Acceptable Use Policy

Effective Date: June 16, 2026 Version: v1.1 Issued by: ForVera Media LLC, doing business as ForVera Studio

This Acceptable Use Policy ("Policy") governs the use of ForVera Media LLC, doing business as ForVera Studio ("ForVera"), platforms, services, systems, and infrastructure by ForVera clients and all Authorized Users. This Policy is incorporated by reference into the applicable Service Agreement and Client Portal Terms of Use and applies to Client and all persons accessing ForVera platforms or services on Client's behalf, including its owners, employees, contractors, agents, and Authorized Users (collectively, "Client").

Violation of this Policy may result in immediate suspension or termination of access to ForVera platforms and services.

1. Permitted Use

Client may use ForVera's platforms and services solely:

• For lawful business purposes consistent with the applicable Service Agreement
• In accordance with all applicable federal, state, and local laws and regulations
• In a manner that does not interfere with or disrupt ForVera's systems, infrastructure, or other clients
• Through Authorized Users who have been designated by Client and who are subject to Client's supervision and responsibility

2. Prohibited Conduct

Client and all Authorized Users are strictly prohibited from using ForVera's platforms, services, or infrastructure to:

2.1 Illegal Activity

• Violate any applicable federal, state, local, or international law or regulation
• Engage in fraud, deception, identity theft, or impersonation
• Transmit, store, or process content that is unlawful, defamatory, obscene, or in violation of third-party rights
• Facilitate or promote illegal gambling, controlled substances, or other regulated activities without required licenses and compliance

2.2 Harmful or Malicious Activity

• Upload, transmit, or introduce malware, viruses, ransomware, spyware, or any malicious code
• Attempt to gain unauthorized access to ForVera systems, other client accounts, or any third-party system
• Conduct denial-of-service attacks, port scanning, network probing, or any activity that disrupts or degrades ForVera infrastructure
• Exploit security vulnerabilities in ForVera platforms or any connected system
• Engage in phishing, spoofing, or social engineering targeting ForVera personnel, other clients, or third parties

2.3 Intellectual Property Violations

• Upload, transmit, or publish content that infringes any third-party copyright, trademark, patent, or other intellectual property right
• Use ForVera's proprietary platforms, code, frameworks, or systems in any manner not expressly authorized under the applicable Service Agreement
• Reverse engineer, decompile, disassemble, or attempt to derive the source code of any ForVera platform or system
• Remove, alter, or obscure any proprietary notices, labels, or markings on ForVera platforms or Deliverables

2.4 Privacy and Data Violations

• Collect, store, or transmit personal information through ForVera platforms in violation of applicable privacy law
• Upload personal information of minors without appropriate legal authorization
• Process sensitive personal data categories — including health information, financial account data, government identification numbers, or biometric data — without ForVera's prior written consent and appropriate safeguards in place
• Use ForVera platforms to send unsolicited commercial email, spam, or bulk communications in violation of applicable law

2.5 Platform Integrity

• Share login credentials with unauthorized individuals or allow unauthorized persons to access ForVera platforms using Client's credentials
• Attempt to access areas of ForVera platforms not expressly made available to Client
• Circumvent, disable, or interfere with security features, access controls, or authentication mechanisms
• Use automated tools, bots, scrapers, or scripts to access or interact with ForVera platforms without ForVera's prior written consent
• Misrepresent Client's identity, authority, or relationship with ForVera

2.6 Harmful Content

• Publish, transmit, or store content that is threatening, harassing, abusive, or discriminatory
• Use ForVera's infrastructure to host or distribute content that exploits or harms minors in any way
• Publish content that constitutes defamation, invasion of privacy, or unlawful discrimination

3. Client Responsibility for Authorized Users

Client is responsible for:

• All activity occurring under Client's account and credentials, whether or not Client authorized the specific activity
• Ensuring all Authorized Users are aware of and comply with this Policy
• Promptly revoking access for any Authorized User who is no longer employed by or associated with Client, or who has violated this Policy
• Notifying ForVera immediately at legal@forvera.net if Client becomes aware of any unauthorized access or suspected violation of this Policy

Client's obligation to notify ForVera of unauthorized access does not limit ForVera's right to take immediate protective action, including suspending access, without prior notice where delay would increase risk to ForVera systems or other clients.

4. Content Standards

All content uploaded to, published through, or transmitted via ForVera platforms must:

• Be accurate and not misleading
• Comply with all applicable laws and regulations
• Respect the intellectual property rights of third parties
• Not contain malicious code or security threats
• Be appropriate for the intended business purpose

ForVera reserves the right to remove content that violates this Policy without prior notice. Removal of content does not waive ForVera's right to suspend or terminate access for the underlying violation.

5. Reporting Violations

Client should report suspected violations of this Policy, security incidents, or abusive activity to ForVera promptly at:

Email: legal@forvera.net | Phone: 515-442-0073

ForVera will investigate reported violations and take appropriate action. ForVera is not obligated to disclose the outcome of any investigation.

6. Enforcement

6.1 Suspension

ForVera may suspend Client's access to any or all ForVera platforms immediately and without prior notice if ForVera reasonably believes Client or any Authorized User has violated this Policy, where the violation poses a risk to ForVera's systems, infrastructure, other clients, or third parties.

Where the violation does not pose an immediate risk, ForVera will provide written notice and a reasonable opportunity to cure before suspending access.

6.2 Termination

Repeated violations, willful misconduct, or violations that cause material harm to ForVera or third parties may result in termination of the applicable Service Agreement in accordance with the termination provisions thereof.

6.3 Legal Action

ForVera reserves the right to pursue all available legal remedies for violations of this Policy, including injunctive relief, damages, and referral to law enforcement where appropriate.

7. Changes to This Policy

ForVera may update this Policy from time to time to reflect changes in applicable law, platform capabilities, or operational requirements. ForVera will provide notice of material changes through the Client Portal or by email to the address on file. Continued use of ForVera platforms after the effective date of a revised policy constitutes acceptance of the revised terms.

8. Contact

For questions or concerns regarding this Policy, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Terms & Conditions
• Service Agreement
• Client Portal Terms of Use
• Confidentiality Policy
• Privacy Policy
• Security Overview

See Also

• Billing & Payment Policy
• Cancellation & Termination Policy
• Data Processing Addendum
• Credential Vault Acceptable Use

Accessibility Statement

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

ForVera Media LLC, doing business as ForVera Studio ("ForVera"), is committed to building digital experiences that are accessible, usable, and inclusive. This Accessibility Statement describes ForVera's approach to accessibility across its own platforms and in the work ForVera delivers to clients.

1. ForVera's Accessibility Approach

ForVera uses the Web Content Accessibility Guidelines ("WCAG") 2.2 Level AA as its reference standard when designing, developing, and evaluating digital experiences. WCAG 2.2 AA represents the current recognized benchmark for web accessibility and addresses barriers related to visual, auditory, motor, and cognitive impairments.

ForVera's accessibility practices include:

• Using semantic HTML to support assistive technology compatibility
• Maintaining sufficient color contrast ratios for text and interactive elements
• Providing text alternatives for non-text content where applicable
• Designing keyboard-navigable interfaces
• Avoiding content that is known to cause seizures or physical discomfort
• Testing interfaces against common accessibility criteria during development

2. Scope of This Statement

2.1 ForVera's Own Platforms

ForVera applies its accessibility practices to its own operated platforms, including the Client Portal at clients.forvera.net and the Team Portal at team.forvera.net. ForVera works to identify and address accessibility barriers on these platforms on an ongoing basis.

