Foteza Privacy Policy

Last Updated: April 25, 2026

Foteza Inc. ("Foteza," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy applies to all users of the Foteza mobile application, website, and services — including businesses and content creators ("Creatives"). It describes what personal information we collect, how we use it, and your rights.


1. Information We Collect

Account & Profile Information

  • Name, email address, and password (encrypted)

  • Phone number (optional)

  • Profile photo, bio, and display name

  • Location (city/region)

  • Role on the platform (Business or Creative)

Businesses additionally provide:

  • Business name, industry, and branding details

  • Campaign assets, briefs, and content objectives

Creatives additionally provide:

  • Social media handles (TikTok, Instagram, YouTube)

  • Creative specializations, equipment list, and shooting styles

  • Portfolio images, reels, and pitch videos

  • Age (for eligibility verification)

Social Media Integration

When you connect a TikTok, Instagram, or YouTube account, we collect:

  • Profile information and handle

  • Follower/subscriber count

  • Video metadata (title, description, URLs, cover images)

  • Performance metrics (views, likes, comments, shares)

This data is used to track campaign performance, calculate performance-based earnings, and verify creator authenticity. Metrics are refreshed every 24–48 hours via platform APIs. You can disconnect your social accounts at any time in Settings → Connected Accounts.

Campaign & Activity Data

  • Campaign applications, approvals, and deliverable submissions

  • Campaign budgets, rates, targeting, and content requirements

  • Filming session durations and timer data

  • Goal-tracking and performance analytics

  • AI-generated quality assessment scores for submitted deliverables

  • Post links submitted for analytics tracking

Shopify Integration

When a business connects their Shopify store:

  • We store the store domain and Shopify Admin API access token (encrypted)

  • We generate unique discount codes per creator via the Shopify Price Rules API

  • When a customer uses a creator's code at checkout, Shopify sends a webhook to Foteza containing: order ID, discount code used, order subtotal, and customer country

We do not receive or store customer names, email addresses, billing addresses, or payment card details from Shopify. Creatives receive only aggregate purchase counts and commission totals — not individual customer data. Shopify order webhook data is retained for 7 years for financial compliance.

App Install Campaigns

To enable install-based campaign tracking, businesses provide:

  • Apple App Store App ID and Provider Token

  • App Store Connect API Key ID, Issuer ID, and .p8 private key file (stored encrypted in Google Cloud Storage, used read-only with Apple's Analytics Reporting API)

Creatives receive a unique App Store Campaign Link; attributed install counts are reported by Apple with a 24–72 hour delay.

Lead Capture Data

When a business activates a Foteza lead form:

  • Lead submissions include name, email, phone, and optional video/audio introduction

  • Video and audio files are processed by Google Cloud Vision AI and Google Cloud Speech-to-Text for AI-powered verification scoring

  • AI scores, face detection results, and transcriptions are stored with the lead record

The business is the data controller for their leads. Foteza acts as a data processor on the business's behalf.

Payment & Financial Information

  • Stripe customer and payment method tokens (we do not store raw card numbers)

  • Transaction amounts, timestamps, and payout records

  • Stripe Connect account information for Creatives receiving payments

  • Billing history for filming sessions and weekly performance charges

  • Earnings reports, payout history, and commission calculations

Instagram Auto-DM Integration

  • Instagram account identifiers obtained via the Late API

  • Comment and DM automation settings

  • We do not store full Instagram message histories beyond what is required for automation logging

Communication Data

  • In-app messages between businesses and Creatives

  • Chat thread and conversation history

  • Notification preferences and delivery history

  • Support tickets and customer service interactions

Usage & Technical Data

  • Device type, operating system, and app version

  • In-app actions and feature usage

  • Crash reports and performance diagnostics

  • IP address and browser type (website)

  • Push notification tokens (Firebase Cloud Messaging)

Location Data

  • City/region (with permission) for creator–business matching within a 50 km radius

  • We do not continuously track precise GPS location in the background

  • Location is used only for campaign matching and display purposes


2. How We Use Your Information

Core Platform Services

  • Provide, operate, and improve the Foteza marketplace

  • Match businesses with Creatives based on location, expertise, and equipment

  • Display profiles to potential collaboration partners

  • Facilitate campaign applications, approvals, and deliverable workflows

  • Enable in-app messaging and collaboration tools

Performance Tracking & Payments

  • Track video performance across TikTok, Instagram, and YouTube

  • Calculate performance-based earnings (views, leads, installs, Shopify sales)

  • Attribute Shopify purchases to the correct creator via discount code tracking

  • Track app install attribution via Apple's Analytics Reporting API

  • Process payments and issue Stripe payouts

  • Track filming sessions and billable hours

  • Generate earnings reports and payout summaries

  • Enforce payment thresholds and caps

AI & Automation Features

  • AI-screen creative deliverables and present quality assessments to reviewing businesses

  • Verify the authenticity of leads submitted to business campaigns

  • Power the Fozi AI assistant for content strategy guidance (outputs are informational only — not professional legal, financial, or marketing advice)

  • Automate Instagram DM replies via the Auto-DM feature

Platform Security & Legal

  • Detect and prevent fraud, fake engagement, and terms violations

  • Monitor for anomalous analytics patterns

  • Comply with legal, tax, and regulatory obligations

  • Respond to lawful requests from authorities

Communications

  • Send transactional notifications (payout confirmations, application updates, campaign alerts)

  • Send product updates and feature announcements

  • Deliver support responses


3. How We Share Your Information

We do not sell your personal data.

