PRIVACY POLICY

Last Updated: January 13, 2025

FastTrack ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit wearefasttrack.com and use our services.

We maintain enterprise-grade security controls and comply with Amazon's Data Protection Policy, Acceptable Use Policy, GDPR, and all applicable data protection laws to ensure the highest standards of data protection.

Key Points

✅ We collect only information necessary to provide marketplace compliance, product development, and business services

✅ We use secure third-party processors for payments and communications (GoHighLevel, Stripe, PayPal)

✅ You have full rights to access, correct, or delete your data under GDPR and UK DPA 2018

✅ We never sell your personal information to third parties

✅ We maintain enterprise-grade security controls required by Amazon SPN

✅ We comply with strict Amazon data protection requirements for all seller and customer information

1. Information We Collect

1.1 Information You Provide Directly

When you use our services, we collect:

Contact Information

Name, email address, phone number, company name

Business address and shipping information

Business Information

Marketplace seller IDs and account information

Product details, formulations, and ingredient lists

Marketplace listings and performance data

Business registration information (for UK/EU expansion services)

Case and Service Details

Account suspension details and marketplace communications

Product restriction information and compliance documentation

Safety Data Sheets, test reports, and certifications

Product development requirements and specifications

Payment Information

Billing address and payment details (securely processed through Stripe and PayPal)

Communication Records

Email correspondence, support tickets, consultation notes

Assessment reports and case documentation

1.2 Information Collected Automatically

When you visit our website, we automatically collect:

Usage Data

Pages visited, time spent on pages, links clicked

Referring website or source of traffic

Date and time of visits

Device Information

IP address, browser type, operating system

Device type and unique device identifiers

Cookies and Tracking

Session data and user preferences

Analytics information (via GoHighLevel and Meta Pixel)

1.3 Information from Marketplace APIs

When you authorize us to access your marketplace seller account data, we may collect:

Seller Account Data

Account health metrics and performance data

Order information and listing details

Case history and marketplace communications

Inventory and catalog information

Customer Data (PII - Restricted Access)

Customer names, addresses, and contact information (only when necessary for merchant fulfilled shipping or tax/legal compliance)

Order details and transaction information

This data is handled in accordance with strict marketplace requirements and data protection regulations

2. How We Use Your Information

2.1 Service Delivery

Conduct assessments and provide marketplace appeal services

Create compliance documentation (Safety Data Sheets, exemption sheets, appeal letters)

Manage UK/EU business formation and registration

Develop and source products through Niche Expander services

Communicate order status, updates, and deliverables

Provide technical support and respond to inquiries

2.2 Marketplace Data Management

Access your marketplace seller data through authorized connections

Submit appeals and documentation to marketplaces on your behalf

Monitor case status and marketplace communications

Analyze account health and compliance issues

Comply with marketplace data handling requirements

2.3 Business Operations

Process payments and maintain financial records

Send order confirmations, invoices, and receipts

Manage customer relationships through our CRM system (GoHighLevel)

Detect and prevent fraud or abuse

Comply with legal obligations, tax requirements, and regulations

Maintain records for warranty and liability purposes

2.4 Marketing and Communications (With Your Consent)

Send service updates and important announcements

Provide educational content about marketplace compliance and business growth

Send promotional offers (you can unsubscribe at any time)

Request customer reviews and testimonials

Conduct customer satisfaction surveys

2.5 Website Improvement

Analyze website usage to improve user experience

Troubleshoot technical issues

Optimize our services based on user behavior

3. Third-Party Service Providers

We work with trusted third-party service providers who have access to your information only to perform specific tasks on our behalf and are obligated to protect your data.

Service Provider Purpose Data Shared GoHighLevel Customer relationship management, email automation, workflow management, payment processing, analytics Contact details, communication history, order information Stripe Payment processing Billing information, transaction details PayPal Payment processing Billing information, transaction details Trustmary Customer reviews and testimonials Name, email (only if you leave a review) Meta Pixel Analytics and advertising Website behavior, anonymized visitor data

3.1 Payment Processors

We use Stripe and PayPal to process payments securely. We do not store complete credit card information on our servers. Payment data is encrypted and handled according to PCI DSS standards.

Stripe Privacy Policy: https://stripe.com/privacy

PayPal Privacy Policy: https://www.paypal.com/privacy

3.2 GoHighLevel CRM Platform

All customer relationship management, email marketing, workflow automation, and analytics are handled through GoHighLevel, which provides enterprise-grade security and GDPR compliance.

