Privacy Policy
Last updated: April 2026
1. Data We Collect
When you use Foregrade, we collect the following categories of personal information (CCPA 1798.140(v)):
- Identifiers (Category A): Email address (at signup), TikTok Shop ID, TikTok buyer usernames from return data (for serial returner detection).
- Commercial information (Category D): Order details, product information, fee breakdowns, sales data, return/refund records, and affiliate commission data accessed through the TikTok Shop API.
- Internet activity (Category F): Page views and feature usage within the app (first-party analytics only — no third-party tracking). Session activity timestamps for security purposes.
- Account data: Your TikTok Shop ID and OAuth tokens (stored encrypted at rest using AES-256-GCM).
- Payment data: Processed by Stripe. We store only your Stripe customer ID and subscription ID — never your card details.
- Product cost settings: COGS, affiliate commission percentages, fulfillment type, and shipping costs that you enter.
Buyer data from TikTok: When processing return data from the TikTok Shop API, we store buyer usernames to detect serial return patterns on your behalf. This data is collected from TikTok (a third-party source), not directly from buyers. Buyer usernames are retained while your account is active and deleted within 30 days of account deauthorization or deletion.
2. TikTok Shop Data
We access your TikTok Shop data (orders, products, returns, and affiliate information) through the TikTok Shop API in accordance with TikTok's Developer Terms of Service. This data is used solely to provide our profit calculation and analytics services.
3. How We Use Your Data
We use your data exclusively to:
- Calculate and display your profit after all TikTok Shop fees
- Provide per-product margin analysis and returns management
- Detect serial return patterns to protect your business (using buyer usernames)
- Send profit digest and return alert emails (optional, with one-click unsubscribe)
- Process subscription payments via Stripe
- Monitor application errors via Sentry. Server-side error monitoring runs unconditionally — we need to know when the application breaks to keep the Service operational (lawful basis: legitimate interests, GDPR Art. 6(1)(f)). Client-side session replay and performance tracing are additionally opt-in via the cookie banner.
- Track page views via first-party analytics to improve the service (no third-party sharing)
We do not sell your data to third parties. We do not use your data for advertising.
Lawful basis under UK / EU GDPR (Art. 6(1))
Each processing purpose above is grounded in one or more lawful bases under Article 6(1) of the UK GDPR / EU GDPR:
| Purpose | Lawful basis | Notes |
|---|---|---|
| Provide profit calculation, returns management, and dashboard features | Art. 6(1)(b) — performance of contract | Without this processing, we cannot deliver the Service you signed up for. |
| Process subscription payments via Stripe | Art. 6(1)(b) — performance of contract | Plus Art. 6(1)(c) — legal obligation, for tax / VAT records. |
| Send transactional emails (deadline alerts, digest, password reset) | Art. 6(1)(b) — performance of contract | Marketing emails (if any) are separately opt-in under Art. 6(1)(a). |
| Detect serial-returner patterns (buyer usernames) | Art. 6(1)(f) — legitimate interests | Balanced against buyer privacy. Buyers are TikTok account holders, not Foregrade users; we never contact them and store only the username TikTok already exposes to sellers. |
| Server-side error monitoring (Sentry) | Art. 6(1)(f) — legitimate interests | Necessary to keep the Service operational. PII is scrubbed before transmission. |
| Client-side replay / performance tracing | Art. 6(1)(a) — consent (via cookie banner) | You can withdraw at any time; withdrawal does not affect server-side error monitoring. |
| Audit logs of data access, exports, deletions | Art. 6(1)(c) — legal obligation | Required to evidence GDPR Art. 30 record-keeping and Art. 32 security obligations. |
| Tax / financial records retention | Art. 6(1)(c) — legal obligation | UK and Lithuanian tax law require certain billing records to be retained for up to 7 years. |
4. Sub-Processors
We use the following third-party services to operate Foregrade:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase (AWS us-east-1) | Database hosting | All application data (encrypted at rest) |
| Stripe | Payment processing | User ID, subscription metadata |
| Resend | Email delivery | Email address, digest content |
| Railway | Application hosting | Request logs, server-side rendering |
| Upstash | Rate limiting and session management | User IDs, rate limit counters |
| Sentry | Server-side error monitoring (always on, lawful basis: legitimate interests). Client-side replay / performance tracing additionally cookie-consent-gated. | Error details, stack traces (PII scrubbed via SENSITIVE_KEYS allowlist) |
| Cloudflare | DNS, edge TLS, DDoS / bot mitigation | Request metadata, IP addresses (not stored by us) |
5. Sources of Personal Information
In the preceding 12 months, we collected personal information from the following sources:
- Directly from you: Email address (signup), product cost settings, expense data, account preferences
- From TikTok Shop API (third party): Order details, return/refund records, buyer usernames, product data, fee breakdowns, affiliate information
- Automatically: Page views, session timestamps, IP addresses (via Cloudflare, not stored by us)
6. Data Disclosed to Third Parties
In the preceding 12 months, we disclosed the following categories of personal information to service providers for business purposes only. We have not sold or shared any personal information.
