Privacy Policy
Effective Date: March 5, 2026 | Last Updated: March 5, 2026
This Privacy Policy describes how TFX Media LLC, doing business as FallR8 (“FallR8,” “we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you access or use our website at fallr8.com and any related services, features, or content we offer (collectively, the “Services”).
FallR8 is a peer-to-peer marketplace for buying and selling skydiving gear. We facilitate transactions between individual buyers and sellers. We do not take possession of goods, do not inspect gear, and do not guarantee the condition or airworthiness of any equipment listed on our platform.
This Privacy Policy applies to all users of the Services, including registered buyers, registered sellers, and visitors who browse the platform without an account. Your use of the Services is governed by our Terms of Service, which incorporate this Privacy Policy by reference.
This Privacy Policy does not apply to the practices of other users (including sellers) or third parties that we do not own or control. When you transact with another user on FallR8, that user may independently collect and use your information subject to their own practices, and we encourage you to exercise caution when sharing information directly with other users.
1. Information We Collect
We collect information in several ways: directly from you, automatically when you use the Services, and from third-party service providers.
1.1 Information You Provide to Us
Account Registration. When you create a FallR8 account, we collect your email address, password (stored only in securely hashed form — we never store or have access to your plaintext password), first name, and last name.
Profile Information. You may choose to provide additional information to complete your profile, including a display name, phone number, profile photo, biographical description, city and state of residence, and home dropzone. Profile information you provide may be visible to other users of the Services.
Shipping Address. If you provide a shipping address for transactions, we collect your name, street address, city, state, and ZIP code. Shipping addresses are stored for checkout convenience and shared with sellers and our shipping provider to fulfill orders.
Listing Content. When you create a listing, we collect the information you provide about the gear you are selling, including title, description, pricing, condition, photographs, and gear-specific technical details such as date of manufacture, serial numbers, jump counts, canopy sizes, repack dates, and other specifications relevant to the gear category.
USPA Verification. To list or purchase certain categories of safety-critical skydiving equipment (such as canopies, AADs, containers, reserves, rigs, and wingsuits), you must submit your United States Parachute Association (USPA) membership information, including your first name, last name, and USPA membership number. This information is reviewed by our team and used solely for verification of your eligibility to transact in restricted gear categories.
Transaction Information. When you buy or sell gear on FallR8, we collect information about the transaction, including item details, purchase price, shipping costs, fees, transaction status, and communications between buyer and seller related to the transaction.
Messages. When you communicate with other users through our messaging feature, we collect and store the content of those messages, including any text or information you share within them. Messages may be reviewed by FallR8 personnel when necessary to investigate disputes, enforce our Terms of Service, or respond to reports of abuse or illegal activity.
Offers and Negotiations. When you make, receive, counter, accept, or reject an offer on a listing, we collect the offer amount, any accompanying message, and the history of the negotiation.
Vouches. If you leave a vouch (endorsement) for another user after a completed transaction, we collect the content of your vouch, including any optional comment.
Reports. If you report a listing, user, or message, we collect the reason for the report and any additional details you provide.
Customer Communications. If you contact us for support or with questions, we collect the information you provide in those communications.
User-Generated Content. Information you choose to include in listings, profile descriptions, shop pages, messages, vouches, or other user-generated content may be visible to other users or to the public depending on the feature. You should avoid posting personal information that you do not wish to make visible to others. FallR8 is not responsible for how other users or third parties use information that you voluntarily share through public or user-visible features of the Services.
1.2 Information We Collect Automatically
Log and Usage Data. When you access the Services, our servers automatically record information including your Internet Protocol (IP) address, browser type and version, operating system, referring URL, pages visited, actions taken on the Services, timestamps, and general diagnostic data.
Device Information. We may collect information about the device you use to access the Services, including device type, operating system, and unique device identifiers.
General Location Information. We infer your approximate location (such as city, state, or country) from your IP address. We use this information for security and fraud prevention, to comply with applicable tax obligations, and to tailor certain aspects of the Services to your location. We do not collect precise geolocation data from your device.
1.3 Information We Receive from Third Parties
Payment Processors. Our payment processor, Stripe, provides us with limited information related to your transactions, including confirmation of payment status, transaction identifiers, and information about your Stripe Connect account status if you are a seller (such as whether your account is active and payouts are enabled). We do not receive or store your full credit card number, debit card number, bank account number, or other sensitive payment credentials — that information is collected and held by Stripe directly.