2.2 Client Deliverables

ForVera applies accessibility-informed practices when building websites, web applications, and digital platforms for clients. The level of accessibility implementation for a specific client engagement depends on the scope, budget, and requirements stated in the applicable Statement of Work.

Accessibility requirements beyond ForVera's standard development practices — including formal WCAG 2.2 AA audits, remediation of existing platforms, assistive technology testing, or legal compliance assessments — must be scoped and agreed upon in writing in the applicable Statement of Work as a separate workstream.

3. No Warranty of Full Compliance

ForVera does not warrant that its platforms or client Deliverables achieve full WCAG 2.2 AA conformance or compliance with the Americans with Disabilities Act ("ADA"), Section 508 of the Rehabilitation Act, or any other applicable accessibility law or regulation.

Digital accessibility is an ongoing practice, not a one-time certification. ForVera's accessibility efforts are genuine and continuous, but ForVera cannot guarantee that every element of every platform or Deliverable meets every WCAG 2.2 AA success criterion at all times.

Clients requiring formal accessibility compliance documentation, legal certification, or guaranteed conformance must engage ForVera for a scoped accessibility audit under a separate Statement of Work or engage a specialized accessibility testing firm.

4. Third-Party Content and Integrations

ForVera's platforms and client Deliverables may incorporate third-party components, plugins, embeds, and integrations. ForVera does not control the accessibility of third-party content and is not responsible for accessibility barriers introduced by third-party components. ForVera will use commercially reasonable efforts to select third-party components that support accessibility best practices.

5. Known Limitations

ForVera acknowledges that no digital platform is perfectly accessible to all users in all contexts. Where ForVera becomes aware of specific accessibility barriers on its own platforms, ForVera will work to address them in a commercially reasonable timeframe.

Clients who identify accessibility barriers in ForVera-delivered Deliverables should report them through the support process described in the Service Level / Support Policy (Service Level / Support Policy). ForVera will evaluate reported barriers and address them within the scope of the applicable engagement.

6. Feedback and Accessibility Requests

ForVera welcomes feedback on the accessibility of its platforms and Deliverables. If you encounter an accessibility barrier on a ForVera platform or in a ForVera Deliverable, please contact ForVera at:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Please include:

• A description of the accessibility barrier encountered
• The platform or page where the barrier was encountered
• The assistive technology or browser being used, if applicable
• Your contact information for follow-up

ForVera will acknowledge accessibility feedback within five (5) business days and will provide a response regarding next steps within a commercially reasonable time.

7. Changes to This Statement

ForVera will update this Accessibility Statement as its practices evolve and as accessibility standards are updated. The Effective Date at the top of this Statement will reflect the date of the most recent update.

Related Documents

• Terms & Conditions
• Service Level / Support Policy
• Service Agreement

See Also

• Privacy Policy
• AI & Automation Use Notice
• Security Overview

AI & Automation Use Notice

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

ForVera Media LLC, doing business as ForVera Studio ("ForVera"), uses artificial intelligence and automation tools as part of its service delivery operations. This AI & Automation Use Notice ("Notice") discloses how ForVera uses these tools, what limitations apply, and what responsibilities Client ("Client") retains with respect to AI-assisted work product.

This Notice is incorporated by reference into the applicable Service Agreement.

1. ForVera's Use of AI and Automation

ForVera may use artificial intelligence and automated tools to assist with the following activities in connection with delivering Services:

• Research, analysis, and information gathering
• Content drafting, editing, and refinement
• Code generation, review, and optimization
• Design ideation and visual concept development
• Quality assurance and testing support
• Documentation and specification drafting
• Data processing and classification
• Platform monitoring and automated alerting
• Internal workflows and operational efficiency
• Communication drafting and summarization

AI tools used by ForVera may be provided by third-party vendors. ForVera selects AI tools that meet commercially reasonable standards for data handling and security. Use of AI tools by ForVera does not reduce ForVera's responsibility for the quality and accuracy of Deliverables delivered to Client.

2. AI-Assisted Deliverables

Where ForVera uses AI tools to assist in producing Deliverables, the following apply:

2.1 Human Review

ForVera applies human review and professional judgment to AI-assisted work product before delivering it to Client. ForVera does not deliver raw, unreviewed AI output as a Deliverable.

2.2 Client Review Responsibility

Client is responsible for reviewing and approving all Deliverables before use, publication, or reliance, regardless of whether AI tools were used in their production. Client's approval of a Deliverable constitutes Client's acceptance of that Deliverable for its intended purpose.

2.3 Accuracy and Completeness

AI tools may produce output that contains errors, inaccuracies, outdated information, or content that does not meet Client's requirements. ForVera works to identify and correct such issues during its review process but does not warrant that AI-assisted Deliverables are free from error.

2.4 Intellectual Property Uncertainty

The copyright status, ownership, and enforceability of AI-assisted work product is subject to ongoing legal development and uncertainty under United States and international law. ForVera makes no warranty that AI-assisted output is free from third-party intellectual property claims. Client assumes responsibility for the legal clearance of AI-assisted Deliverables upon acceptance and is encouraged to seek legal counsel where IP clearance is material to Client's intended use.

3. Client Data and AI Tools

3.1 Data Minimization

ForVera does not input Client's Confidential Information, Client Personal Data, or sensitive business data into third-party AI tools without Client's prior written consent, except where the applicable Statement of Work expressly contemplates such use.

3.2 Anonymization

Where ForVera uses client context to inform AI-assisted work, ForVera uses commercially reasonable efforts to anonymize or generalize the input to avoid exposing Client's identifiable information to third-party AI systems.

3.3 Third-Party AI Data Practices

Third-party AI tools used by ForVera are governed by those vendors' own terms of service and privacy policies. ForVera selects AI vendors that meet commercially reasonable data protection standards. ForVera is not responsible for third-party AI vendors' independent data practices beyond ForVera's own vendor selection and configuration obligations.

4. Automation in Platform Operations

ForVera uses automation in operating and maintaining its platforms and Client-hosted services, including:

• Automated monitoring and alerting for platform uptime and performance
• Automated backup and recovery processes
• Automated invoice generation and payment processing workflows
• Automated security scanning and threat detection
• Automated deployment and configuration management

These automated processes are operational tools and do not constitute AI-assisted Deliverables. They are described in the Security Overview (Security Overview) and applicable service documentation.

5. No Guarantee of AI Availability

ForVera does not guarantee the continued availability of any specific AI tool or automation platform. AI tools and third-party services may be modified, discontinued, or replaced at any time. ForVera will use commercially reasonable efforts to maintain service quality if an AI tool becomes unavailable.

6. Client's Right to Request Disclosure

Client may request that ForVera disclose whether a specific Deliverable involved AI-assisted production by submitting a written request to legal@forvera.net. ForVera will respond to such requests within five (5) business days where the information is reasonably available.

7. Changes to This Notice

ForVera will update this Notice as its use of AI and automation tools evolves. The Effective Date at the top of this Notice will reflect the date of the most recent update. Material changes will be communicated through the Client Portal or by email to the address on file.

8. Contact

For questions about ForVera's use of AI and automation tools, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Terms & Conditions
• Service Agreement
• Privacy Policy
• Confidentiality Policy
• Security Overview

See Also

• Acceptable Use Policy
• Data Processing Addendum
• Subprocessor / Third-Party Services Policy
• Accessibility Statement

Cookie & Tracking Policy

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

This Cookie & Tracking Policy ("Policy") explains how ForVera Media LLC, doing business as ForVera Studio ("ForVera"), uses cookies and similar tracking technologies on its websites, the Client Portal at clients.forvera.net, and the Team Portal at team.forvera.net.