- Identifiers (email address) → Resend (email delivery), Stripe (payment processing)
- Commercial information (order/product data) → Supabase (database storage)
- Internet activity (error data) → Sentry (error monitoring, with consent)
7. Data Retention & Article 17 Erasure Flow
- Order and return data: Retained while your account is active, plus 90 days after account deletion (financial record-keeping for tax compliance).
- Buyer usernames: Retained while your account is active. Deleted within 30 days of TikTok Shop deauthorization or account deletion.
- OAuth tokens: Encrypted at rest. Deleted immediately upon account disconnection or deletion.
- Lead emails: Auto-deleted after 12 months if not converted to an account.
- Payment records: Retained as required by financial regulations (up to 7 years for VAT and corporate tax).
How account deletion works (UK / EU GDPR Art. 17)
When you click Settings → Delete account, we walk through a four-stage process:
- Soft delete (Day 0): Your account is marked
deleted_atimmediately. All sessions are revoked, login is disabled, billing is cancelled in Stripe, and the TikTok OAuth token is destroyed (no further data sync). Your data is no longer accessible to anyone — including our support team — through the application. - 90-day reactivation window (Days 1–90): If you reach out within 90 days, we can fully restore the account from the soft-deleted state. This protects you against accidental deletion (especially relevant for shared shops where a co-admin might delete by mistake). After day 90 the window closes and reactivation is no longer possible.
- Hard delete (Day 90): A nightly cron run hard- deletes the account: user row, products, orders, returns, expenses, creators, watchlist entries, return rules, push subscriptions, webhook subscriptions, and any other table that keys on your
user_id. Stripe customer/subscription IDs are erased. - Audit-log scrub (Day 90 + a few minutes): The audit log retains the fact that you held an account (timestamps, action types, error codes) so we can evidence GDPR Art. 30 record-keeping and security investigations, but your personal identifiers (email, IP, user-agent) are overwritten with
[ERASED]in the same hard-delete transaction. The audit log itself is append-only, so we mark the original entries as superseded rather than physically deleting rows — this preserves the integrity of the audit chain while satisfying Art. 17 by removing your personal data.
If a Stripe cancellation fails (e.g., Stripe API outage during the soft-delete step), the soft-delete proceeds anyway and the failed cancellation is queued for retry. The background reconciler retries every 6 hours; if the retry still fails after 7 days, an internal alert fires so a human can cancel the subscription manually before the next billing attempt. You will not be charged for periods after the soft- delete date — Stripe's own credit logic handles this even on delayed cancellation.
Records we cannot erase: data subject to a statutory retention obligation (VAT invoices, tax records, anti-money-laundering logs) is retained for the period required by law. We pseudonymise it where possible.
