1. Introduction
Footprint Funnel ("we," "us," or "our") operates a multi-tenant SaaS platform that enables retail businesses to create customer engagement funnels. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Information We Collect
2.1 Business Owner Information
When you sign up as a business owner, we collect:
- Business name and contact information
- Owner name and email address
- Billing address and payment information (processed securely via Stripe)
- Account credentials (password is hashed and encrypted)
- Business branding assets (logo, colors)
2.2 End Customer Information
When end customers use your funnel, we collect on your behalf:
- Name, email address, and phone number
- Birthday (optional)
- Mailing address (optional, for physical rewards)
- Referral information (optional)
- Social media platform preferences (optional)
2.3 Automatically Collected Information
- Device information (browser type, operating system)
- IP address and general location
- QR code scan timestamps and sources
- Session data and funnel completion metrics
- Cookies and similar tracking technologies
3. How We Use Your Information
3.1 For Business Owners
- Provide and maintain your account and services
- Process payments and manage billing
- Send service updates and account notifications
- Provide customer support
- Analyze platform usage and improve our services
- Prevent fraud and ensure platform security
3.2 For End Customers
- Facilitate funnel completion and reward delivery
- Sync data to Google Sheets and Shopify (on behalf of business owners)
- Track analytics for business owners
- Send birthday postcards (if opted in)
Legal Basis (GDPR): We process data based on contract performance, legitimate interests, and consent where applicable.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data with:
- Service Providers: Stripe (payments), Google Sheets (data storage), Shopify (e-commerce integration), OpenAI (content generation)
- Business Owners: End customer data is accessible to the business owner whose funnel was used
- Legal Requirements: When required by law, court order, or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
5. Your Rights and Choices
5.1 GDPR Rights (European Users)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Data Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke consent at any time
To exercise these rights, email us at privacy@footprintfunnel.com or use your account settings.
5.2 CCPA Rights (California Residents)
California residents have the right to:
- Know: Request disclosure of personal information collected
- Delete: Request deletion of personal information
- Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
- Non-Discrimination: Receive equal service regardless of privacy choices
California residents can submit requests via Do Not Sell My Personal Information page or email privacy@footprintfunnel.com.
6. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential Cookies: Authentication, security, and basic functionality (required)
- Analytics Cookies: Understanding how users interact with our platform (optional)
- Tenant Resolution: Remembering which business funnel you're interacting with (signed for security)
You can manage cookie preferences through our cookie consent banner or your browser settings.
7. Data Security
We implement industry-standard security measures:
- HTTPS encryption for all data in transit
- Bcrypt password hashing with salt rounds
- JWT-based authentication with httpOnly cookies
- Signed cookies to prevent tampering
- Multi-tenant data isolation at application layer
- Rate limiting to prevent brute force attacks
- Regular security audits and updates
While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal obligations (e.g., tax records: 7 years)
- Resolve disputes and enforce agreements
- Maintain business records and analytics
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal compliance.
9. International Data Transfers
Our services are hosted in the United States. By using our platform, you consent to the transfer of your data to the United States. We comply with applicable data transfer frameworks and ensure adequate safeguards are in place.
10. Children's Privacy
Our services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our platform. Continued use after changes indicates acceptance of the updated policy.
12. Contact Us
For privacy-related questions, concerns, or to exercise your rights, contact us:
We will respond to requests within 30 days (GDPR) or 45 days (CCPA).