Shipping Providers. Our shipping provider, Shippo, provides us with tracking status updates, carrier information, and delivery confirmation data related to shipments initiated through the Services.
2. How We Use Your Information
We use the information we collect for the following purposes:
To Provide and Maintain the Services. We use your information to create and manage your account, facilitate transactions between buyers and sellers, enable messaging and offer negotiation, display listings, operate the verification and vouch systems, and generally provide, maintain, and improve the Services.
To Process Transactions. We use your information to process purchases, calculate and collect applicable fees and taxes, facilitate shipping, initiate payouts to sellers, manage the transaction lifecycle (including inspection windows and delivery confirmations), and maintain transaction records.
To Verify Your Identity and Eligibility. We use your USPA membership information to verify your eligibility to list or purchase safety-critical gear categories. We use your email address to verify your account. Sellers use Stripe's onboarding process to verify their identity and banking information for payouts.
To Communicate with You. We use your email address and in-app notification system to send you transactional communications, including order confirmations, shipping updates, delivery notifications, payment confirmations, payout notifications, dispute updates, verification status updates, and other messages related to your use of the Services. These transactional communications are necessary for the operation of the Services and cannot be opted out of while you maintain an account.
To Protect Safety and Security. We use your information to detect, investigate, and prevent fraud, unauthorized access, and other illegal or harmful activities. This includes monitoring transactions for suspicious patterns, enforcing our Terms of Service, and compiling evidence in connection with disputes and chargebacks.
To Comply with Legal Obligations. We use your information as necessary to comply with applicable laws, regulations, legal processes, and governmental requests, including tax reporting obligations.
To Resolve Disputes. We use your information, including transaction records, message history, tracking data, and listing details, to investigate and resolve disputes between buyers and sellers, and to respond to chargebacks initiated through payment processors.
To Improve the Services. We use aggregated and de-identified information to understand how users interact with the Services, identify areas for improvement, and develop new features.
3. How We Share Your Information
We do not sell your personal information, as that term is defined by applicable law. We share your information only in the following circumstances:
3.1 With Other Users
When you engage in a transaction on FallR8, certain information is shared between the buyer and seller as necessary to complete the transaction. This includes your display name, profile information, shipping address (shared with the seller for fulfillment), and any information you include in messages or offers. Your public profile, shop page, listing content, and vouches are visible to all users and visitors of the Services.
3.2 With Service Providers
We share your information with third-party service providers that perform services on our behalf, as described in Section 4 below. These providers are contractually obligated to use your information only as necessary to provide services to us and in a manner consistent with this Privacy Policy.
3.3 For Legal Reasons
We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of FallR8, our users, or the public; (d) detect, prevent, or address fraud, security, or technical issues; or (e) respond to an emergency involving danger of death or serious physical injury. This includes disclosure in response to valid subpoenas, court orders, or other lawful requests from government authorities. Where permitted by law, we will make reasonable efforts to notify the affected user before disclosing their information in response to legal process.
3.4 In Connection with a Business Transfer
If FallR8 or TFX Media LLC is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets, or similar transaction or proceeding, your information may be shared or transferred as part of that transaction. We will make reasonable efforts to notify you via email or prominent notice on the Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
3.5 With Your Consent
We may share your information for other purposes with your express consent.
3.6 Aggregated or De-Identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you, without restriction.
4. Third-Party Service Providers
We use the following categories of third-party service providers to operate the Services. Each provider receives only the information necessary to perform its designated function.
