Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Your Privacy Rights
- Data Security
- Data Retention
- International Data Transfers
- Children’s Privacy
- Cookies and Tracking
- Third-Party Services
- Changes to This Policy
- Contact Us
Introduction
FairFate (“we,” “our,” or “us”) operates fairfate.com, a digital marketplace for tabletop RPG products. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
By using FairFate, you agree to this Privacy Policy.
If you do not agree, please do not use our service.
Key Principles
- Transparency: We’re clear about what data we collect and why
- Control: You can access, update, or delete your data anytime
- Security: We protect your information with industry-leading security
- Minimization: We only collect what we need
- Compliance: We follow GDPR, CCPA, and other privacy laws
Information We Collect
1. Information You Provide
Account Registration
- Email address (required)
- Username (required)
- Password (encrypted, never stored in plain text)
- Display name (optional)
- Profile picture (optional)
- Bio and social links (optional)
Creator/Seller Information
- Business name
- Business type (sole proprietor, LLC, corporation, etc.)
- Tax identification number (EIN or SSN - encrypted)
- Business address
- Bank account information (for payouts - encrypted and tokenized)
- Identity verification documents (driver’s license, passport - encrypted)
Purchase Information
- Billing address
- Payment method details (last 4 digits only - see Security Policy)
- Order history
- Product reviews and ratings
Communications
- Support tickets and correspondence
- Email preferences
- Survey responses
2. Information We Collect Automatically
Usage Data
- IP address
- Browser type and version
- Operating system
- Device information (type, model, identifiers)
- Referral source (how you found us)
- Pages visited and time spent
- Click patterns and interactions
- Search queries on our platform
Transaction Data
- Purchase date and time
- Product(s) purchased
- Purchase amount
- Payment status
- Download activity
- Refund history
Performance Data
- Page load times
- Error messages
- System performance metrics
- API response times
3. Information from Third Parties
Payment Processors
- Payment confirmation from payment processor
- Fraud risk indicators
- Payment method validity
Social Media
If you choose to link social accounts:
- Public profile information
- Email address (if authorized)
- Friend lists (never accessed without permission)
Analytics Services
- Aggregated usage statistics (anonymized)
- Traffic sources and referrals
- Demographic insights (age range, general location)
How We Use Your Information
Essential Services
• Account Management
- Create and maintain your account
- Authenticate your identity
- Manage your profile and preferences
• Transaction Processing
- Process purchases and downloads
- Send receipts and order confirmations
- Handle refunds and disputes
- Facilitate creator payouts
• Customer Support
- Respond to inquiries and requests
- Troubleshoot technical issues
- Resolve disputes and complaints
Service Improvement
• Analytics
- Understand user behavior and preferences
- Identify popular content and features
- Measure platform performance
- Conduct A/B testing (anonymized)
• Product Development
- Develop new features
- Improve user experience
- Fix bugs and errors
- Optimize platform performance
Legal and Security
• Compliance
- Fulfill tax obligations
- Respond to legal requests
- Enforce Terms of Service
- Prevent fraud and abuse
• Security
- Detect and prevent fraud
- Monitor for suspicious activity
- Protect against unauthorized access
- Maintain audit logs for compliance
Marketing (With Your Consent)
Promotional Communications
- New product announcements
- Personalized recommendations
- Special offers and discounts
- Creator updates (for products you own)
You can opt out anytime in Account Settings.
Legitimate Interests
We may use your data for legitimate business purposes:
- Research and development
- Business intelligence
- Fraud prevention
- Network security
- Mergers and acquisitions (due diligence)
How We Share Your Information
We Never Sell Your Data
FairFate does not sell, rent, or trade your personal information to third parties for marketing purposes.
When We Share
Service Providers
We share data with trusted partners who help operate our platform:
Payment Processing
- Payment tokens (not full card numbers)
- Billing address (for fraud prevention)
- Transaction details
Database & Hosting
- Account information
- Product library data
- Usage logs (encrypted)
Email Services
- Email address
- Order details (for receipts)
- Account notifications
All service providers are contractually obligated to protect your data.
Creators
When you purchase a creator’s product:
- Your email (so they can contact you about updates)
- Username (for community purposes, if applicable)
- Purchase date (for analytics)
- Review/rating (if you leave one)
Creators cannot see:
- Your payment information
- Your full purchase history (only their products)
- Other creators you’ve purchased from
Legal Requirements
We may disclose information if required by law:
- Valid court order or subpoena
- Law enforcement request (with legal basis)
- National security requirements
- Regulatory investigations
We challenge overly broad requests and notify affected users when legally permitted.
Business Transfers
If FairFate is involved in a merger, acquisition, or sale:
- 30-day advance notice via email
- Privacy commitments transfer to new owner
- Option to delete account before transfer
Your Privacy Rights
Universal Rights (All Users)
• Access: Download a copy of your data anytime • Correction: Update inaccurate information • Deletion: Delete your account and data (with exceptions) • Portability: Export data in machine-readable format (JSON/CSV) • Opt-Out: Unsubscribe from marketing emails • Object: Contest automated decisions
Exercise your rights: Account Settings or email martin@fairfate.com
Additional Rights by Jurisdiction
California Residents (CCPA/CPRA)
• Right to Know: What personal information we collect, use, and share • Right to Delete: Request deletion of personal information • Right to Opt-Out: “Do Not Sell My Personal Information” (we don’t sell) • Right to Non-Discrimination: Equal service regardless of privacy choices • Authorized Agent: Use an authorized agent to exercise rights
California-specific requests: martin@fairfate.com (subject: “CCPA Request”)
EU/UK Residents (GDPR/UK GDPR)
• Right to Access: Obtain a copy of your personal data • Right to Rectification: Correct inaccurate data • Right to Erasure: “Right to be forgotten” • Right to Restrict Processing: Limit how we use your data • Right to Data Portability: Transfer data to another service • Right to Object: Object to processing based on legitimate interests • Rights Related to Automated Decision-Making: Opt-out of automated profiling
Data Protection Officer: martin@fairfate.com
Supervisory Authority: You may lodge a complaint with your local data protection authority
Australian Residents (Privacy Act)
• Access to Information: Request personal information we hold • Correction Rights: Correct inaccurate information • Complaints: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
Data Security
See our comprehensive Security & Payment Policy for full details.