3.3 Meta Pixel

We use Meta Pixel (Facebook Pixel) to measure advertising effectiveness and show relevant ads. You can opt out through your Facebook settings or browser settings.

4. Amazon Data Security Requirements

We maintain comprehensive security controls aligned with Amazon's requirements for handling seller and customer data. The following measures protect all information accessed through Amazon Services APIs and your seller data.

4.1 Network Protection

✅ Network Firewalls - Configured to deny access to unauthorized IP addresses
✅ Network Segmentation - Separate networks for different security zones
✅ Intrusion Detection/Prevention (IDS/IPS) - Real-time monitoring and blocking of malicious behavior
✅ Anti-Virus and Anti-Malware - Updated at least monthly on all systems
✅ Secure Coding Practices - Development follows security best practices
✅ Employee Training - Annual data protection and IT security awareness training for all staff with data access

4.2 Access Management

✅ Unique User IDs - Every person with data access has a unique identifier
✅ No Shared Accounts - Generic, shared, or default login credentials are prohibited
✅ Account Lockout - Automatic lockout after 10 failed login attempts
✅ 24-Hour Termination Policy - Access removed within 24 hours for terminated employees
✅ Quarterly Access Reviews - Regular audits of who has access to what data
✅ Device Restrictions - Employees cannot store data on personal devices
✅ Need-to-Know Basis - Data access granted only when required for job duties

4.3 Least Privilege Principle

Access to information is granted on a strict need-to-know basis. Fine-grained access controls ensure that users only access data necessary for their specific responsibilities.

4.4 Credential Management

✅ Strong Passwords - Minimum 12 characters with complexity requirements (upper, lower, numbers, special characters)
✅ Multi-Factor Authentication (MFA) - Required for all user accounts
✅ Password Expiration - Maximum 365-day password age with history maintained (last 10 passwords cannot be reused)
✅ API Key Encryption - All Amazon API keys are encrypted at rest
✅ Annual Key Rotation - API keys and credentials rotated at least every 12 months

4.5 Encryption Standards

Encryption in Transit (TLS 1.2+)

All data transmitted over networks is encrypted using TLS 1.2 or higher

SFTP and SSH-2 used for secure file transfers

Applies to all internal and external endpoints

Encryption at Rest (AES-256)

All stored data is encrypted using AES-256 encryption

Applies to databases, file storage, and backup systems

Encryption keys managed separately from data

4.6 Data Segregation and Attribution

We maintain separate databases for Amazon-sourced information and implement tagging mechanisms to identify the origin of all data. This ensures proper handling and deletion procedures for each data source.

4.7 Security Monitoring and Incident Response

✅ 24-Hour Incident Notification - We notify Amazon within 24 hours of detecting any security incident
✅ Incident Response Plan - Documented procedures for detecting, handling, and escalating security incidents
✅ Incident Documentation - All incidents investigated and documented with remediation actions
✅ Chain of Custody - Evidence and records maintained for all security incidents
✅ Annual Risk Assessments - Reviewed by senior management annually
✅ Bi-Annual Plan Reviews - Incident response procedures verified every 6 months

Incident Management Point of Contact (IMPOC): [email protected]

4.8 Penetration Testing and Vulnerability Scanning

✅ Annual Penetration Testing - Third-party security testing at least once per year
✅ Quarterly Vulnerability Scans - Regular automated scanning for security weaknesses
✅ Security Patch Management - Critical patches applied within 30 days of release

4.9 Employee Confidentiality

All employees and contractors who process data sign confidentiality agreements as part of their employment contracts, specifically covering the handling of Amazon seller data and customer PII.

5. Special Requirements for Personally Identifiable Information (PII)

When we access customer PII through Amazon Services API (names, addresses, contact information), the following additional restrictions apply:

5.1 Limited Use of PII

PII is accessed only when absolutely necessary for:

Merchant fulfilled shipping (order fulfillment)

Tax calculations and compliance

Producing legally required tax invoices and documents

Meeting legal and regulatory requirements

We never use PII for:

Marketing to Amazon customers

Product promotion or advertising

Review solicitation or manipulation

Any purpose not explicitly authorized

5.2 PII Data Retention

✅ Maximum 30 Days - PII is retained for no longer than 30 days after order delivery
✅ Legal Extension Only - PII may only be retained beyond 30 days if required by law
✅ Secure Deletion - PII is permanently deleted using NIST 800-88 sanitization standards

5.3 PII Never Stored Unencrypted

At no point is PII transmitted or stored without encryption (TLS 1.2+ in transit, AES-256 at rest).

