Return to 24FulfillR

24FulfillR legal

Privacy Policy

This Privacy Policy explains how 24FulfillR, also referred to as 24F, collects, uses, discloses, retains, and protects personal data through its business services, online platform, and related communications.

Effective: July 14, 2026Last updated: July 14, 2026

We do not sell personal data.

We do not use personal data for behavioral advertising.

Clients cannot access one another's account data.

1. Scope and our role

This Policy applies to 24F websites, account workspaces, support channels, product and fulfillment services, billing, and client-authorized connected services.

For client-account information, direct business contacts, platform administration, security, billing, and 24F's own service operations, 24F acts as the business or data controller. When a client supplies customer, recipient, order, or store data so 24F can perform fulfillment services, 24F generally acts as the client's service provider or data processor and processes that data under the client's instructions. Clients are responsible for their own privacy notices and lawful collection of data they provide to 24F.

2. Personal data we collect

We collect data directly from account owners, authorized staff, clients, uploaded records, support communications, connected services, service providers, and other parties involved in completing a client's request. We also generate activity and security records as the platform is used.

CategoryExamplesPrimary purpose
Account and business identityName, company name, email address, phone number, profile image, account identifiers, roles, and permissions.Create and secure accounts, administer workspaces, provide support, and communicate about services.
Commerce and fulfillment recordsProduct and order information, recipient contact details, delivery addresses, shipment contents, tracking information, returns, inventory, and fulfillment status.Provide requested product, storage, delivery, tracking, and fulfillment services.
Product and sourcing materialsProduct links, descriptions, photographs, documents, specifications, request details, quotations, business communications, and uploaded files.Review product and manufacturing requests, obtain quotations, and coordinate requested services.
Financial and transaction recordsAccount balances, transaction amounts, currency, payer information, transfer dates, references, invoices, payments, fees, and quote decisions.Administer balances, review funding requests, invoice services, reconcile payments, prevent fraud, and meet accounting obligations.
Communications and supportTickets, request messages, email correspondence, attachments, contact preferences, and resolution history.Respond to requests, coordinate work, maintain an auditable service history, and improve support quality.
Technical, security, and usage dataAuthentication and session records, IP address, device and browser information, security and error records, activity history, and workspace preferences.Authenticate users, protect accounts, detect misuse, troubleshoot failures, and operate the service reliably.
Connected commerce dataStore identity, connection status, authorized permissions, and relevant product, inventory, order, customer, location, and fulfillment data when a client enables a connection.Maintain client-authorized commerce connections and provide the services selected by the client.

24F does not ask clients to provide government identification, health information, precise consumer geolocation, or full payment-card credentials through the ERP. Please do not upload sensitive personal data unless 24F specifically requests it for a lawful operational need.

3. How and why we use personal data

  • Provide contracted product, manufacturing, inventory, fulfillment, tracking, support, connected-service, and billing services.
  • Create accounts, verify identity, enforce permissions, maintain client isolation, and secure sensitive actions.
  • Communicate about requests, quotations, production, shipments, exceptions, balances, service changes, and support matters.
  • Maintain accurate business records, account balances, transaction histories, service activity, and security records.
  • Detect, investigate, and prevent fraud, misuse, security incidents, duplicate actions, and violations of service terms.
  • Comply with tax, accounting, customs, trade, sanctions, legal-process, and recordkeeping obligations.
  • Analyze reliability and improve service performance using operational data that is aggregated or minimized where practical.

Where applicable law requires a legal basis, 24F relies on performance of a contract, steps requested before entering a contract, compliance with legal obligations, legitimate interests in operating and securing the service, and consent where consent is specifically requested. 24F does not make solely automated decisions about individuals that produce legal or similarly significant effects.

4. How personal data is disclosed

We disclose only the data reasonably needed for a recipient to perform its function. Recipients may include fulfillment and delivery providers, product and trade service providers, payment and banking counterparties, professional advisers, government authorities where legally required, and the service-provider categories below.

Cloud and security services

Account authentication, application hosting, data storage, file storage, security, and service reliability.

Commerce platforms

Client-authorized store connections and related commerce data.

Fulfillment providers

Warehousing, delivery, shipment processing, and tracking for requested services.