| Provider | Purpose | Categories of Information Shared |
|---|---|---|
| Stripe (including Stripe Connect, Stripe Tax, and Stripe Radar) | Payment processing, seller onboarding and payouts, sales tax calculation, fraud prevention, and chargeback management | Transaction amounts, buyer shipping address (for tax calculation), seller identity and banking details (submitted directly to Stripe by the seller during onboarding — not stored by FallR8), dispute evidence (transaction history, messages, tracking data) |
| Cloudinary | Image hosting and optimization | Listing photographs and profile/shop images uploaded by users |
| Shippo | Shipping label creation, carrier rate comparison, and package tracking | Sender and recipient names, addresses, phone numbers, email addresses, and parcel dimensions |
| Resend | Transactional email delivery | Recipient email addresses and email content |
| Supabase | Database hosting (PostgreSQL) | All application data (stored in encrypted-at-rest databases) |
| Cloudflare | DNS, content delivery, and web application firewall | IP addresses, traffic metadata, and request data |
| Vercel | Frontend application hosting | Client request data |
| Railway | Backend API hosting | API request and response data |
Important notes regarding Stripe: When you make a purchase on FallR8, your payment information (such as credit card number, PayPal credentials, or other payment method details) is collected directly by Stripe through its Payment Element, which is embedded in our checkout page. FallR8 never receives, processes, or stores your full payment credentials. Stripe is certified as a PCI Level 1 Service Provider, the most stringent level of payment security certification. When you onboard as a seller, you submit your identity documents, date of birth, Social Security number (or last four digits), and bank account details directly to Stripe as part of its Express account onboarding process. FallR8 does not receive or store this information — we only receive confirmation of your onboarding status from Stripe.
Each of these third-party providers maintains its own privacy policy governing its collection and use of your information. We encourage you to review the privacy policies of these providers:
- Stripe: https://stripe.com/privacy
- Cloudinary: https://cloudinary.com/privacy
- Shippo: https://goshippo.com/privacy
- Resend: https://resend.com/legal/privacy-policy
- Supabase: https://supabase.com/privacy
- Cloudflare: https://www.cloudflare.com/privacypolicy/
5. Cookies and Similar Technologies
5.1 Current Use
FallR8 does not use cookies for advertising, analytics, or cross-site tracking purposes. We do not serve advertisements on the Services, and we do not share your information with advertising networks.
Our Services use an authentication token stored in your browser to keep you logged in across sessions. This token identifies your account session, expires after a set period, and is stored entirely on your device. No tracking or advertising cookies are set by FallR8.
Our third-party infrastructure providers may set strictly necessary cookies for security and performance purposes, such as bot detection and DDoS protection. These cookies are essential to the functioning of the Services and cannot be disabled.
5.2 Future Changes
If we introduce analytics, performance monitoring, or other technologies that use cookies or similar tracking mechanisms, we will update this Privacy Policy and, where required by applicable law, provide you with notice and any required consent mechanisms before deploying such technologies. We will never sell your personal information to advertisers or data brokers.
5.3 Do Not Track Signals
Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no uniform standard for how DNT signals should be interpreted, and because FallR8 does not currently engage in cross-site tracking, we do not currently respond to DNT signals. If we adopt tracking practices in the future, we will update this section accordingly.
6. Data Security
We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- Password Security. User passwords are stored using industry-standard, one-way cryptographic hashing. We never store, log, or have access to your plaintext password.
- Encryption in Transit. All data transmitted between your browser and our Services is encrypted using TLS (HTTPS).
- Encryption at Rest. Our database provider encrypts stored data at rest.
- Access Controls. Access to personal information within our systems is restricted to authorized personnel who require such access to perform their job functions.
- Payment Security. We never receive, process, or store your full payment card details. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.
- Webhook Verification. We verify the authenticity of all incoming communications from our third-party service providers to prevent spoofing and unauthorized data injection.
- Input Validation. We validate all user input on both the client side and server side to protect against injection attacks and malformed data.
- Rate Limiting. We employ rate limiting to prevent abuse of our Services.
- Infrastructure Security. Our Services are protected by industry-standard web application firewall and DDoS protection measures.
No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately at the address provided in Section 13.
In the event of a data security incident involving personal information, we will investigate the incident and notify affected users and relevant regulatory authorities as required by applicable law.
7. Data Retention
We retain your personal information for as long as your account is active or as reasonably necessary to provide the Services to you. Specifically:
- Account Data. We retain your account information for as long as your account remains active. If your account is deactivated or banned, we retain your account records as necessary to comply with our legal obligations, enforce our agreements, and resolve disputes.
- Transaction Records. We retain transaction records, including purchase amounts, fee calculations, payout records, and associated tax information, for a minimum of seven (7) years following the completion or cancellation of the transaction, as required for financial record-keeping, tax reporting, and audit purposes.
- Messages and Offers. We retain messages and offer history for as long as the associated accounts remain active, and for a reasonable period thereafter as necessary for dispute resolution and legal compliance.