8. California Privacy Rights (CCPA / CPRA)
Foregrade is operated by a Lithuanian entity (Foregrade, MB) and is currently available to UK TikTok Shop sellers only. If you happen to be a California resident using the Service, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights, which we honour as a matter of policy:
- Right to know: Request a copy of the personal information we've collected about you, the categories of sources, and how we use it.
- Right to delete: Request deletion of your personal information. You can trigger this instantly from Settings → Delete Account, or email us.
- Right to correct: Request correction of inaccurate personal information we hold about you.
- Right to opt out of sale/sharing: We do not sell or share your personal information with third parties for cross-contextual behavioral advertising — there's nothing to opt out of, but this right exists if we ever change that.
- Right to limit use of sensitive personal info: You can ask us to limit use of sensitive categories of data to only what is necessary to provide the service.
- Right to non-discrimination: We will not deny you service, charge a different price, or provide a different quality of service because you exercised any of these rights.
To exercise any of these rights, see our contact methods in Section 13. We respond within 45 days as required by the CCPA.
Employee access for customer support
Authorized Foregrade personnel may access your account data via a read-only, audit-logged impersonation mode when investigating a support ticket or diagnosing a sync issue. This access is strictly read-only during the session, automatically expires after 30 minutes, and every instance (plus the reason) is recorded in an immutable audit log. You can request a list of all such access events affecting your account by emailing privacy@foregrade.io. Writes to your data (e.g., refunds, plan changes) by our support staff are performed through separate admin actions that require password re-authentication and are also audit-logged.
Data Controller
Foregrade is operated by Foregrade, MB — a private limited company registered in Lithuania (EU). Foregrade, MB is the data controller for UK sellers using the Service. For data-protection inquiries, contact us at privacy@foregrade.io.
UK GDPR Representative (Article 27)
As a non-UK-established data controller processing personal data of UK residents, Foregrade is required under Article 27 of the UK GDPR to appoint a UK-based representative. That appointment is being finalised ahead of our UK TikTok Shop App Store launch. Once in place, the representative's name, email, and postal address will be listed here. UK data subjects may contact our representative for all matters relating to the processing of their personal data, in parallel with contacting us directly at privacy@foregrade.io.
Placeholder until appointed: [UK GDPR Representative — to be listed]
EU GDPR Representative
Foregrade's operating entity is established in the European Union (Lithuania). No separate EU Article 27 representative is required — the controller itself is EU-established.
9. Do Not Sell or Share My Personal Information
Foregrade does not sell your personal information. Foregrade does not share your personal information with third parties for cross-contextual behavioral advertising. Per CCPA 1798.130(a)(5)(C)(ii), Foregrade has not sold or shared consumers' personal information in the preceding 12 months. The sub-processors listed in Section 4 receive only the data necessary to provide their specific service (hosting, payment processing, email delivery) — never for advertising or resale. We honor Global Privacy Control (GPC) signals as valid opt-out requests per CCPA 1798.135(b).
If you would still like to submit a formal opt-out request, email privacy@foregrade.io with the subject "Do Not Sell/Share My Info" and we will confirm in writing.
10. Cookies
Foregrade uses six first-party cookies plus the user's theme preference and a cookie-consent acknowledgement stored inlocalStorage. The full table — names, purposes, durations — is in our dedicated Cookie Policy. We do not use tracking cookies, analytics cookies, or advertising cookies.
11. Security
We protect your data using industry-standard security measures including: encrypted session cookies (iron-session), AES-256-GCM encryption for OAuth tokens at rest, CSRF protection on all state-changing endpoints, and HTTPS for all communications.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.
13. Contact
To exercise any privacy right or make a data inquiry, you may contact us via two methods (CCPA 1798.130(a)(1)):
- Email: privacy@foregrade.io
- Mail: Foregrade, MB (Lithuania) — email hello@foregrade.io for the registered address.
We verify requests by matching the email against your account and respond within 45 days as required by the CCPA. We do not charge a fee for processing privacy requests.