This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the FolioTrust Service.
FolioTrust ("us", "we", or "our") operates the FolioTrust platform (the "Service"). This comprehensive policy explains how we handle data. Given the B2B nature of FolioTrust (where professionals use our platform to display reviews and collect leads from third-party end-clients), this policy strictly delineates between "User Data" (data belonging to the FolioTrust customer) and "End-Client Data" (data belonging to the people leaving reviews or filling out lead forms).
1. Data Controller vs. Data Processor
1.1. FolioTrust as Data Controller: For the "User Data" (the personal information, billing details, and login credentials of the professionals who sign up for a FolioTrust account), FolioTrust acts as the Data Controller under the GDPR.
1.2. FolioTrust as Data Processor: For the "End-Client Data" (the names, emails, and textual reviews of the clients submitted to the platform, as well as the contact information submitted via the "Work With Me" lead generation forms), the FolioTrust User acts as the Data Controller, and FolioTrust acts solely as the Data Processor. We process this End-Client Data strictly to provide the Service to the User.
2. Types of Data Collected
2.1. Personal Data (User): While using our Service, we ask you to provide certain personally identifiable information, including but not limited to: Email address, First name and last name, Professional social handles (e.g., LinkedIn, X), and Payment processing details (handled via secure third-party gateways like Stripe/Polar).
2.2. Public Portfolio Data: Information you explicitly choose to add to your FolioTrust profile, including client reviews, names, and project details, is intended for public consumption. By publishing this data, you acknowledge it will be publicly accessible via FolioTrust URLs and any external domains where you install our Embed Widgets.
2.3. Usage Data & Cookies: We collect data on how the Service is accessed, including your device's IP address, browser type, diagnostic data, and interaction events with our Embed Widgets on external sites. We use Session Cookies, Preference Cookies, and Security Cookies to operate and secure the platform.
3. Use of Data
3.1. We use the collected data to: (a) Provide and maintain the Service; (b) Process financial transactions; (c) Notify you of critical platform changes; (d) Render your public portfolio and deliver Embed Widgets to external domains via our CDN; (e) Detect and prevent fraudulent reviews or abuse of the infrastructure.
4. Third-Party Integrations and Data Sharing
4.1. We do not sell your Personal Data. We may employ third-party companies ("Service Providers") to facilitate our Service. These include: Payment Processors (who adhere to PCI-DSS standards), Cloud Hosting Providers (AWS, Vercel, or equivalent), and Analytics Providers. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
5. Global Data Rights (GDPR, CCPA, DPDP)
5.1. User Rights: Whether you are protected by the GDPR (Europe), CCPA (California), or the Digital Personal Data Protection Act (India), FolioTrust extends core privacy rights to all Users globally. You possess the right to: (a) Access the Personal Data we hold; (b) Request rectification of incorrect data; (c) Request the deletion of your account and all associated data ("Right to be Forgotten"); (d) Export your data in a portable format.
5.2. End-Client Rights: If an End-Client wishes to have their review or lead generation data deleted, they must submit the request to the FolioTrust User (the Data Controller). FolioTrust provides the User with the necessary tools to delete this End-Client data from our databases upon request.
6. Data Security and Retention
6.1. We utilize commercially acceptable, cryptographically secure means to protect your Personal Data. However, no method of transmission over the Internet is fundamentally 100% secure. We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, or to comply with legal obligations, resolve disputes, and enforce our legal agreements.
7. Contact Information
7.1. If you have any questions about this Privacy Policy, the data we hold on you, or if you would like to exercise one of your data protection rights, please contact our administrative team directly.