Privacy Policy

1. Introduction

This Privacy Policy explains how Fooshop ("we", "us", "our") collects, uses, and protects your personal data when you use our platform at fooshop.ai.

We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data We Collect

Account data: When you sign in with Google, we receive your name, email address, and profile picture. For creators, we also store your store name, description, and slug.

Payment data: Payment processing is handled by Stripe. We store Stripe Connect account IDs for creators and Stripe payment intent IDs for orders. We do not store credit card numbers or bank account details.

Product data: Creators upload product information including titles, descriptions, prices, and digital files. Files are stored on Cloudflare R2.

Analytics data: We collect page view data including timestamps, page paths, and traffic sources (web, MCP, API). We do not track individual user browsing behavior across sessions.

3. How We Use Your Data

We use your data to: operate and maintain the marketplace, process transactions between creators and buyers, provide creator analytics and sales reports, improve the Platform and develop new features, communicate important updates about the service, and comply with legal obligations.

4. Data Sharing

We share data with the following third-party services: Stripe (payment processing — subject to Stripe's privacy policy), Cloudflare R2 (file storage for digital products), and Google (authentication via OAuth).

We do not sell your personal data to third parties. We may disclose data when required by law or to protect our legal rights.

5. Cookies & Tracking

Fooshop uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking technologies.

Our analytics collect aggregated page view data without personally identifiable information.

6. Data Retention

We retain your account data for as long as your account is active. Order and transaction data is retained for 7 years for tax and legal compliance. Analytics data is retained in aggregated form.

When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights: the right of access — request a copy of your personal data; the right to rectification — correct inaccurate personal data; the right to erasure — request deletion of your personal data; the right to data portability — receive your data in a machine-readable format; the right to restrict processing — limit how we use your data; the right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA) by our service providers (Stripe, Cloudflare). These transfers are protected by appropriate safeguards including Standard Contractual Clauses.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure authentication via OAuth, and access controls on our systems.

While we take reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

10. Children's Privacy

Fooshop is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or Platform notification. The "Last updated" date at the top of this policy indicates the most recent revision.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).