ForVera operates in the United States and its platforms are intended for business use by clients and contractors. ForVera does not serve third-party advertising and does not engage in cross-site behavioral tracking for commercial purposes.

1. What Are Cookies

Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites function correctly, remember user preferences, and provide usage information to site operators.

Similar technologies include session tokens, local storage objects, and server-side logs that serve comparable functions. References to "cookies" in this Policy include all such technologies unless stated otherwise.

2. How ForVera Uses Cookies

ForVera uses cookies and similar technologies for the following purposes only:

2.1 Authentication and Session Management

ForVera uses session cookies to authenticate users and maintain login sessions across the Client Portal and Team Portal. These cookies are essential to the operation of ForVera's platforms and cannot be disabled without preventing access to authenticated areas.

Session cookies expire when you close your browser or after a defined period of inactivity. ForVera does not use persistent login cookies that store credentials on your device.

2.2 Security

ForVera uses cookies and tokens to support platform security functions, including CSRF protection, login throttling, and detection of suspicious session activity. These cookies are essential and cannot be disabled.

2.3 Platform Analytics

ForVera uses a self-hosted analytics platform to collect aggregated, anonymized data about how its websites and portals are used. This data is used solely to improve ForVera's platforms and services.

ForVera's analytics platform:

• Is hosted on ForVera's own infrastructure
• Does not share data with third-party advertising networks
• Does not build behavioral profiles for commercial purposes
• Collects page views, session duration, referrer URLs, and general device and browser information
• Does not track users across third-party websites

2.4 Functional Preferences

ForVera may use cookies to remember user interface preferences, such as theme settings, within the Client Portal and Team Portal. These cookies improve usability but are not essential to platform function.

3. What ForVera Does Not Do

ForVera does not:

• Use third-party advertising cookies or tracking pixels
• Share cookie data with advertisers or data brokers
• Track users across third-party websites for commercial purposes
• Use cookies to build individual behavioral profiles for sale or commercial exploitation
• Deploy tracking technologies not described in this Policy without updating this Policy first

4. Third-Party Services

ForVera's platforms may load resources from or integrate with third-party services that set their own cookies or collect usage data. These may include:

• Payment processors — for secure payment form functionality
• Content delivery networks — for performance optimization of static assets
• Uptime and monitoring services — for infrastructure health monitoring

ForVera does not control third-party cookies set by these services. Third-party services are governed by their own privacy and cookie policies. ForVera selects third-party services that meet commercially reasonable data protection standards.

5. Your Choices

5.1 Browser Controls

You can control cookies through your browser settings. Most browsers allow you to view, block, or delete cookies. Blocking essential cookies will prevent access to authenticated areas of ForVera's platforms.

5.2 Analytics Opt-Out

ForVera's self-hosted analytics platform respects browser-level Do Not Track signals where technically supported. ForVera does not use third-party analytics services that require separate opt-out mechanisms.

5.3 No Cookie Consent Banner

Because ForVera's platforms are business-to-business services operated in the United States, and ForVera does not use advertising or cross-site tracking cookies, ForVera does not display cookie consent banners. Essential and security cookies are required for platform access.

6. Data Retention

Authentication and session cookies expire at the end of each session or after the inactivity period defined in ForVera's session configuration. Analytics data is retained in aggregated form in accordance with ForVera's data retention practices. No personal information is stored in ForVera's analytics cookies.

7. Changes to This Policy

ForVera may update this Policy when it introduces new technologies or changes its tracking practices. ForVera will update the Effective Date at the top of this Policy when changes are made. Material changes will be communicated through the Client Portal or by email to the address on file.

8. Contact

For questions about this Policy or ForVera's use of cookies and tracking technologies, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Privacy Policy
• Security Overview

See Also

• Terms & Conditions
• Client Portal Terms of Use
• Data Retention & Deletion Policy

Privacy Policy

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

ForVera Media LLC, doing business as ForVera Studio ("ForVera"), is committed to handling personal information responsibly and transparently. This Privacy Policy explains what information ForVera collects, how ForVera uses and protects it, and what rights individuals have with respect to their information.

This policy applies to information collected through ForVera's websites, the Client Portal at clients.forvera.net, the Team Portal at team.forvera.net, and in connection with Services provided under a ForVera Service Agreement. It does not apply to third-party websites, platforms, or services that ForVera may link to or integrate with.

ForVera operates in the United States. All data collected by ForVera is stored and processed in the United States.

1. Information ForVera Collects

1.1 Information You Provide

ForVera collects information that you or your organization provide directly, including:

• Account information — name, business name, email address, phone number, billing address, and login credentials when you create a Client Portal or Team Portal account
• Project information — content, files, assets, instructions, feedback, and other materials you provide in connection with Services
• Payment information — billing details submitted through ForVera's payment processor; ForVera does not store full payment card numbers
• Communications — messages, support requests, emails, and other correspondence you send to ForVera
• Authorization information — names and contact details of Authorized Representatives and Authorized Users you designate

1.2 Information Collected Automatically

When you access ForVera's websites or portals, ForVera and its service providers may collect certain information automatically, including:

• IP address and general geographic location
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and referring URLs
• Session identifiers and authentication tokens
• Error logs and platform activity

This information is collected through server logs, cookies, and similar technologies. See the ForVera Cookie & Tracking Policy (Cookie & Tracking Policy) for details.

1.3 Information from Third Parties

ForVera may receive information about you from third-party sources in connection with delivering Services, including:

• Domain registrars and DNS providers
• Payment processors
• Email delivery providers
• Uptime and infrastructure monitoring services
• Analytics platforms

ForVera uses this information only as necessary to deliver and support the Services.

1.4 Client Data

In delivering Services, ForVera may process personal information contained in Client Materials — data belonging to your customers, employees, or end users that you provide to ForVera. ForVera processes this data on your behalf as a service provider. Your obligations with respect to this data are governed by the applicable Service Agreement and, where applicable, the Data Processing Addendum (Data Processing Addendum).

2. How ForVera Uses Information

ForVera uses the information it collects to:

• Create and manage Client Portal and Team Portal accounts
• Deliver, administer, and support the Services
• Process payments and issue invoices
• Communicate about projects, support requests, and account matters
• Send service notices, security alerts, and policy updates
• Monitor platform performance, uptime, and security
• Investigate and respond to security incidents
• Comply with applicable legal obligations
• Enforce ForVera's agreements and policies
• Improve ForVera's platforms, services, and operations

ForVera does not sell personal information. ForVera does not use personal information to serve third-party advertising.

3. How ForVera Shares Information

3.1 Service Providers

ForVera shares information with third-party service providers that assist in delivering the Services, including:

• Hosting and infrastructure providers
• Payment processors
• Email delivery services
• Uptime and monitoring services
• Analytics providers
• Domain and DNS management services

ForVera's current subprocessors and third-party service providers are described in the Subprocessor Policy (Subprocessor / Third-Party Services Policy). Service providers are authorized to use information only as necessary to perform services for ForVera.

3.2 Legal Requirements

ForVera may disclose information when required by applicable law, regulation, legal process, or governmental request, or when ForVera believes disclosure is necessary to protect the rights, property, or safety of ForVera, its clients, or others.

3.3 Business Transfers

If ForVera is involved in a merger, acquisition, asset sale, or similar transaction, information held by ForVera may be transferred as part of that transaction. ForVera will provide notice before information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

ForVera may share information in other circumstances with your prior written consent.

3.5 What ForVera Does Not Do

ForVera does not:

• Sell personal information to third parties
• Share personal information with advertisers
• Use Client data for ForVera's own marketing purposes
• Allow service providers to use Client data for their own independent purposes

4. Cookies and Tracking

ForVera uses cookies and similar tracking technologies on its websites and portals for authentication, session management, security, and platform analytics. ForVera does not use third-party advertising cookies.

