Privacy Policy FFto100

Effective date: 01/09/2025

Thank you for choosing FFto100. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, mobile applications, and other services (collectively, the “Services”). We operate globally and are committed to protecting your privacy and complying with applicable data protection laws.


1. Scope & Overview

This Policy applies to any personal data you provide to us when you visit or interact with our Services, including when you use our mobile apps, enroll in our courses, sign up for newsletters, or otherwise communicate with us. We operate worldwide and process data for users in many jurisdictions, including the United States, Canada, the European Union/EEA, the United Kingdom, and others. Where local law imposes additional requirements, we will comply to the extent those laws apply.


2. Controller & Contact

The data controller for the Services is FFto100. For privacy inquiries, access requests, or to exercise your privacy rights, please contact us:


Email: [email protected]

(If you are located in the EU/EEA and require a local representative, please contact the email above and we will provide the appropriate contact details.)


3. Information We Collect

We collect personal information that you provide directly and information automatically when you use our Services.


A. Information You Provide

  • Account registration details (name, email, password, phone number).

  • Payment and billing information (handled by our payment processors).

  • Profile information, course preferences, and progress data.

  • Communications and support requests (messages, feedback).

  • Content you submit to the Services (assignments, forum posts, uploaded files).

  • Any other information you choose to provide (surveys, questionnaires).


B. Information Collected Automatically

  • Usage and analytics (pages visited, time on site, course progress).

  • Device and technical data (IP address, device identifiers, operating system, browser type).

  • App-specific data (push notification tokens, in-app events).

  • Cookies and similar technologies (see Cookies section).


C. Sensitive Personal Data

We generally do not collect special categories of sensitive personal data (e.g., race, health data) unless you explicitly provide it (for example, for coaching goals). If you provide sensitive data, we will process it only with your explicit consent or where otherwise legally permitted.


4. How We Use Your Information

We use personal information to:

  • Provide, operate, and improve the Services (including hosting courses and user accounts).

  • Process payments and fulfill orders.

  • Communicate with you about your account and our Services (including updates, support).

  • Personalize your experience and recommend relevant content.

  • Conduct research and analytics to improve content and features.

  • Detect, prevent, and respond to fraud, abuse, or security incidents.

  • Send marketing communications (with your consent where required); you may opt out at any time.


5. Legal Bases for Processing (EU/EEA/UK)

If you are in the EU/EEA/UK, we rely on one or more legal bases for processing personal data:

  • Performance of a contract (to deliver the Services and fulfill orders);

  • Consent (for marketing communications, certain cookies);

  • Legitimate interests (improving services, security, fraud prevention) — balanced against your privacy rights; and

  • Compliance with legal obligations.


6. Cookies and Similar Technologies

We and our partners use cookies, web beacons and similar tracking technologies to collect usage information and support features. You can manage cookie preferences via our cookie banner/consent tool in the website footer or through your browser settings. Disabling certain cookies may affect your experience using the Services.


7. Third-Party Services and Processors

We use third-party service providers (hosting, analytics, payment processors, marketing platforms, video hosts) to operate and improve our Services. These providers act as processors and are contractually obligated to protect personal data. A non-exhaustive example of categories of processors: cloud hosting, email distribution, payments, analytics, and video streaming.


8. International Transfers

Because we operate globally, your personal data may be transferred to and processed in countries outside your home jurisdiction, including the United States. For transfers from the EU/EEA and UK, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or explicit consent. Contact [email protected] to request details of transfer safeguards.


9. Data Retention

We retain personal data as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce agreements. Typical retention examples:

  • Account data while the account is active and for a reasonable period afterward for backup and legal needs.

  • Transactional data for tax and accounting obligations (usually several years).

  • Analytics and aggregated data for as long as it is useful for improving the Services.


10. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including:

  • Access: request a copy of personal data we hold about you.

  • Rectification: correct inaccurate or incomplete data.

  • Deletion (“Right to be forgotten”): request deletion of your personal data.

  • Restriction: request limited processing in certain circumstances.

  • Portability: receive your personal data in a machine-readable format.

  • Objection: object to certain processing, including profiling.

  • Withdraw consent: where processing is based on consent, you may withdraw consent at any time.

  • California residents: additional rights under CCPA/CPRA (right to know, delete, opt-out of sale or sharing, non-discrimination).

To exercise rights, email [email protected] with “Privacy Request” in the subject and include your full name and email. We may need to verify your identity. We will respond within applicable legal timeframes (for example, within one month where required by law).


Do Not Sell or Share My Personal Information (California)

We do not knowingly sell personal information for monetary consideration. To the extent applicable, California residents can opt out of any sale or sharing by contacting us at [email protected] or by clicking our “Do Not Sell / Share” link on our site (if displayed).


11. How We Secure Your Information

We use reasonable administrative, technical, and physical safeguards to protect personal data, including encryption, secure access controls, and security monitoring. No system is 100% secure; absolute security cannot be guaranteed. In the event of a data breach that creates a risk to your rights, we will notify affected individuals and regulators as required by law.


12. Children

Our Services are intended for adults. We do not knowingly collect personal data from children under the age of 16 without parental consent. If you believe we have collected personal data from a child without consent, contact us at [email protected] and we will take steps to remove the information.


13. Communications & Marketing

If you opt-in, we may send promotions and course announcements. You can unsubscribe from marketing emails via the unsubscribe link in any email or by contacting [email protected]. Transactional messages (account, billing, course access) cannot be unsubscribed from as they are necessary for service delivery.


14. Automated Decision-Making & Profiling

We may use automated systems for analytics and personalization. If any automated decision-making produces legal or similarly significant effects for you, we will provide meaningful information and, where required, an opportunity to obtain human review.


15. User Content & Community Interactions

When you post content in community forums or share comments, those contributions may be visible to other users. Do not post sensitive personal data in public areas. We reserve the right to moderate or remove content that violates our terms.


16. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted with a new effective date, and we will notify users by email or a prominent notice where appropriate. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.


17. International, Regulatory & Supervisory Contacts

If you are in a jurisdiction with a supervisory authority (for example, an EU/EEA Member State), you have the right to lodge a complaint with the relevant authority. Contact information for the relevant supervisory authority can be provided on request.


18. Data Protection Addendum & Processors

We maintain Data Processing Agreements with our service providers. If you require a copy of our DPA or our list of subprocessors for compliance purposes, email [email protected].


19. Contact Us

For privacy questions, DSARs, or other concerns, contact:

[email protected]


© 2025 FF TO 100 - All rights reserved