FOTR Vault Marketplace
All
Marketplace / Privacy Policy

Privacy Policy

Effective Date: August 1, 2025  ·  Last Updated: August 1, 2025

This policy applies to all FOTR Vault marketplace users, including vendors, customers, and visitors.

1. Introduction

This Privacy Policy describes how Fire On The Runway International ("FOTR," "we," "us," or "our") collects, uses, shares, and protects personal information through the FOTR Vault marketplace platform (the "Platform"), accessible at www.fotrintl.com and any associated mobile applications.

FOTR Vault is a curated global marketplace that connects vendors (sellers) with customers (buyers) in the fashion, beauty, and wellness categories. Because our Platform facilitates transactions between third-party vendors and customers, this Privacy Policy applies to all users, including vendors, customers, and visitors.

2. Information We Collect

We collect information necessary to operate the Platform, facilitate transactions, and provide a secure shopping and selling experience. The types of information we collect include:

Information You Provide Directly

  • Account registration details: full name, email address, phone number, mailing address, and password.
  • Vendor onboarding information: business name, registration documents, tax identification numbers, bank account or payout details, product descriptions, and brand materials.
  • Customer purchase information: billing address, shipping address, and order details.
  • Payment information: credit/debit card numbers, mobile money details, or other payment credentials (processed through our third-party payment processors).
  • Communications: messages sent through our Platform, customer support inquiries, feedback, and reviews.
  • Identity verification documents: government-issued identification where required for vendor approval or fraud prevention.

Information Collected Automatically

  • Device information: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Usage data: pages visited, products viewed, search queries, click patterns, and time spent on pages.
  • Location data: approximate geographic location based on IP address; precise location only with your explicit consent.
  • Cookies and similar technologies: session cookies, persistent cookies, pixels, and web beacons (see Section 9 for details).
  • Log data: server logs recording access times, referring URLs, and error reports.

Information from Third Parties

  • Payment processors: transaction confirmation, fraud detection signals, and payment status.
  • Social media platforms: if you link a social account or log in via a third-party service, we may receive your profile name, email, and profile picture.
  • Vendor-provided customer data: vendors may share order fulfillment information through the Platform.
  • Public sources: business registration databases and publicly available profiles for vendor verification.

3. How We Use Your Information

We process personal information for the following purposes:

Platform Operations

  • Creating and managing user accounts (vendor and customer).
  • Processing vendor applications, onboarding fees, and subscription payments.
  • Facilitating transactions, payment processing, and order fulfillment.
  • Calculating and distributing vendor payouts based on plan tier — Starter vendors pay 20%, Growth vendors pay 15%, and Elite vendors pay 10% platform commission on marketplace sales.
  • Providing customer support and resolving disputes between vendors and customers.

Platform Improvement and Personalization

  • Analyzing usage patterns to improve Platform functionality, navigation, and user experience.
  • Personalizing product recommendations and search results.
  • Conducting internal analytics and reporting, including vendor sales dashboards.
  • Developing new features, products, and services.

Marketing and Communications

  • Sending transactional emails such as order confirmations, shipping updates, and payout notifications.
  • Sending promotional content about FOTR Vault events, campaigns, runway showcases, and vendor spotlights (with your consent where required).
  • Featuring vendors in social media campaigns, website spotlights, and marketing materials as described in the Vendor Agreement.
  • Administering contests, promotions, or surveys.

Safety, Security, and Legal Compliance

  • Detecting and preventing fraud, unauthorized transactions, and other illegal activities.
  • Verifying vendor identity and product authenticity to maintain marketplace integrity.
  • Enforcing our Terms of Service, Vendor Agreement, and other platform policies.
  • Complying with applicable laws, regulations, court orders, and government requests.
  • Protecting the rights, property, and safety of FOTR, our users, and the public.