Full details are provided in the ForVera Cookie & Tracking Policy (Cookie & Tracking Policy).

5. Data Retention

ForVera retains personal information for as long as necessary to deliver the Services, maintain accounts, comply with legal obligations, resolve disputes, and enforce agreements.

Upon termination of Hosting Services, ForVera makes Client website files available for retrieval for 60 days following the effective date of termination, after which files are deleted from ForVera's active systems.

Detailed retention periods and deletion procedures are described in the ForVera Data Retention & Deletion Policy (Data Retention & Deletion Policy).

6. Data Security

ForVera implements commercially reasonable technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission, access controls, authentication requirements, and infrastructure monitoring.

No security measure is guaranteed to be impenetrable. ForVera does not warrant that personal information will never be subject to unauthorized access. In the event of a security incident affecting your information, ForVera will notify you in accordance with applicable law and the applicable Service Agreement.

ForVera's security practices are described in the Security Overview (Security Overview).

7. Your Rights and Choices

7.1 Access and Correction

You may access and update your account information at any time through the Client Portal. For corrections to information ForVera holds outside the portal, contact ForVera at legal@forvera.net.

7.2 Deletion Requests

You may request deletion of your personal information by contacting ForVera at legal@forvera.net. ForVera will honor deletion requests subject to applicable legal retention obligations, ongoing contractual relationships, and legitimate business needs.

7.3 California Residents

ForVera's operations do not currently meet the thresholds that trigger obligations under the California Consumer Privacy Act ("CCPA"). California residents may nonetheless contact ForVera at legal@forvera.net with privacy inquiries and ForVera will respond in good faith.

7.4 Do Not Track

ForVera's websites and portals do not respond to browser Do Not Track signals. ForVera does not engage in cross-site tracking for advertising purposes.

8. Children's Privacy

ForVera's websites, portals, and Services are not directed to individuals under the age of 18. ForVera does not knowingly collect personal information from minors. If ForVera becomes aware that it has collected personal information from a minor, ForVera will delete that information promptly.

9. Third-Party Links and Integrations

ForVera's websites and portals may contain links to third-party websites or integrate with third-party platforms and services. This Privacy Policy does not apply to third-party websites or services. ForVera is not responsible for the privacy practices of third parties. You should review the privacy policies of any third-party service you use.

10. Changes to This Policy

ForVera may update this Privacy Policy from time to time. When ForVera makes material changes, ForVera will update the Effective Date at the top of this policy and, where appropriate, provide notice through the Client Portal or by email to the address on file. Continued use of the Services after the effective date of a revised policy constitutes acceptance of the revised terms.

Prior versions of this policy are available upon written request to legal@forvera.net.

11. Contact

For questions, concerns, or requests regarding this Privacy Policy or ForVera's handling of personal information, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Terms & Conditions
• Service Agreement
• Cookie & Tracking Policy
• Data Processing Addendum
• Data Retention & Deletion Policy
• Subprocessor / Third-Party Services Policy
• Security Overview

See Also

• Acceptable Use Policy
• Client Portal Terms of Use
• Confidentiality Policy

Security Overview

Effective Date: June 16, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

This Security Overview describes the technical and organizational measures ForVera Media LLC, doing business as ForVera Studio ("ForVera"), maintains to protect the security of its platforms, infrastructure, and client data. This document is provided for transparency and is incorporated by reference into the applicable Service Agreement and Data Processing Addendum.

ForVera's security practices are maintained on an ongoing basis and updated as technology, threats, and operational requirements evolve. This Overview reflects ForVera's current practices as of the Effective Date above.

1. Infrastructure Security

1.1 Hosting and Data Center

ForVera hosts its platform infrastructure — including the Command Center, Client Portal, and Team Portal — on enterprise- grade virtual private server infrastructure provided by Hetzner, a European cloud provider operating ISO 27001-certified data centers. Infrastructure is hosted in the United States.

ForVera's production server (forvera-core-01) operates on Ubuntu 24.04 LTS with current security patches applied on a commercially reasonable schedule.

1.2 Network Security

• All inbound and outbound traffic is governed by firewall rules configured at the infrastructure provider level
• Unnecessary ports and services are disabled on all production systems
• SSH access to production servers requires key-based authentication — password-based SSH is disabled
• Web traffic is served exclusively over HTTPS with TLS encryption enforced on all routes

1.3 Uptime Monitoring

ForVera's production infrastructure is monitored continuously by an external uptime monitoring service. Automated alerts notify ForVera personnel of platform outages, performance degradation, and certificate expiration. ForVera's target response time for critical infrastructure alerts is one hour.

2. Application Security

2.1 Secure Development Practices

ForVera's platforms are built on a custom PHP 8.3 MVC architecture with security enforced at every layer:

• All database queries use PDO prepared statements — no string-interpolated SQL
• All user-supplied input is validated and sanitized before processing
• All output rendered to HTML is escaped to prevent cross-site scripting
• CSRF protection is applied to every state-changing request across all platform surfaces
• HTTPS is enforced on all routes with HSTS headers set in production
• Session cookies are set with HttpOnly and Secure flags in all production environments
• Error responses never expose stack traces, SQL queries, or internal system paths in production

2.2 Authentication and Access Control

• All ForVera platform accounts require strong passwords meeting ForVera's internal password requirements
• Multi-factor authentication is required for all ForVera staff accounts and is available for Client Portal accounts
• Login attempts are rate-limited — accounts are temporarily locked after five consecutive failed attempts
• Role-based access control governs all platform functions — users can only access the modules and data their role explicitly permits
• All sensitive actions are logged to an append-only platform audit trail

2.3 Tenant Isolation

Each client's data is logically isolated within ForVera's platform. Client data is scoped by client identifier at the repository layer — isolation is enforced in code, not only by convention. ForVera does not use client operational data for any purpose other than delivering the Services.

3. Data Security

3.1 Encryption in Transit

All data transmitted between ForVera's platforms and end users is encrypted using TLS. Unencrypted HTTP connections are rejected and redirected to HTTPS. ForVera maintains valid SSL certificates on all production domains with automated expiration monitoring.

3.2 Encryption at Rest

Sensitive data — including client credentials, API keys, and authentication tokens — is encrypted at the storage layer using AES-256 encryption or equivalent. ForVera's Credential Vault encrypts all stored credentials. Encryption keys are stored separately from encrypted data and are managed under ForVera's credential management practices.

3.3 Credential Security

Client credentials provided to ForVera for use in delivering Services are stored exclusively in ForVera's encrypted Credential Vault. Credentials are never stored in plaintext, email, chat, or unencrypted files. Access to client credentials is limited to ForVera personnel actively working on the applicable client engagement.

3.4 Data Separation

ForVera does not share client data between clients, use client data for ForVera's own marketing or product development, or provide client data to third parties except authorized subprocessors engaged to deliver the Services.

4. Access Control and Personnel Security

4.1 Least Privilege

All ForVera personnel — including staff and contractors — are granted access only to the systems, data, and functions necessary to perform their assigned responsibilities. Access is reviewed when personnel change roles and revoked promptly upon offboarding.

4.2 Confidentiality Obligations

All ForVera staff and contractors are subject to written confidentiality and non-disclosure agreements covering client data, platform architecture, and business information. Confidentiality obligations survive termination of engagement.

4.3 Offboarding

Upon termination of any staff or contractor engagement, all ForVera system access is revoked within four hours of the effective termination time. Credentials accessed by departing personnel are rotated within one business day.