- Listing Content. Active listings are retained for as long as they are published. Sold, expired, or removed listings are retained in an archived state for record-keeping and dispute resolution purposes.
- Verification Records. We retain USPA verification submission records for as long as the associated account is active and for a reasonable period thereafter.
- Authentication Tokens. Email verification tokens expire after 24 hours. Password reset tokens expire after 1 hour. Expired tokens are retained in the database but are no longer valid for authentication purposes.
- Server Logs. Server access logs are retained for a reasonable period for security monitoring, debugging, and fraud prevention purposes.
When personal information is no longer necessary for the purposes for which it was collected, we will delete or de-identify it in accordance with our internal data management practices, subject to any legal obligations that require longer retention.
8. Your Rights and Choices
8.1 Account Information
You may access, update, or correct your profile information at any time by logging into your account and navigating to your profile or account settings pages. You may change your email address (which will require re-verification) and update your password through the account settings.
8.2 Communications
You may not opt out of transactional communications that are necessary for the operation of the Services (such as order confirmations, shipping notifications, payment updates, dispute notifications, and security alerts). If we introduce promotional or marketing communications in the future, we will provide you with the ability to opt out of such communications.
8.3 Account Deletion
You may request deletion of your account by contacting us at the address provided in Section 13. Upon receiving and verifying your request, we will delete or de-identify your personal information, except for information we are required or permitted to retain for legitimate business purposes, legal compliance, dispute resolution, or enforcement of our agreements. Please note:
- Transaction records associated with your account will be retained for the minimum period required for financial and tax compliance (see Section 7).
- If you have open transactions, active disputes, or pending payouts, we may require you to resolve those before we can process your deletion request.
- Information that has been shared with other users (such as messages sent to other users, vouches, and transaction history visible to transaction counterparties) may persist in those users' accounts and records.
- Listing photographs that have been uploaded to our image hosting provider may be removed, but cached copies may persist temporarily in content delivery networks.
We will process verified deletion requests within forty-five (45) days of receipt, or within the timeframe required by applicable law, whichever is shorter.
8.4 Data Access and Portability
You may request a copy of the personal information we hold about you by contacting us at the address provided in Section 13. We will provide your information in a commonly used electronic format within a reasonable timeframe, not to exceed the period required by applicable law.
8.5 Correction
If you believe that any personal information we hold about you is inaccurate, you may update it directly through your account settings or contact us to request a correction.
8.6 Withdrawing Consent
Where our processing of your personal information is based on your consent, you may withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of any processing conducted prior to your withdrawal.
9. State-Specific Privacy Disclosures
The following disclosures supplement the information provided elsewhere in this Privacy Policy and apply to residents of states with comprehensive consumer data privacy laws.
9.1 Categories of Personal Information
For purposes of state privacy laws, the following table summarizes the categories of personal information we collect, the purposes for which we use each category, and whether we disclose each category to third parties.
| Category | Examples | Purpose(s) | Disclosed to Third Parties |
|---|---|---|---|
| Identifiers | Name, email address, USPA membership number, IP address, account ID | Account creation, verification, communication, security | Yes — service providers (Stripe, Shippo, Resend, Cloudflare) |
| Customer records | Shipping address, phone number, transaction records | Transaction processing, shipping, tax compliance | Yes — service providers (Stripe, Shippo) |
| Commercial information | Purchase and sale history, listing content, offer history, fees paid | Transaction facilitation, dispute resolution, record-keeping | Yes — service providers (Stripe); limited transaction details shared with transaction counterparties |
| Internet or electronic network activity | IP address, browser type, pages visited, actions taken on the Services | Security, fraud prevention, service improvement | Yes — infrastructure providers (Cloudflare, Vercel, Railway) |
| Geolocation data (approximate) | City, state, country (inferred from IP address) | Tax calculation, security, fraud prevention | Yes — Stripe (for tax calculation) |
| Professional information | USPA membership number, license type | Eligibility verification for safety-critical gear categories | No |
| Visual information | Profile photos, listing photographs, shop images | Display within the Services | Yes — Cloudinary (image hosting) |
| Inferences | None | We do not currently create inferred profiles about users | N/A |
9.2 Disclosure Practices
We do not sell personal information. FallR8 does not sell, rent, or lease your personal information to third parties for monetary or other valuable consideration, as those terms are defined by applicable law.