Communications providers

Account notices, support communications, and service-related email.

Business service providers

Payments, currency reference data, analytics, professional advice, and other functions needed to operate the service.

Operational fulfillment frequently involves processing in multiple countries, including China and destination markets. Data may therefore be transferred to and processed outside the country where it was collected. 24F limits transfers to operationally necessary data and uses contractual, technical, and organizational safeguards appropriate to the relationship and applicable law.

24F may disclose data in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of business assets, subject to appropriate confidentiality and notice requirements.

5. Connected commerce services

Clients may choose to connect a third-party commerce service to 24F. 24F accesses connected data only with the client's authorization and only to provide enabled features and requested services.

A connection may permit access to relevant store, product, inventory, order, customer, location, and fulfillment information. 24F does not sell connected-store data or use it for behavioral advertising. Clients may disconnect a service through available account controls. Records required for completed services, security, accounting, dispute resolution, or legal compliance may be retained as described below.

6. Data retention

24F retains personal data only for as long as reasonably necessary for the purposes described in this Policy. Retention is determined by the account relationship, operational lifecycle, legal and accounting requirements, dispute and fraud-prevention needs, and the sensitivity of the data.

Account, order, shipment, inventory, quote, invoice, payment, customs, and service records may be retained after an account closes when needed to document completed services or comply with tax, accounting, trade, legal, or contractual obligations. Connected-service authorization information is retained only while needed to maintain the connection or satisfy those obligations. When data is no longer required, 24F deletes, anonymizes, or securely isolates it according to operational and legal requirements.

7. Security and account separation

24F uses administrative, technical, and organizational safeguards appropriate to the nature of the data and service. These measures are designed to protect personal data against unauthorized access, alteration, disclosure, loss, and misuse and to keep client workspaces separated.

No security system is infallible. Clients must protect account credentials and access methods, grant staff only appropriate access, and promptly report suspected unauthorized activity. If 24F identifies a qualifying personal-data breach, it will provide notifications required by applicable law.

8. Cookies and similar technology

24F uses essential cookies and browser storage for authentication, session continuity, security, account preferences, selected display currency, and interface state. These technologies are necessary to operate requested account features. 24F does not currently use third-party advertising cookies or cross-site behavioral advertising trackers.

9. Privacy rights and choices

Depending on where you live, you may have rights to request access to personal data, correction, deletion, restriction, portability, objection, withdrawal of consent, or information about categories of data and recipients. You may also have the right to appeal a refusal or complain to a local data-protection authority.

California residents may have rights to know, access, correct, and delete personal information and to receive equal service when exercising privacy rights. 24F does not sell personal information or share it for cross-context behavioral advertising, and does not use or disclose sensitive personal information for purposes requiring a right to limit under California law.

EEA and UK individuals may have rights under applicable data-protection law, including access, rectification, erasure, restriction, portability, objection, and the right to complain to a supervisory authority. Where 24F processes end-customer data on a client's behalf, the request should normally be directed first to that client; 24F will assist the client as required.

To submit a request, email 24fulfillr@24f.site with the subject "Privacy Request." Describe the account or relationship involved and the right you wish to exercise. 24F may verify identity and authority before acting. We will respond within the period required by applicable law and explain any lawful exception.

10. No sale or behavioral advertising

24F does not sell personal data for money or other valuable consideration and does not share personal data for cross-context behavioral advertising. Because 24F does not engage in those practices, there is currently no separate "Do Not Sell or Share" mechanism. If these practices change, this Policy and applicable preference mechanisms will be updated before the change takes effect.

11. Children

24F is a business fulfillment and operations service intended for adults acting for a business. It is not directed to children under 18, and 24F does not knowingly create accounts for or directly collect personal data from children. Contact us if you believe a child has provided personal data directly to 24F.

12. Changes to this Policy

24F may update this Policy to reflect changes in services, integrations, law, or data practices. The "Last updated" date will identify the current version. Material changes will be communicated through the service, by email, or by another appropriate method before they take effect when required by law.

13. Contact 24FulfillR

Questions, complaints, and privacy-rights requests can be directed to 24FulfillR using the contacts below.

This is the current final version of the 24FulfillR Privacy Policy, effective July 14, 2026.