Legal Bases for Processing

Depending on your location and applicable law, we rely on the following legal bases: contractual necessity, consent, legitimate interests, and legal obligation. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

Between Vendors and Customers

When a customer places an order, relevant information (name, shipping address, order details) is shared with the vendor solely for order fulfillment. Vendors must handle customer information in accordance with applicable data protection laws.

Service Providers

We engage third-party companies contractually required to use your data only for the services they perform:

  • Payment processing and financial services
  • Cloud hosting and data storage
  • Email delivery and communication tools
  • Analytics and performance monitoring
  • Fraud detection and identity verification

Legal and Regulatory Disclosures

We may disclose personal information to comply with applicable law, enforce platform policies, detect or prevent fraud, or protect the rights, property, or safety of FOTR, our users, or the public.

Business Transfers & Consent

If FOTR is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction. We will notify you before your information becomes subject to a different privacy policy. We may also share information with your explicit consent.

5. Vendor-Specific Privacy Provisions

As FOTR Vault is a multi-vendor marketplace, vendors have unique data responsibilities when they receive customer information for order fulfillment.

What we share with vendors:

  • Delivery address
  • Contact phone number
  • Order specifics & notes
  • Customer first name (for fulfillment)

What we NEVER share:

  • Credit card details
  • Account passwords
  • Full payment credentials
  • Browsing or purchase history

Vendor Responsibilities

  • Comply with all applicable data protection laws.
  • Maintain a clear privacy policy for customer data they receive.
  • Use customer data only for fulfillment and directly related customer service.
  • Implement appropriate technical and organizational security measures.

Strictly Prohibited for Vendors

  • Selling or renting customer personal data obtained through the Platform.
  • Using customer contact info for unrelated marketing without consent.
  • Sharing customer data with third parties except where needed for fulfillment (e.g., shipping carriers).
  • Retaining customer data longer than necessary for fulfillment and applicable legal requirements.

FOTR remains the data controller for account data, transaction data, usage data, subscription billing, commission calculations, payouts, and platform management. Violation of vendor data restrictions may result in suspension or removal from the Platform.

6. International Data Transfers

FOTR is a U.S.-based company with operations in Ghana. Your personal information may be transferred to and processed in countries other than the country where you reside, including the United States and Ghana. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
  • Compliance with the EU-U.S. Data Privacy Framework, where applicable.
  • Ensuring data processors in all jurisdictions maintain data protection standards equivalent to or exceeding applicable law.
  • Compliance with Ghana's Data Protection Act, 2012 (Act 843), including registration with the Data Protection Commission where required.
  • Conducting transfer impact assessments where required by applicable law.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Active accounts: Retained for the duration of your account and a reasonable period afterward to comply with legal obligations.
  • Transaction records: Minimum of seven (7) years for tax, accounting, and legal compliance.
  • Vendor onboarding documents: Duration of the vendor relationship and five (5) years after account closure.
  • Marketing consent records: While consent is valid, plus a reasonable compliance period.
  • Server logs and analytics: Up to twenty-four (24) months.
  • Customer support records: Three (3) years after resolution.

When personal information is no longer required, we securely delete or anonymize it. Anonymized data that can no longer identify individuals may be retained indefinitely for analytics and research.

8. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. To exercise any right, contact us using the details in Section 16. We respond within thirty (30) days and may verify your identity before acting.

Rights for All Users

Access, correction, deletion (subject to legal retention), withdrawal of consent, data portability, objection to legitimate-interest processing, and restriction of processing.

EEA / UK Residents (GDPR)

Right to lodge a complaint with your local data protection supervisory authority. Right not to be subject to decisions based solely on automated processing that produce legal or significant effects.

California Residents (CCPA / CPRA)

Right to know categories and specific pieces of personal information collected, opt out of sale or sharing (FOTR does not sell personal information), non-discrimination for exercising rights, and limit the use of sensitive personal information.