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

6.1 Retention Periods

Data Type Retention Period Reason Customer Account Data Active period + 7 years UK tax and financial record requirements Technical Documentation 7 years after service Liability, warranty, and compliance purposes Communication Records 3 years Customer service and legal purposes Marketing Data Until unsubscribe or deletion request Ongoing marketing consent Amazon Customer PII Maximum 30 days post-delivery Amazon DPP requirement Website Analytics 26 months (anonymized) Usage analysis

6.2 Secure Deletion

After retention periods expire, we securely delete or anonymize personal information in accordance with NIST 800-88 standards for data sanitization.

6.3 Amazon-Mandated Deletion

If Amazon requests deletion of information, we will:

Permanently delete all live (network-accessible) instances within 90 days

Permanently delete all instances (including backups) within 30 days

Provide written certification of deletion if requested

7. Your Rights Under GDPR and UK DPA 2018

If you are located in the UK or European Economic Area (EEA), you have the following data protection rights:

7.1 Right to Access

You can request copies of your personal data. We may charge a reasonable fee for multiple copies.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data under certain circumstances, subject to legal retention requirements and Amazon DPP obligations.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

7.5 Right to Data Portability

You can request transfer of your data to another organization or directly to you in a structured, commonly used format.

7.6 Right to Object

You can object to processing of your personal data for direct marketing or where we rely on legitimate interests.

7.7 Right to Withdraw Consent

Where we rely on consent to process your data, you can withdraw that consent at any time.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at: [email protected]

We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local data protection authority.

8. International Data Transfers

Your information may be transferred to and maintained on servers located in the UK, Northern Ireland, and potentially other countries where our service providers operate.

We ensure appropriate safeguards are in place to protect your data during international transfers, including:

Standard Contractual Clauses approved by the European Commission

Ensuring all processors are GDPR-compliant

Conducting data protection impact assessments

Compliance with UK adequacy requirements

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your website experience.

9.1 Types of Cookies We Use

Essential Cookies - Required for website functionality (e.g., shopping cart, login sessions)
Analytics Cookies - Help us understand how visitors use our website
Marketing Cookies - Used to deliver relevant advertisements (Meta Pixel)
Preference Cookies - Remember your settings and preferences

9.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality. Most browsers allow you to:

View stored cookies and delete them individually

Block third-party cookies

Block cookies from specific sites

Delete all cookies when closing your browser

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us immediately at [email protected].

11. Marketing Communications

We may send marketing emails about our services, special offers, and industry updates. You can opt out at any time by:

Clicking "unsubscribe" in any marketing email

Contacting us at [email protected]

Updating preferences in your account settings

Note: Even if you opt out of marketing, we will still send transactional emails related to your orders and account.

12. Third-Party Audit Rights

We maintain transparency in our data handling practices and cooperate with appropriate security audits to ensure compliance with marketplace requirements and industry standards.

13. Business Transparency

We maintain transparent business operations and notify relevant parties of significant organizational changes that may affect our data handling practices, including:

Mergers, acquisitions, or ownership changes

Material changes to our product or service offerings

Changes to affiliated entities involved in data processing

Significant changes to our data security infrastructure

14. Data Breach Notification

In the event of a security incident affecting your personal information, we will:

To You:

Notify affected individuals within 72 hours of becoming aware of the breach

Describe the nature of the breach and likely consequences

Explain measures taken to address the breach

To Relevant Parties:

Notify affected marketplace platforms and partners as required

Provide full incident details and remediation actions

Maintain chain of custody for all evidence

To Regulators:

Notify the ICO and relevant supervisory authorities as required by GDPR and UK DPA 2018

15. Business Transfers

If FastTrack is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you via email and/or website notice of any change in ownership or use of your information.

16. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing information.

17. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act:

✅ Right to Know - Request information about data we've collected
✅ Right to Delete - Request deletion of your personal information
✅ Right to Opt-Out - We do not sell personal information
✅ Right to Non-Discrimination - We will not discriminate for exercising CCPA rights

Contact us at [email protected] to exercise these rights.

18. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy with a new "Last Updated" date

Sending email notifications to registered users

Displaying a prominent notice on our website

Your continued use after changes indicates acceptance of the updated Privacy Policy.

19. Data Protection Officer

For data protection inquiries or to exercise your rights, contact:

FastTrack
Data Protection Inquiry
48 Bachelors Walk
Lisburn, County Antrim
Northern Ireland, BT28 1XN

Email: [email protected]

We aim to respond to all privacy-related inquiries within 30 days.

20. Supervisory Authority

You have the right to lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: https://ico.org.uk
Phone: 0303 123 1113

By using FastTrack's services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.