Privacy Policy

1. Introduction

Welcome to FLUF Connect, operated by FLUF.io ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-marketplace crosslisting and inventory management platform.

Effective Date: 25 July 2025

Last Updated: 25 July 2025

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, username, password, and profile information
• Contact Details: Billing address, shipping address, phone number
• Payment Information: Credit card details, billing information (processed securely through Stripe)
• Business Information: Store name, business type, tax information

2.2 Marketplace Data

• Authentication Credentials: API tokens and OAuth credentials for connected marketplaces
• Product Information: Product listings, descriptions, images, prices, inventory levels
• Order Data: Purchase history, order details, buyer information, transaction records
• Store Analytics: Sales data, performance metrics, marketplace statistics

2.3 Technical Information

• Device Information: IP address, browser type, device identifiers, operating system
• Usage Data: Pages visited, features used, time spent on platform, click patterns
• Log Data: Server logs, error reports, performance data
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

2.4 Information from Third Parties

• Marketplace APIs: Data from Shopify, Depop, eBay, Etsy, and other connected platforms
• Social Media: Information from social media accounts when you choose to connect them
• Payment Processors: Transaction data from Stripe and other payment providers

3. How We Use Your Information

3.1 Core Service Provision

• Enable multi-marketplace product crosslisting and inventory synchronisation
• Manage and coordinate orders across all connected platforms
• Provide automated offer management and price optimisation
• Facilitate secure authentication with marketplace APIs
• Process payments and manage subscriptions

3.2 Platform Improvement

• Analyse usage patterns to improve platform functionality
• Develop new features and services
• Conduct research and analytics to enhance user experience
• Monitor platform performance and reliability

3.3 Communication

• Send service-related notifications and updates
• Provide customer support and technical assistance
• Share important platform announcements
• Send marketing communications (with your consent)

3.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Respond to legal requests and court orders

4. How We Share Your Information

4.1 With Your Consent

We share your information when you explicitly consent, such as when connecting to new marketplaces or enabling specific integrations.

4.2 Service Providers

• Marketplace APIs: Shopify, Depop, eBay, Etsy (for crosslisting and sync functionality)
• Payment Processing: Stripe (for subscription and payment processing)
• Cloud Infrastructure: Hetzner, AWS (for hosting and data storage)
• Analytics: Google Analytics (anonymised data for platform improvement)
• Customer Support: Support ticket systems and communication tools

4.3 Legal Requirements

We may disclose your information when required by law, legal process, or to protect our rights, property, or safety of our users.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5. Data Retention

5.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after closure
• Product and Inventory Data: Retained while products are active plus 1 year
• Order and Transaction Data: Retained for 7 years for accounting and legal requirements
• Usage and Analytics Data: Retained for 2 years in aggregated, anonymised form
• Support Communications: Retained for 3 years for quality assurance

5.2 Data Deletion

When retention periods expire or when you request deletion, we securely delete your personal information using industry-standard methods. Some information may be retained in anonymised form for analytics purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

6.2 Marketing Communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality and security
• Performance Cookies: Help us understand how you use our platform
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into platform usage and performance

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect platform functionality.

7.3 Third-Party Tracking

We use Google Analytics with anonymised IP addresses to understand platform usage. You can opt out using Google's opt-out tools.

8. Data Security

8.1 Security Measures

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Regular security assessments and vulnerability testing
• Secure Infrastructure: Enterprise-grade hosting with advanced security features

8.2 Data Breach Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by applicable laws.

9. International Data Transfers

FLUF Connect operates globally and may transfer your personal information to countries outside your jurisdiction. When we do so, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contractual protections
• Certification Schemes: Privacy Shield successors and similar frameworks
• Binding Corporate Rules: Internal data protection standards

10. Children's Privacy

FLUF Connect is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will provide prominent notice on our platform
• We may also notify you via email for significant changes
• Your continued use of our services after changes constitutes acceptance

12. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal information based on the following legal grounds:

• Contract Performance: To provide FLUF Connect services you've requested
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications and optional features (you can withdraw consent at any time)