Ghana Residents (Data Protection Act, 2012)

Right to request information about data held and its purpose, object to processing likely to cause damage or distress, and seek compensation for damage caused by contravention of the Act.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Platform. You can manage your cookie preferences through our cookie consent banner displayed when you first visit the Platform.

Cookie Type Purpose Duration Consent
Essential Login, security, cart functionality Session / Persistent Not required
Functional Language, preferences, saved settings Persistent Recommended
Analytics Page views, traffic sources, user behavior Up to 24 months Required
Marketing Ad targeting, campaign performance Up to 12 months Required

Global Privacy Control (GPC)

We honor GPC signals transmitted by your browser as a valid opt-out request as required by the California Consumer Privacy Rights Act and other applicable state privacy laws. When we detect a GPC signal, we treat it as a request to opt out of the sale or sharing of personal information associated with that browser.

Managing Cookies

You can control and delete cookies through your browser settings. Disabling essential cookies may impair your ability to use certain features such as the shopping cart and checkout process. For standard "Do Not Track" browser signals, there is currently no industry-wide standard; we monitor developments in this area.

10. Data Security

We implement technical and organizational security measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction.

  • Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest.
  • Regular security assessments and penetration testing.
  • Access controls limiting employee access to personal information on a need-to-know basis.
  • Multi-factor authentication for vendor and administrative accounts.
  • Regular security training for all employees and contractors.
  • Incident response procedures for prompt detection and remediation of security breaches.
  • Secure payment processing through PCI DSS-compliant third-party providers.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and encourage you to protect your account credentials.

11. Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR or applicable law.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • Report to the Ghana Data Protection Commission as required under Act 843 and the Cybersecurity Act, 2020 for incidents affecting data processed in Ghana.
  • Comply with state-specific breach notification requirements in all U.S. states where affected individuals reside.
  • Document all breaches, their effects, and the remedial actions taken.

13. Contact Information and Policy Updates

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us:

Privacy Contact

  • Data Controller: Fire On The Runway International
  • Email: info@fotrintl.com
  • Phone: +1 802-255-4111
  • Website: www.fotrintl.com
  • Address: 330 S Second Ave Suite 200, Minneapolis, MN 55401, United States

How We Update This Policy

  • We post the updated policy with a revised "Last Updated" date.
  • Material changes are communicated to registered users via email at least thirty (30) days before they take effect.
  • Where required by applicable law, we will obtain renewed consent.
  • Your continued use of the Platform after the effective date of a revised policy constitutes acceptance.

Questions about marketplace privacy?

Reach our privacy team for access requests, data questions, or clarification about how vendor and customer data is handled on FOTR Vault.

Contact Privacy Team

14. Jurisdiction-Specific Disclosures & Governing Law

United States

For residents of states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, Utah, Indiana, Kentucky, Rhode Island, and others), we provide the rights described in Section 8 in accordance with each applicable state statute. We do not sell personal information as defined under these laws.

European Economic Area and United Kingdom

If you are located in the EEA or UK, the GDPR (or UK GDPR) applies to our processing of your personal information. You have the right to lodge a complaint with your local supervisory authority.

Ghana

FOTR complies with the Ghana Data Protection Act, 2012 (Act 843). Our processing activities comply with the eight data protection principles established under Section 17 of Act 843, including accountability, lawfulness of processing, specification of purpose, quality of information, openness, security safeguards, and data subject participation.

Governing Law and Acknowledgment

This Privacy Policy is governed by the laws of the United States and the State of Minnesota. To the extent that the laws of Ghana or any other jurisdiction mandate additional protections for personal data collected or processed in that jurisdiction, those protections will apply in addition to this Privacy Policy.

By using the FOTR Vault Platform, you acknowledge that you have read and understood this Privacy Policy. For vendors, acceptance of the Vendor Agreement includes acceptance of this Privacy Policy as it relates to data processed through the Platform.

Fire On The Runway International • FOTR Vault • www.fotrintl.com