5. Subprocessors and Third-Party Services

ForVera uses a limited set of third-party subprocessors to deliver its Services, including hosting infrastructure, transactional email, payment processing, domain management, and uptime monitoring. ForVera's subprocessors are described in the Subprocessor / Third-Party Services Policy (Subprocessor / Third-Party Services Policy).

ForVera selects subprocessors that implement commercially reasonable security controls and enters into written agreements with material subprocessors imposing data protection obligations consistent with ForVera's obligations to clients.

6. Vulnerability Management and Disclosure

6.1 Internal Review

ForVera conducts periodic internal security reviews of its platforms, including review of authentication controls, access permissions, dependency versions, and application security configurations.

6.2 Responsible Disclosure

ForVera operates an active responsible disclosure program. If you have identified a potential security vulnerability in any ForVera platform surface, contact ForVera directly before public disclosure:

Email: legal@forvera.net

ForVera commits to:

• Acknowledging credible vulnerability reports promptly
• Investigating all submissions in good faith
• Keeping reporters informed of remediation progress
• Not pursuing legal action against researchers who follow responsible disclosure practices

6.3 Incident Response

In the event of a confirmed security incident affecting client data, ForVera will notify affected clients without undue delay in accordance with the applicable Data Processing Addendum and applicable law. ForVera maintains documented incident response procedures covering identification, containment, eradication, recovery, and post-incident review.

7. Business Continuity

ForVera maintains infrastructure backups for platform reliability and disaster recovery. Backups are automated and retained in accordance with ForVera's operational practices. In the event of a significant infrastructure failure, ForVera will work to restore platform availability as quickly as commercially practicable and will notify affected clients of material outages.

8. Image and Asset Standards

Digital assets processed through ForVera's platforms follow ForVera's internal image handling and processing standards. All text requirements and formatting conventions are documented internally. Client websites managed by ForVera meet baseline accessibility and performance requirements and are optimized for delivery across device types.

9. Compliance Posture

ForVera operates in alignment with the following principles and frameworks, though it does not hold formal third-party certifications at this time:

• SOC 2 Aligned — ForVera's security controls are designed and operated in alignment with SOC 2 Trust Service Criteria covering security, availability, and confidentiality
• WCAG 2.2 AA Informed — ForVera's development practices are informed by WCAG 2.2 Level AA accessibility guidelines
• Platform-Wide MFA — Multi-factor authentication is enforced across all ForVera platform surfaces for staff and available to all portal users
• TLS Encrypted — All data in transit is encrypted using current TLS standards
• Encrypted at Rest — Sensitive data including credentials and keys is encrypted at the storage layer

10. Contact

To report a security vulnerability, request additional security information, or raise a security concern:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Terms & Conditions
• Privacy Policy
• Data Processing Addendum
• Subprocessor / Third-Party Services Policy
• Data Retention & Deletion Policy
• Acceptable Use Policy

See Also

• Confidentiality Policy
• Cookie & Tracking Policy
• AI & Automation Use Notice
• Accessibility Statement

Subprocessor / Third-Party Services Policy

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

This Subprocessor / Third-Party Services Policy ("Policy") identifies the categories of third-party subprocessors and service providers that ForVera Media LLC, doing business as ForVera Studio ("ForVera"), engages to deliver Services to Client ("Client"), and describes the process by which ForVera notifies clients of material changes to its subprocessor list.

This Policy is incorporated by reference into the Data Processing Addendum (Data Processing Addendum) and the applicable Service Agreement.

1. What Is a Subprocessor

A Subprocessor is a third-party service provider that ForVera engages to process Client Personal Data on ForVera's behalf in connection with the Services. Not all third-party vendors ForVera uses are Subprocessors — only those that access, store, or otherwise process Client Personal Data in the course of providing services to ForVera.

2. Subprocessor Categories

ForVera currently engages Subprocessors in the following categories:

2.1 Hosting and Infrastructure

ForVera uses cloud infrastructure and virtual private server providers to host Client websites, the Client Portal, the Team Portal, and ForVera's internal systems. Client website files, database content, and platform data are stored on this infrastructure.

Location: United States and European Union Data processed: Client website files, platform data, database content, backups

2.2 Transactional Email Delivery

ForVera uses a third-party email delivery service to send transactional emails generated by ForVera's platforms, including invoice notifications, account alerts, and project communications.

Location: United States Data processed: Email addresses, email content, delivery metadata

2.3 Payment Processing

ForVera uses a third-party payment processor to handle credit card and ACH payment transactions. ForVera does not store full payment card numbers. Payment data is processed directly by the payment processor under its own PCI-compliant environment.

Location: United States Data processed: Payment card data, billing address, transaction records

2.4 Domain and DNS Management

ForVera uses a domain registrar and DNS management provider to register and manage client domains and configure DNS records on Client's behalf where authorized under a Client Authorization to Act.

Location: United States Data processed: Domain registration details, DNS configuration, registrant contact information

2.5 Uptime and Infrastructure Monitoring

ForVera uses an external uptime monitoring service to track the availability of Client websites and ForVera platform infrastructure. Monitoring pings publicly accessible URLs and does not process Client Personal Data beyond IP addresses and response metadata.

Location: European Union Data processed: Public URL availability data, response times, IP addresses

2.6 Email Hosting

ForVera uses a third-party email hosting provider for ForVera business email accounts. Client communications sent to ForVera email addresses are processed through this provider.

Location: European Union Data processed: Email content, sender and recipient addresses, attachments

2.7 Analytics

ForVera operates a self-hosted web analytics platform on ForVera's own infrastructure to track usage of ForVera's websites and portals. This platform does not share data with third parties and does not use cookies for cross-site tracking.

Location: United States (ForVera infrastructure) Data processed: Anonymized page view data, session metadata, referrer URLs

2.8 Deployment and Platform Management

ForVera uses a self-hosted deployment management platform running on ForVera's own infrastructure to manage application deployments and platform configuration.

Location: United States (ForVera infrastructure) Data processed: Platform configuration, deployment records

3. Client-Specific Third Parties

In delivering Services, ForVera may be authorized by Client to access and interact with third-party platforms on Client's behalf, including:

• Social media platforms
• Advertising networks
• E-commerce platforms
• CRM and marketing automation tools
• App stores and distribution platforms
• Third-party analytics and tracking platforms

These third parties are not ForVera Subprocessors. They are Client's own vendors and platforms. ForVera's interaction with them is governed by the Client Authorization to Act (Client Authorization to Act) and the Third-Party Publishing & Platform Submission Policy (Third-Party Publishing Policy). Client is responsible for its own agreements with and obligations to these platforms.

4. Subprocessor Security Standards

ForVera selects Subprocessors that implement commercially reasonable data protection and security measures. ForVera enters into written agreements with material Subprocessors that impose data protection obligations consistent with ForVera's obligations under the Data Processing Addendum.

ForVera does not guarantee the security practices of Subprocessors and is not liable for Subprocessor security failures beyond ForVera's obligations under the Data Processing Addendum.

5. Changes to Subprocessors

5.1 Notice of Changes

ForVera will provide reasonable advance notice to Client before adding or replacing a material Subprocessor that processes Client Personal Data. Notice will be provided through the Client Portal or by email to the billing or primary contact on file.

5.2 Client Objection

Client may object to a new or replacement Subprocessor by notifying ForVera in writing at legal@forvera.net within ten (10) business days of receiving notice. The objection must state the specific data protection concerns underlying the objection.

If the parties cannot resolve the objection within thirty (30) days, either party may terminate the affected Services upon thirty (30) days written notice without penalty.

5.3 Policy Updates

ForVera will update this Policy when material Subprocessor changes take effect. The Effective Date at the top of this Policy will be updated to reflect the date of the change.

