the client portal.
  • To protect the Site from abuse through rate limiting.
  • To comply with applicable legal obligations.

4. Third-Party Services

We share information with the following categories of service providers, solely for the purposes described above:

  • CRM (Salesforce): contact form and checklist form submissions are forwarded to Salesforce via their Web-to-Lead API to manage sales inquiries.
  • Email Delivery (Resend): your email address is shared with Resend solely to deliver magic-link authentication emails.
  • Identity Providers:if you authenticate via Microsoft Entra ID or Google, we receive your name, email, and profile image from those providers under their respective privacy policies.
  • Cloud Infrastructure (Microsoft Azure):the Site and database are hosted on Microsoft Azure. Data is stored in the United States (Central US region).

We do not sell, rent, or trade your personal information to any third party.

5. Data Retention

Contact form and checklist submissions are forwarded to Salesforce in real time and are not stored on our servers. Client portal account data is retained for the duration of the business relationship and deleted upon request. Session tokens expire automatically after 8 hours.

6. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, encrypted data at rest, rate-limited API endpoints, secure HTTP headers (HSTS, Content-Security-Policy, X-Frame-Options), and HMAC-signed download tokens. However, no electronic transmission or storage method is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal data.
  • Object to or restrict processing of your data.
  • Request a portable copy of your data.

To exercise any of these rights, contact us at policy@fortis.enterprises. We will respond within 30 days.

8. Children's Privacy

The Site is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the Site after any modifications constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

See also our Terms of Service.