1. Introduction
Welcome to FBCommerce ("we," "us," "our"), a service company of FIFTHBOSTON HOLDINGS. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-commerce platform and services available at fbcommerce.fifthboston.com.
FBCommerce is a Software-as-a-Service (SaaS) e-commerce platform that enables businesses to create, manage, and scale their online stores. By using our services, you agree to the collection and use of information in accordance with this policy.
π Our Commitment to Privacy
We believe in transparency and giving you control over your data. We do not sell your personal information, and we only collect data necessary to provide and improve our services.
2. Information We Collect
We collect information that you provide directly to us, information collected automatically, and information from third parties.
2.1 Information You Provide
| Category | Data Types | Purpose |
|---|---|---|
| Account Information | Name, email address, password, company name | Create and manage your account |
| Billing Information | Payment card details (via Stripe), billing address, company tax ID | Process subscription payments |
| Business Information | Store name, products, inventory, orders, customer lists | Operate your e-commerce store |
| Communications | Support tickets, emails, chat messages | Provide customer support |
| Profile Information | Profile photo, business logo, timezone preferences | Personalize your experience |
2.2 Information Collected Automatically
When you use our services, we automatically collect certain information, including:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, features used, click patterns, session duration
- Log Data: Access times, error logs, referring URLs
- Location Data: Approximate geographic location based on IP address
- Performance Data: Page load times, application errors, system activity
2.3 Information from Third Parties
We may receive information about you from third parties, including:
- Payment processors (Stripe) for transaction verification
- Identity verification services
- Analytics providers
- Marketing partners (with your consent)
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Provide and Operate Services
- Create and manage your FBCommerce account
- Process your subscription payments
- Host and operate your e-commerce store(s)
- Enable store management features (products, orders, customers)
- Provide customer support and respond to inquiries
3.2 Improve and Develop Services
- Analyze usage patterns to improve user experience
- Develop new features and functionality
- Conduct research and analytics
- Test and troubleshoot new products
3.3 Communications
- Send transactional emails (receipts, order confirmations, security alerts)
- Provide product updates and announcements
- Send marketing communications (with your consent)
- Respond to your comments, questions, and requests
3.4 Security and Compliance
- Detect, prevent, and address fraud and security issues
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with legal obligations and regulatory requirements
- Protect the rights and safety of our users and third parties
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance | Account creation, subscription processing, service delivery, customer support |
| Legitimate Interests | Analytics, fraud prevention, product improvement, security measures |
| Consent | Marketing emails, optional cookies, third-party integrations |
| Legal Obligation | Tax compliance, regulatory requirements, legal proceedings |
5. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
5.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our platform, including payment processing, hosting, analytics, and customer support. These providers are bound by contractual obligations to keep your information confidential.
5.2 Business Transfers
If FBCommerce or FIFTHBOSTON HOLDINGS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership.
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).
5.4 Protection of Rights
We may disclose information when we believe disclosure is necessary to protect our rights, investigate fraud, or protect the safety of our users or others.
5.5 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
π We Never Sell Your Data
FBCommerce does not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Third-Party Service Providers
We work with the following categories of third-party service providers:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Payment Processing Stripe, Inc. |
Process subscription payments and manage billing | Name, email, billing address, payment card details |
| Cloud Infrastructure | Host our platform and store data securely | All platform data (encrypted at rest) |
| Analytics | Understand usage patterns and improve services | Usage data, device info (anonymized where possible) |
| Email Services | Send transactional and marketing emails | Email address, name, communication preferences |
| Customer Support | Provide help desk and chat support | Account info, support ticket content |
| Security Services | Fraud prevention and security monitoring | IP address, device fingerprints, activity patterns |
All third-party providers are required to maintain the confidentiality of your information and are prohibited from using your personal data for any purpose other than providing services to us.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and store information about your interactions with our platform.
7.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for platform functionality (authentication, security, preferences) | Session / 1 year |
| Analytics Cookies | Help us understand how users interact with our platform | Up to 2 years |
| Preference Cookies | Remember your settings and preferences | Up to 1 year |
| Marketing Cookies | Track effectiveness of our marketing campaigns | Up to 1 year |
7.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
Please note that blocking essential cookies may affect the functionality of our platform.
7.3 Do Not Track
Some browsers offer a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals, but we honor the Global Privacy Control (GPC) signal where required by law.