6. Data Transfers

Some Subprocessors are located outside the United States. ForVera uses Subprocessors in the European Union for certain infrastructure and email hosting functions. ForVera selects international Subprocessors that implement appropriate safeguards for cross-border data transfers consistent with applicable law.

7. Contact

For questions about ForVera's Subprocessors or to submit a Subprocessor objection, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Data Processing Addendum
• Privacy Policy
• Security Overview
• Client Authorization to Act
• Third-Party Publishing Policy

See Also

• Terms & Conditions
• Service Agreement
• Data Retention & Deletion Policy
• Confidentiality Policy

Terms & Conditions

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

These Terms & Conditions ("Terms") govern the relationship between ForVera Media LLC, doing business as ForVera Studio ("ForVera"), and the Client identified in the applicable Service Agreement, Statement of Work, or Order Form ("Agreement"). By executing an Agreement, accessing the ForVera Platform, or receiving Services, Client agrees to these Terms.

1. Definitions

The following terms have the meanings set forth below and apply across all ForVera agreements, policies, and platform terms unless a specific document expressly states otherwise.

• ForVera means ForVera Media LLC, a limited liability company, doing business as ForVera Studio, and includes its members, managers, employees, contractors, subcontractors, agents, and permitted assigns.

• Client means the legal entity or individual identified as the contracting party in the applicable Agreement, and includes all owners, employees, contractors, agents, affiliates, and Authorized Users acting on Client's behalf or with Client's credentials.

• Agreement means the applicable signed Service Agreement, Statement of Work, Order Form, or other written engagement document that incorporates these Terms.

• Services means all work, platforms, deliverables, hosting, consulting, and access provided by ForVera under the applicable Agreement, as further described in the applicable Statement of Work or Order Form.

• Deliverables means the specific work product, code, designs, content, configurations, documentation, and other tangible outputs produced by ForVera for Client under the Agreement.

• ForVera Platform means the Command Center console, Client Portal, Team Portal, and any other proprietary software, system, tool, or environment operated by ForVera and made available to Client or Client's Authorized Users.

• Client Materials means all content, data, assets, copy, images, media, credentials, instructions, specifications, and other materials provided by Client to ForVera in connection with the Services.

• Confidential Information has the meaning set forth in the ForVera Confidentiality Policy, incorporated by reference.

• Authorized User means an individual expressly authorized by Client to access the ForVera Platform or receive Services on Client's behalf.

• Authorized Representative means an individual expressly authorized by Client to issue instructions, approvals, change orders, and decisions that bind Client under the Agreement.

• Personal Information means any information that identifies, relates to, describes, or is reasonably capable of being associated with an identified or identifiable natural person, as defined under applicable privacy law.

• Effective Date means the date the applicable Agreement takes effect, as stated in that Agreement.

• Force Majeure Event means any cause beyond ForVera's reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, civil unrest, pandemic, government action, utility failure, internet or telecommunications outages, third-party platform failures, or cyberattacks.

2. Scope and Precedence

2.1 Incorporation

These Terms are incorporated into and made part of every Agreement between ForVera and Client. In the event of a conflict between these Terms and any other ForVera policy, the following order of precedence applies, from highest to lowest:

1. A signed amendment or change order executed by both parties
2. The applicable signed Service Agreement or Statement of Work
3. These Terms & Conditions
4. All other ForVera policies incorporated by reference

2.2 Entire Agreement

The Agreement, together with these Terms and all incorporated policies, constitutes the entire agreement between the parties with respect to its subject matter. It supersedes all prior proposals, representations, negotiations, and understandings, whether written or oral.

2.3 Modifications

ForVera may update these Terms at any time. ForVera will notify Client of material changes through the Client Portal or via the email address on file. Continued use of the Services or ForVera Platform following the effective date of any update constitutes acceptance. If Client does not accept updated Terms, Client must notify ForVera in writing and may terminate the Agreement pursuant to Section 11.

3. Services

3.1 Scope of Services

ForVera will provide the Services described in the applicable Agreement. Services are limited to what is expressly stated in writing. Verbal representations, informal communications, and prior proposals do not expand ForVera's obligations unless confirmed in a signed written amendment.

3.2 Changes to Scope

Any request to materially change the scope, timeline, or deliverables of an Agreement must be submitted in writing and agreed to by both parties in a signed change order. ForVera is not obligated to perform out-of-scope work. ForVera may decline any change request at its discretion.

3.3 Client Dependencies

ForVera's ability to perform the Services depends on Client providing accurate information, timely approvals, required access, and necessary Client Materials as reasonably requested. ForVera is not responsible for delays, deficiencies, or failures caused by Client's failure to meet these dependencies.

3.4 Subcontracting

ForVera may engage employees, contractors, subcontractors, and third-party service providers to perform any portion of the Services. ForVera remains responsible for the work performed by its personnel under the Agreement.

3.5 No Guaranteed Outcomes

ForVera does not warrant or guarantee specific business outcomes, search rankings, traffic, leads, conversions, revenue, engagement, or performance metrics. Actual results depend on factors outside ForVera's control, including Client's business, market conditions, third-party platform behavior, and content quality.

4. Client Responsibilities

Client is solely responsible for:

• Providing accurate, complete, and timely information, content, credentials, and approvals required for ForVera to perform the Services.
• Ensuring that Client Materials do not infringe any third-party intellectual property rights, violate applicable law, or contain material that is false, defamatory, obscene, or otherwise unlawful.
• Designating an Authorized Representative with authority to make binding decisions on Client's behalf.
• Maintaining the security of Client's account credentials and Authorized User access.
• Ensuring Client's own compliance with all laws, regulations, licenses, permits, and third-party terms applicable to Client's business, industry, content, and use of the Deliverables.
• Reviewing and approving all Deliverables within the timeframes specified in the applicable Agreement.
• Promptly notifying ForVera of any errors, issues, or concerns with the Services or Deliverables.

5. Intellectual Property

5.1 Ownership of Deliverables

Upon receipt of full payment for the applicable Deliverables, ForVera assigns to Client all right, title, and interest in the final Deliverables specifically created for Client under the Agreement, to the extent permitted by law and subject to the exclusions in Section 5.2.

5.2 Exclusions — ForVera-Retained IP

ForVera retains all right, title, and interest in:

• ForVera's proprietary platforms, frameworks, tools, templates, components, libraries, systems, methodologies, processes, and know-how, including the ForVera Platform and all underlying technology ("ForVera IP");
• Any pre-existing intellectual property developed or owned by ForVera prior to the Agreement;
• Any improvements, enhancements, or derivative works of ForVera IP developed in the course of performing Services, even if incorporated into Deliverables;
• General skills, knowledge, and experience acquired by ForVera personnel during the engagement.

5.3 License to ForVera IP in Deliverables

Where ForVera IP is incorporated into Deliverables, ForVera grants Client a non-exclusive, non-transferable, royalty-free license to use that ForVera IP solely as part of the Deliverables, solely for Client's internal business purposes, and solely for as long as Client is not in material breach of the Agreement.

5.4 Client Materials License

Client grants ForVera a non-exclusive license to use, reproduce, modify, and display Client Materials solely to the extent necessary to perform the Services. This license terminates upon conclusion of the Agreement or earlier termination of Services, except to the extent ForVera is required to retain materials under applicable law.

5.5 Client Representations

Client represents and warrants that it owns or has all rights necessary to provide Client Materials to ForVera and to authorize ForVera's use of Client Materials as contemplated by the Agreement. Client will indemnify ForVera for any claim arising from Client Materials in breach of this representation.

