Privacy Policy

1. Overview

Fotra ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information. By using Fotra, you agree to the practices described here.

2. What Data We Collect

We collect only what is necessary to provide the service:

• Account data — your email address when you sign up or join the waitlist
• Stripe connection data — your Stripe account ID and OAuth access token, stored encrypted
• Scan results — revenue leak findings generated from your Stripe data, stored in our database
• Usage data — basic logs such as scan timestamps and error events, used for debugging

3. What Data We Do NOT Collect

• Your Stripe secret key — we use OAuth, not your secret key
• Your customers' personal information (names, addresses, card details)
• Payment card data of any kind
• Any data beyond what is needed to generate your scan report

4. How We Use Your Data

• To connect to your Stripe account and run revenue leak scans
• To display and store your scan results in your dashboard
• To send you product updates and waitlist notifications (only if you opted in)
• To process payments for paid plans via Stripe
• To improve the accuracy and reliability of our scanner

5. Stripe Data Access

Fotra connects to Stripe using read-only OAuth permissions. This means we can read your transaction data but cannot move money, modify subscriptions, issue refunds, or make any changes to your Stripe account.

You can revoke Fotra's access to your Stripe account at any time from your Stripe Dashboard under Settings → Installed apps.

6. Data Storage & Security

Your data is stored in Supabase, a secure cloud database with encryption at rest and in transit. Stripe OAuth tokens are stored encrypted and are never exposed in logs or client-side code.

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse.

7. Third-Party Services

We use the following third-party services:

• Stripe — payment processing and data source for scans
• Supabase — database and authentication
• Vercel — hosting and serverless functions

We do not sell, rent, or share your data with any other third parties.

8. Data Retention

We retain your account data and scan results for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law.

9. Your Rights

Depending on your location, you may have the following rights:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent to data processing at any time
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at zomeglobal@gmail.com

10. Cookies

Fotra uses minimal cookies required for authentication and session management only. We do not use tracking cookies or third-party advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of Fotra after updates constitutes acceptance of the revised policy.

12. Contact

For any privacy-related questions or requests, contact us at zomeglobal@gmail.com