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 3 years | Service provision, legal compliance |
| Billing Records | 7 years after transaction | Tax and financial regulations |
| Store Data | Duration of account + 90 days | Allow for data export and recovery |
| Support Tickets | 3 years | Service improvement, dispute resolution |
| Usage Logs | 12 months | Security, analytics, troubleshooting |
| Marketing Preferences | Until consent withdrawn | Respect your communication choices |
After the retention period, we securely delete or anonymize your personal information.
9. Data Security
We implement industry-standard security measures to protect your personal information:
9.1 Technical Measures
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Infrastructure: SOC 2 Type II certified cloud infrastructure
- Monitoring: 24/7 security monitoring and intrusion detection
- Backups: Regular encrypted backups with disaster recovery procedures
9.2 Organizational Measures
- Employee security training and background checks
- Data access logging and auditing
- Incident response procedures
- Regular security assessments and penetration testing
- Vendor security reviews
9.3 Payment Security
We use Stripe for payment processing. Your payment card information is transmitted directly to Stripe and never touches our servers. Stripe is PCI DSS Level 1 certified, the highest level of payment security certification.
π Security Incident Reporting
If you believe your account has been compromised or you've discovered a security vulnerability, please contact us immediately at security@fbcommerce.com.
10. International Data Transfers
FBCommerce is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
10.1 Transfer Mechanisms
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure adequate protection for international data transfers through:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide adequate data protection
- Adequacy Decisions: Where applicable, we transfer data to countries with EU adequacy decisions
- Supplementary Measures: Additional technical and organizational measures as needed
10.2 Data Localization
For Enterprise plan customers, we offer data residency options in specific regions upon request. Contact our sales team for more information.
11. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us at privacy@fbcommerce.com. We will respond to your request within 30 days (or as required by applicable law).
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
12.1 Your California Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collected, sold, or disclosed
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of the "sale" or "sharing" of your personal information
- Right to Limit Use: Limit the use and disclosure of sensitive personal information
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights
12.2 Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address)
- Commercial information (products, services purchased, transaction history)
- Internet or network activity (browsing history, interactions with our website)
- Professional or employment information (company name, job title)
- Inferences drawn from the above categories
12.3 No Sale of Personal Information
FBCommerce does not sell personal information as defined by the CCPA/CPRA. We also do not "share" personal information for cross-context behavioral advertising.
12.4 Authorized Agent
You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written proof of authorization and verify their identity.
π¬ California Requests
Submit CCPA/CPRA requests to privacy@fbcommerce.com with the subject line "California Privacy Request" or call us at the number provided in the Contact section.
13. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
13.1 Your GDPR Rights
- Right of Access (Art. 15): Obtain confirmation of whether we process your data and access to that data
- Right to Rectification (Art. 16): Correct inaccurate personal data
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restriction (Art. 18): Restrict processing in certain circumstances
- Right to Data Portability (Art. 20): Receive your data in a portable format
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
- Rights Related to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing
13.2 Data Controller
FBCommerce (operated by FIFTHBOSTON HOLDINGS) is the data controller for personal information collected through our platform. For processing of your end-customers' data, you are typically the data controller and we act as a data processor on your behalf.
13.3 Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection team at dpo@fbcommerce.com.
13.4 Supervisory Authority
If you are unsatisfied with our response or believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in your country of residence.
14. Children's Privacy
FBCommerce is not intended for use by individuals under the age of 18 (or the applicable age of majority in their jurisdiction). We do not knowingly collect personal information from children under 13 years of age.
If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@fbcommerce.com.
πΆ COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA). Our platform is designed for business use and is not directed at children.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email (for registered users)
- Display a prominent notice on our platform
- Where required by law, obtain your consent before implementing changes
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
FBCommerce Privacy Team
A service company of FIFTHBOSTON HOLDINGS
hello.commerce@fifthboston.com
For privacy-specific inquiries: privacy@fbcommerce.com
For security issues: security@fbcommerce.com
For GDPR inquiries: dpo@fbcommerce.com
Mailing Address:
FBCommerce β Privacy Team
c/o FIFTHBOSTON HOLDINGS
United States
We aim to respond to all privacy-related inquiries within 30 days or as required by applicable law.
π Related Policies
Terms of Service Β· Acceptable Use Policy Β· Data Processing Agreement Β· Cookie Policy