5.6 Unpaid Work

ForVera retains all ownership of Deliverables until full payment is received. No assignment or license of Deliverables takes effect while any amount remains outstanding under the Agreement.

6. Payment

Payment terms, invoice schedules, late fees, suspension rights, and dispute procedures are governed by the ForVera Service Agreement and Billing & Payment Policy, incorporated by reference. The following terms apply in all cases:

• Client must pay all undisputed invoices by the due date stated in the applicable invoice.
• Client must raise any invoice dispute within ten (10) business days of the invoice date. Failure to dispute within this period constitutes acceptance of the invoice.
• ForVera may suspend Services for nonpayment of undisputed amounts after providing written notice and a reasonable cure period.
• All fees are exclusive of applicable taxes, which are Client's responsibility.

7. Confidentiality

The parties' confidentiality obligations are governed by the ForVera Confidentiality Policy, incorporated by reference. Each party agrees to maintain the confidentiality of the other party's Confidential Information and to use it solely for purposes of the Agreement. Confidentiality obligations survive termination of the Agreement for the period specified in the Confidentiality Policy.

8. Data and Privacy

8.1 Privacy Policy

ForVera's collection, use, and disclosure of Personal Information in connection with the Services is governed by the ForVera Privacy Policy, incorporated by reference.

8.2 Data Processing

Where ForVera processes Personal Information on Client's behalf, the parties' respective roles and obligations are governed by the ForVera Data Processing Addendum, incorporated by reference where applicable.

8.3 Client Data Responsibility

Client is solely responsible for the lawfulness of any Personal Information or other data that Client directs ForVera to collect, process, store, or transmit on Client's behalf. ForVera does not independently verify the lawfulness of Client's data instructions.

9. Acceptable Use

Client's use of the ForVera Platform and all Services is subject to the ForVera Acceptable Use Policy, incorporated by reference. ForVera may immediately suspend access for material violations of the Acceptable Use Policy, with or without prior notice, where necessary to protect the integrity, security, or availability of the ForVera Platform or any third party.

10. Warranties and Disclaimers

10.1 ForVera Warranties

ForVera warrants that:

• It has the right, power, and authority to enter into the Agreement and perform the Services;
• The Services will be performed in a professional and workmanlike manner consistent with reasonable commercial standards for digital agency services; and
• To ForVera's knowledge, the Deliverables will not, at the time of delivery, knowingly infringe any third-party intellectual property rights.

10.2 Disclaimer

EXCEPT AS EXPRESSLY STATED IN SECTION 10.1, FORVERA MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, OR ACCURACY. FORVERA DOES NOT WARRANT THAT THE SERVICES OR DELIVERABLES WILL BE ERROR-FREE, UNINTERRUPTED, SECURE, OR FREE FROM DEFECTS. FORVERA DOES NOT WARRANT THAT ANY DELIVERABLE WILL COMPLY WITH LAWS APPLICABLE TO CLIENT'S SPECIFIC BUSINESS, INDUSTRY, OR JURISDICTION UNLESS LEGAL COMPLIANCE REVIEW IS EXPRESSLY INCLUDED IN THE APPLICABLE AGREEMENT AS A DELIVERABLE.

10.3 Third-Party Services

ForVera is not responsible for the performance, availability, security, terms, or pricing of third-party platforms, tools, services, or infrastructure used in connection with the Services. Client assumes all risk associated with third-party platforms Client directs ForVera to use or integrate with.

11. Limitation of Liability

11.1 Exclusion of Consequential Damages

IN NO EVENT WILL FORVERA BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF DATA, LOSS OF GOODWILL, OR COST OF SUBSTITUTE SERVICES, EVEN IF FORVERA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Aggregate Liability Cap

FORVERA'S TOTAL CUMULATIVE LIABILITY TO CLIENT ARISING OUT OF OR RELATED TO THE AGREEMENT, REGARDLESS OF THE FORM OR THEORY OF CLAIM, WILL NOT EXCEED {{liability_cap_amount}}.

Open Decision — Liability Cap: The cap amount and fee lookback period require explicit business approval before this clause is finalized. Common approaches for agencies at this scale include the total fees paid in the prior {{liability_cap_lookback}} months. Do not finalize this clause without a deliberate decision.

11.3 Essential Basis

THE LIMITATIONS IN THIS SECTION 11 REFLECT A REASONABLE ALLOCATION OF RISK AND ARE AN ESSENTIAL BASIS OF THE AGREEMENT. FORVERA WOULD NOT ENTER INTO THE AGREEMENT WITHOUT THESE LIMITATIONS.

11.4 Exceptions

Nothing in these Terms limits liability for: (a) death or personal injury caused by ForVera's gross negligence; (b) fraud or fraudulent misrepresentation; or (c) any liability that cannot be limited or excluded under applicable law.

12. Indemnification

12.1 Client Indemnification of ForVera

Client will defend, indemnify, and hold harmless ForVera and its members, managers, employees, contractors, and agents from and against any claims, demands, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Client Materials, including any claim that Client Materials infringe third-party intellectual property rights;
• Client's breach of these Terms or the Agreement;
• Client's violation of applicable law;
• Client's use or misuse of the Deliverables or ForVera Platform;
• Any content, product, service, or business operation of Client.

12.2 ForVera Indemnification of Client

ForVera will defend, indemnify, and hold harmless Client from and against third-party claims that the Deliverables, as delivered by ForVera and used by Client within the scope of the Agreement, infringe any third-party intellectual property right, subject to Client promptly notifying ForVera of such claim, granting ForVera sole control of the defense, and cooperating reasonably with ForVera. This indemnification does not apply to any infringement caused by Client Materials, Client's modifications to Deliverables, or Client's use of Deliverables outside the scope of the Agreement.

12.3 Procedure

The indemnified party must: (a) provide prompt written notice of any claim; (b) grant the indemnifying party sole control over the defense and settlement, provided no settlement imposes unconsented obligations on the indemnified party; and (c) cooperate reasonably at the indemnifying party's expense.

13. Force Majeure

ForVera will not be liable for any failure or delay in performance caused by a Force Majeure Event. ForVera will provide prompt notice of a Force Majeure Event and will use commercially reasonable efforts to resume performance as soon as practicable. If a Force Majeure Event prevents ForVera from performing material obligations for more than thirty (30) consecutive days, either party may terminate the affected portion of the Agreement without liability, subject to Client's obligation to pay for Services performed through the date of termination.

14. Termination

Termination rights, cure periods, effects of termination, and post-termination obligations are governed by the ForVera Cancellation & Termination Policy and the applicable Service Agreement, incorporated by reference. The following apply in all cases:

• Either party may terminate the Agreement for the other party's material breach upon written notice and a reasonable opportunity to cure, as specified in the applicable policy.
• ForVera may immediately suspend or terminate access to the ForVera Platform for violations of the Acceptable Use Policy, nonpayment, or conduct posing a risk to ForVera's systems, personnel, or other clients.
• Upon termination for any reason, Client's right to access the ForVera Platform ceases immediately.
• Sections 1, 5, 6, 7, 8, 10, 11, 12, 15, 16, and 17 survive termination of the Agreement.

15. Governing Law and Dispute Resolution

15.1 Governing Law

These Terms and all Agreements are governed by the laws of the State of Iowa, United States, without regard to its conflict of law principles.

Open Decision — Principal Place of Business: If ForVera's principal place of business is confirmed as {{principal_place_of_business}}, this clause should specify county-level venue accordingly.

15.2 Dispute Resolution

The parties will attempt to resolve any dispute informally by written notice to the other party's designated contact. If the dispute is not resolved within thirty (30) days of written notice, either party may pursue available legal remedies.