With Other Users

  • Businesses see a Creative's public profile (name, photo, bio, location, handles, portfolio, equipment) when a Creative applies to their campaign

  • Creatives see campaign briefs, payment terms, and brand information from businesses

  • Earnings, banking details, and personal contact information are never shared between users

With Service Providers

ProviderPurposeStripePayment processing and Connected Account payoutsFirebase / Google CloudHosting, database (Firestore), authentication, storage, Cloud Functions — data stored in us-central1, Iowa, USAGoogle Cloud AI (Vision, Speech-to-Text)Lead video/audio verification processingShopifyDiscount code creation and purchase webhook attributionTikTok, Meta (Instagram), YouTubeFetching video performance data via their APIsLate API (getlate.dev)Instagram Auto-DM automationApple Inc.App Store install attribution via Analytics Reporting API (read-only)Google Places APILocation autocomplete

For Legal & Safety Reasons

  • To comply with legal obligations, court orders, or regulatory requirements

  • To prevent fraud, security threats, or illegal activity

  • To protect the rights, property, and safety of Foteza and its users

  • To enforce our Terms of Service

  • In connection with a business transfer (merger, acquisition, or sale) — users will be notified before any such transfer


4. Third-Party Platform Data

TikTok, Instagram, YouTube We access social media data through official APIs (TikTok Display API, Meta Graph API, YouTube Data API) to retrieve video metadata and performance metrics for earnings calculations and campaign tracking. You can revoke access at any time through your social platform account settings or through Foteza's app settings.

Shopify We access the Shopify Admin API on behalf of businesses who connect their store. Access is limited to creating and reading discount codes (Price Rules) and receiving order webhooks for purchase attribution. We do not access customer emails, addresses, or payment card details. Webhook data is limited to: order ID, discount code, order subtotal, and customer country.

Apple App Store Connect For App Install Campaigns, we use the provided App Store Connect API credentials (read-only) to retrieve install attribution data from Apple's Analytics Reporting API. Credentials are stored encrypted and are only used for this purpose.

Data Refresh

  • Social media metrics: refreshed every 24–48 hours via platform APIs

  • Real-time updates occur on manual sync

  • Historical data is retained for earnings calculations and dispute resolution


5. Your Rights

Access & Portability

  • Request a copy of your data at support@foteza.com

  • View your complete profile, earnings, and activity history in-app

Control & Management

  • Update your profile and account settings in-app

  • Delete your account and associated data (Settings → Danger Zone → Delete Account) or by emailing support@foteza.com — processed within 30 days

  • Disconnect social media accounts (Settings → Connected Accounts)

Communication Preferences

  • Opt out of marketing emails via the unsubscribe link

  • Manage push notification preferences in device Settings

Data Correction

  • Request correction of inaccurate profile information

  • Dispute inaccurate earnings calculations by contacting support@foteza.com

California Residents (CCPA) California residents have the right to know what personal information is collected, whether it is sold or disclosed (we do not sell your data), and the right to deletion and non-discrimination. Contact support@foteza.com for CCPA requests.

EU / UK Residents (GDPR / UK GDPR) EU and UK residents have the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, to object to processing, and rights related to automated decision-making. Contact support@foteza.com for GDPR requests. For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.


6. Data Retention

Data TypeRetention PeriodAccount & profile dataDuration of account + 90 days after deletionPortfolio contentUntil deleted by user or account closureCampaign deliverable files12 months after campaign completionLead data2 years or until deleted, whichever is soonerLead video/audio files6 months after submissionSocial media performance snapshots2 years (for earnings dispute resolution)AI review scoresLife of the associated deliverable recordFilming sessions2 years (for tax/audit purposes)Dispute records3 yearsPayment transactions & Shopify webhook data7 years (legal/tax requirement)Messages1 year after account deletionAggregated analyticsIndefinitely (anonymized)



7. Security

We protect your data using:

  • TLS/SSL encryption for data in transit

  • Encryption at rest via Google Cloud

  • Firebase Security Rules and role-based access controls

  • PCI-compliant payment processing via Stripe

  • Encrypted storage of sensitive API credentials (Shopify tokens, Apple .p8 keys)

  • Incident response procedures and monitoring for suspicious activity

No system is 100% secure. You are responsible for keeping your login credentials confidential. Contact us immediately at support@foteza.com if you suspect unauthorized access to your account.


8. Children's Privacy

Foteza is not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us their data, contact support@foteza.com and we will delete the account within 48 hours.


9. Cookies and Tracking

Website (foteza.com) Our website uses cookies for authentication and session management, analytics and performance monitoring (Google Analytics), personalization, and security and fraud prevention.

Mobile App Our app uses Firebase Analytics for usage tracking, crash reporting for stability improvements, performance monitoring, and push notification tokens.

Your Choices

  • Browser: Disable cookies in your browser settings

  • Mobile: Limit ad tracking in device settings (iOS: Settings → Privacy & Security → Tracking)

  • Analytics opt-out: tools.google.com/dlpage/gaoptout


10. Third-Party Links

Our app and website may contain links to third-party services including social media platforms, Stripe, Shopify stores, and portfolio websites. We are not responsible for the privacy practices of third parties. Review their privacy policies before providing personal information.


11. Business Transfers

If Foteza is involved in a merger, acquisition, or sale, your data may be transferred to the new entity. We will notify you via email before any transfer occurs. You may delete your account before transfer if you choose not to proceed.


12. Changes to This Policy

We may update this Privacy Policy periodically. When we do:

  • We will update the "Last Updated" date at the top

  • We will notify you via email and in-app notification at least 7 days before significant changes take effect

  • Continued use after changes constitutes acceptance of the updated policy


13. Governing Law

This Privacy Policy is governed by the laws of the Province of Manitoba, Canada.


14. Contact Us

Foteza Inc. Email: support@foteza.com

We aim to respond within 3 business days. GDPR/CCPA requests will be processed within 30 days.

By using Foteza, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.