Privacy Policy

1. Data We Collect

When you use Foregrade, we collect the following data:

• TikTok Shop data: Order details, product information, fee breakdowns, and sales data accessed through the TikTok Shop API.
• Account data: Your TikTok Shop ID and OAuth tokens (stored encrypted at rest using AES-256-GCM).
• Payment data: Processed by Stripe. We store only your Stripe customer ID and subscription ID — never your card details.
• Product cost settings: COGS, affiliate commission percentages, fulfillment type, and shipping costs that you enter.

2. TikTok Shop Data

We access your TikTok Shop data (orders, products, returns, and affiliate information) through the TikTok Shop API in accordance with TikTok's Developer Terms of Service. This data is used solely to provide our profit calculation and analytics services.

3. How We Use Your Data

We use your data exclusively to:

• Calculate and display your profit after all TikTok Shop fees
• Provide per-product margin analysis
• Send weekly profit digest emails (optional, with one-click unsubscribe)
• Process subscription payments via Stripe

We do not sell your data to third parties. We do not use your data for advertising.

4. Sub-Processors

We use the following third-party services to operate Foregrade:

5. Data Retention

• Order data: Retained for as long as your account is active, plus 90 days after account deletion.
• OAuth tokens: Encrypted at rest. Deleted immediately upon account disconnection or deletion.
• Payment records: Retained as required by financial regulations (up to 7 years).

6. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by the EU General Data Protection Regulation:

• Art 6(1)(b) — Contract: Processing necessary for providing the Foregrade service, including syncing your TikTok Shop data, calculating profits, and managing your account.
• Art 6(1)(a) — Consent: Marketing communications (e.g., weekly profit digests) and optional analytics. You may withdraw consent at any time.
• Art 6(1)(f) — Legitimate Interest: Service improvement, fraud prevention, and security measures to protect our platform and users.
• Art 6(1)(c) — Legal Obligation: Retention of tax records, payment records, and compliance with applicable legal requirements.

Data Controller

Foregrade (operated by Foregrade Inc., Wilmington, Delaware, USA) is the data controller responsible for your personal data. For data protection inquiries, contact us at [email protected].

7. Your Rights (GDPR)

If you are in the UK or European Economic Area, you have the right to:

• Access: Request a copy of all data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

Foregrade uses the following cookies:

• fg_session: Encrypted session cookie (httpOnly, secure). Required for authentication.
• fg_csrf: CSRF protection token (httpOnly, secure). Required for security.
• fg_oauth_state: Temporary OAuth state parameter (httpOnly, 10-minute expiry). Required for secure TikTok login.

We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Security

We protect your data using industry-standard security measures including: encrypted session cookies (iron-session), AES-256-GCM encryption for OAuth tokens at rest, CSRF protection on all state-changing endpoints, and HTTPS for all communications.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

11. Contact

For privacy-related inquiries, contact us at [email protected].