Security Measures
• Encryption in Transit: All connections encrypted • Encryption at Rest: Sensitive data encrypted • Access Controls: Role-based permissions • Monitoring: Security monitoring and intrusion detection • Incident Response: 72-hour breach notification commitment
Security Standards
We follow industry-standard security practices for data protection.
Your Responsibilities
• Use strong passwords (12+ characters, mixed case, symbols) • Don’t share passwords with anyone • Log out on shared devices • Report suspicious activity to martin@fairfate.com
Data Retention
How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Active accounts | While account is active | Service provision |
| Inactive accounts | 3 years, then deleted | Re-engagement opportunity |
| Purchase records | 7 years | Tax compliance (IRS requirement) |
| Payment tokens | Until card expires or removed | Recurring payments |
| KYC documents | 5-7 years after closure | AML/KYC compliance |
| Audit logs | 12 months | Security monitoring |
| Support tickets | 3 years | Reference and compliance |
Account Deletion
When you delete your account:
- Immediate removal: Profile, personal info, payment methods
- Permanent deletion: Cannot be recovered once deleted
- Exceptions: Purchase history (7 years for tax), legal holds
Anonymous data may be retained for:
- Aggregated analytics (no personal identifiers)
- Fraud prevention (hashed identifiers)
- Legal compliance (as required by law)
International Data Transfers
Data Location
- Primary servers: United States
- Database: US region
Cross-Border Transfers
If you’re located outside the US:
• Data transfers: Your data may be transferred to and processed in the United States • Data Processing Agreements: With service providers handling your data • Security measures: We implement appropriate safeguards for international data transfers
By using FairFate, you consent to international data transfers.
Children’s Privacy
FairFate is not intended for children under 13 (or 16 in the EU).
We do not knowingly collect data from children. If we discover a child’s account:
- Immediate deletion of account and data
- Notification to parent/guardian (if contact info available)
- Purge of all associated information within 48 hours
If you believe a child has created an account: Report to martin@fairfate.com immediately.
Cookies and Tracking
What Are Cookies?
Cookies are small text files stored on your device that help us:
- Remember your login
- Store preferences (language, theme)
- Analyze site usage
- Prevent fraud
Types of Cookies We Use
Essential Cookies (Always Active)
- Authentication: Session management, login persistence
- Security: CSRF protection, fraud detection
- Preferences: Language, theme, accessibility settings
Cannot be disabled (required for site functionality)
Analytics Cookies (Optional)
- Usage tracking: Google Analytics or privacy-focused alternative
- Performance monitoring: Error tracking, page speed
- A/B testing: Feature experiments
Marketing Cookies (Disabled by Default)
- Advertising: Personalized ads (only with explicit consent)
- Remarketing: Show relevant ads on other sites
- Social media: Facebook, Twitter share buttons
Manage Cookie Preferences
Browser Controls:
- Most browsers allow you to refuse cookies
- May limit site functionality if disabled
- About Cookies - learn more
Third-Party Cookies
Some third-party services may set cookies. We have no control over third-party cookies. Review their privacy policies.
Third-Party Services
Services We Use
Payment Processing
- Purpose: Process payments securely
- Data Shared: Payment tokens, billing address
Cloud Hosting
- Purpose: Store data, deliver content
- Data Shared: User data, files, logs
Email Services
- Purpose: Send transactional emails
- Data Shared: Email address, order details
Third-Party Links
Our platform may link to external sites:
- Not controlled by us
- Separate privacy policies apply
- We’re not responsible for their practices
Review their policies before providing information.
Changes to This Policy
How We Update This Policy
- Minor updates: Posted on this page, “Last Updated” date changed
- Material changes: 30-day email notice before taking effect
- Major changes: Require acceptance to continue using service
What Constitutes a Material Change?
- Changes to data collection practices
- New data sharing with third parties
- Reduction of privacy rights
- Changes to retention periods
How to Object
If you disagree with policy changes:
- Opt-out: Contact us within 30 days to discuss
- Delete account: Request deletion before changes take effect
- Continue use: Indicates acceptance of new policy
Policy History
- Version 1.0: January 1, 2024 (initial launch)
- Version 2.0: January 1, 2025 (current - added KYC, audit logging)
Contact Us
Privacy Inquiries
General Questions:
- Email: martin@fairfate.com
- Response time: Within 5 business days
Data Requests:
- Email: martin@fairfate.com (subject: “Data Request”)
- Response time: Within 30 days (legally required)
Data Protection Officer:
- Email: martin@fairfate.com
- EU/UK data protection concerns
Security Issues
Report vulnerabilities:
- Email: martin@fairfate.com
Mailing Address
FairFate Privacy Team [Street Address] [City, State, ZIP Code] United States
Additional Resources
- Terms of Service: https://fairfate.com/terms
- Cookie Policy: https://fairfate.com/policies/cookies
- Security Policy: https://fairfate.com/policies/security
- Refund Policy: https://fairfate.com/policies/refund
- Community Guidelines: https://fairfate.com/guidelines
This privacy policy is effective as of January 1, 2025. We review and update this policy annually.
Questions? We’re here to help: martin@fairfate.com