15.3 Venue

Any legal action or proceeding arising under these Terms will be brought exclusively in the state or federal courts located in {{principal_place_of_business}}, Iowa. Each party consents to personal jurisdiction in those courts.

15.4 Waiver of Jury Trial

TO THE EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY WAIVES ITS RIGHT TO A JURY TRIAL IN ANY ACTION ARISING OUT OF OR RELATED TO THESE TERMS OR ANY AGREEMENT.

16. General Provisions

16.1 Notices

All legal notices under these Terms must be in writing and delivered to:

ForVera: ForVera Media LLC {{legal_notice_address}} Email: {{legal_notice_email}}

Client: The address or email on file in Client's portal account, or the address specified in the applicable Agreement.

Notices are effective upon confirmed delivery.

16.2 Assignment

Client may not assign any Agreement or rights under these Terms without ForVera's prior written consent. ForVera may assign its rights and obligations under any Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee assumes all obligations under the Agreement.

16.3 No Waiver

Failure by either party to enforce any provision of these Terms does not constitute a waiver of that party's right to enforce it in the future.

16.4 Severability

If any provision of these Terms is found to be unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force.

16.5 Independent Contractors

ForVera and Client are independent contractors. Nothing in these Terms creates an employment, partnership, joint venture, agency, or fiduciary relationship between the parties.

16.6 No Third-Party Beneficiaries

These Terms do not confer any rights or remedies on any third party.

16.7 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

16.8 Counterparts and Electronic Signatures

Agreements may be executed in counterparts and by electronic signature. Electronic signatures are valid and binding to the same extent as original signatures.

17. Contact

For questions regarding these Terms, contact ForVera at:

Email: {{legal_notice_email}} Mail: {{legal_notice_address}}

These Terms & Conditions were last updated on June 15, 2026 and are version v1.0.

Third-Party Publishing & Platform Submission Policy

Effective Date: June 15, 2026 Version: v1.0 Issued by: ForVera Media LLC, doing business as ForVera Studio

This Third-Party Publishing & Platform Submission Policy ("Policy") governs ForVera Media LLC, doing business as ForVera Studio ("ForVera"), role when submitting, publishing, or distributing client work to third-party platforms, marketplaces, app stores, social media channels, and advertising networks on behalf of Client ("Client"). This Policy is incorporated by reference into the applicable Service Agreement and Client Authorization to Act.

1. Scope

This Policy applies when ForVera performs any of the following on Client's behalf:

• Submitting applications to Apple App Store, Google Play Store, or other app marketplaces
• Publishing websites, landing pages, or web applications to live hosting environments
• Submitting plugins, themes, or extensions to third-party directories or marketplaces
• Posting content, campaigns, or listings to social media platforms
• Submitting advertisements to ad networks including Google Ads, Meta Ads, and similar platforms
• Listing products or services on e-commerce marketplaces
• Submitting Client's business information to directories, review platforms, or local listing services
• Publishing content to content management platforms, blogs, or newsletter services on Client's behalf

2. ForVera's Role

When ForVera submits or publishes content on Client's behalf, ForVera acts as Client's authorized agent for the specific submission described in the applicable Statement of Work. ForVera's role is technical and operational — ForVera executes submissions based on Client's instructions and approved content.

ForVera does not act as Client's legal representative, compliance officer, or advertising counsel in connection with third-party platform submissions.

3. Client's Responsibilities

3.1 Platform Compliance

Client is solely responsible for ensuring that all content, applications, products, listings, and campaigns submitted to third-party platforms on Client's behalf comply with:

• The applicable platform's terms of service, developer agreements, content policies, and advertising guidelines
• All applicable federal, state, and local laws and regulations governing the content or product being submitted
• Industry-specific regulations applicable to Client's business, including regulations governing healthcare, financial services, alcohol, tobacco, gambling, and other regulated categories

3.2 Content Accuracy

Client is responsible for the accuracy, truthfulness, and completeness of all content submitted to third-party platforms on Client's behalf, including product descriptions, pricing, claims, images, and metadata.

3.3 Required Licenses and Approvals

Client is responsible for obtaining all required licenses, permits, intellectual property clearances, talent releases, and regulatory approvals necessary for the content or product being submitted before directing ForVera to proceed with submission.

3.4 Account Ownership

Accounts established on third-party platforms on Client's behalf belong to Client. Client is responsible for maintaining direct access to its own platform accounts and for the long-term management of those accounts. ForVera's access to Client's third-party accounts is governed by the Client Authorization to Act (Client Authorization to Act).

4. ForVera's Responsibilities

4.1 Accurate Submission

ForVera will submit content to third-party platforms accurately and in accordance with Client's approved instructions and the applicable Statement of Work.

4.2 Platform Requirement Awareness

ForVera will apply commercially reasonable awareness of common third-party platform technical requirements — such as app store submission guidelines, image specifications, and metadata requirements — when preparing and submitting content on Client's behalf. ForVera does not guarantee acceptance or approval by any third-party platform.

4.3 Notification of Issues

ForVera will promptly notify Client if a third-party platform rejects, flags, or requests changes to a submission, and will provide Client with the platform's stated reason for rejection where available.

5. Platform Decisions Are Outside ForVera's Control

Client acknowledges that third-party platform decisions — including acceptance, rejection, removal, suspension, ranking, distribution, and monetization of submitted content or applications — are entirely within the discretion of the applicable platform and outside ForVera's control.

ForVera is not responsible for:

• Rejection of app store submissions by Apple, Google, or any other marketplace
• Removal or suspension of Client content, accounts, or applications by third-party platforms
• Changes in platform policies, algorithms, or review criteria that affect Client's submissions or existing content
• Ad disapprovals, targeting restrictions, or campaign suspensions imposed by advertising platforms
• Delays in platform review processes
• Loss of account standing, ratings, or reviews on third-party platforms

6. Resubmission and Remediation

If a submission is rejected by a third-party platform, ForVera will work with Client to identify and address the stated reason for rejection. Resubmission work that requires material changes to content, design, or functionality is out-of-scope work and may require a Change Order.

7. Advertising Campaigns

Where ForVera manages advertising campaigns on Client's behalf:

• Client is responsible for all advertising spend and budget approvals
• ForVera will not increase advertising spend beyond Client-approved budgets without prior written approval
• Client is responsible for ensuring that advertising content complies with applicable advertising laws, including truth-in-advertising requirements and platform-specific policies
• ForVera does not guarantee any specific advertising performance, return on ad spend, click-through rate, or conversion outcome

8. Indemnification

Client will indemnify, defend, and hold harmless ForVera and its members, managers, employees, contractors, and agents from and against all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

• Client content submitted to third-party platforms at Client's direction
• Client's noncompliance with third-party platform terms of service or applicable law
• Third-party claims arising from content published on Client's behalf
• Platform penalties, fines, or enforcement actions resulting from Client's content or business practices

9. Changes to This Policy

ForVera may update this Policy to reflect changes in third-party platform practices, applicable law, or ForVera's service offerings. ForVera will provide notice of material changes through the Client Portal or by email to the address on file.

10. Contact

For questions about third-party publishing or platform submissions, contact:

ForVera Media LLC, doing business as ForVera Studio 5755 Crabapple Lane, Pleasant Hill, IA 50327 Email: legal@forvera.net | Phone: 515-442-0073

Related Documents

• Terms & Conditions
• Service Agreement
• Client Authorization to Act
• Acceptable Use Policy
• Subprocessor / Third-Party Services Policy

See Also

• Client Content License
• Privacy Policy
• AI & Automation Use Notice
• Marketing Use / Portfolio Permission