We do not share personal information for cross-context behavioral advertising. FallR8 does not share your personal information with third parties for the purpose of cross-context behavioral advertising or targeted advertising.
We do not currently engage in profiling. FallR8 does not currently use automated decision-making or profiling that produces legal or similarly significant effects on users. If this changes, we will update this Privacy Policy accordingly.
9.3 Your State Privacy Rights
Depending on your state of residence, you may have some or all of the following rights under applicable state privacy law:
- Right to Know / Access. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your personal information was collected, the business or commercial purposes for which your personal information was collected, and the categories of third parties to whom your personal information was disclosed.
- Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law (such as legal compliance, transaction completion, security, and exercising or defending legal claims).
- Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Portability. You have the right to receive a copy of your personal information in a portable and readily usable format.
- Right to Opt Out. You have the right to opt out of the sale of your personal information, the sharing of your personal information for cross-context behavioral advertising, and the processing of your personal information for profiling in furtherance of decisions that produce legal or similarly significant effects. Because FallR8 does not currently engage in any of these practices, there is no action required to exercise these rights at this time.
- Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.
- Right to Appeal. If we deny your request to exercise any of the above rights, you have the right to appeal that decision. To appeal, contact us using the information in Section 13. If your appeal is denied, you may contact your state's Attorney General to file a complaint.
To exercise any of these rights, please submit a request using the contact information in Section 13. We will verify your identity before processing your request by confirming your email address and, where necessary, requesting additional information. We will respond to verified requests within the timeframe required by applicable law (generally 45 days, with the possibility of a 45-day extension where reasonably necessary). You may designate an authorized agent to submit a request on your behalf, provided the agent can demonstrate proper authorization.
9.4 California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”). The disclosures above in Sections 9.1 through 9.3 are intended to satisfy the requirements of the CCPA.
In the preceding twelve (12) months, we have collected the categories of personal information described in Section 9.1 above. We have not sold or shared (as those terms are defined by the CCPA) any personal information. We have disclosed personal information to the categories of service providers described in Section 4 for the business purposes described in Section 2.
California's “Shine the Light” law (Civil Code Section 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. FallR8 does not disclose personal information to third parties for their direct marketing purposes.
9.5 Tennessee Residents
If you are a Tennessee resident, you may have rights under the Tennessee Information Protection Act (“TIPA”), effective July 1, 2025. The disclosures and rights described in Sections 9.1 through 9.3 are intended to satisfy the requirements of TIPA, to the extent TIPA applies to our operations. FallR8 aspires to maintain a privacy program that reasonably conforms to the National Institute of Standards and Technology (NIST) Privacy Framework, consistent with the size and complexity of our business.
9.6 Residents of Other States
If you reside in Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Kentucky, Maryland, Minnesota, Indiana, or any other state with a comprehensive consumer data privacy law, the rights described in Sections 9.1 through 9.3 are intended to satisfy the requirements of your state's applicable privacy law to the extent it applies to our operations. If you believe you have additional rights under your state's law that are not addressed in this Privacy Policy, please contact us and we will work with you to address your request.
10. Children's Privacy
FallR8 is not directed to children. You must be at least eighteen (18) years of age to create an account, use the Services, buy gear, or sell gear on FallR8. We do not knowingly collect personal information from anyone under the age of 18.
If you are a parent or guardian and you believe that your child under the age of 18 has provided personal information to us, please contact us immediately at the address provided in Section 13. If we become aware that we have collected personal information from a child under the age of 18 without verification of parental consent, we will take steps to delete that information promptly.
11. International Use
FallR8 is operated in the United States and is intended exclusively for users located in the United States. Our Services support only U.S. shipping addresses and transactions in U.S. dollars. We do not knowingly offer the Services to, or collect personal information from, individuals outside of the United States.
If you access the Services from outside the United States, you do so at your own risk, and you are solely responsible for compliance with any applicable local laws. Any information you provide will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes to this Privacy Policy, we will notify you by:
- Posting the updated Privacy Policy on the Services with a revised “Last Updated” date;
- Sending an email notification to the email address associated with your account (for material changes that significantly affect how we collect, use, or share your personal information); and/or
- Displaying a prominent notice within the Services.
We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. If you disagree with a revised Privacy Policy, you may stop using the Services and request deletion of your account as described in Section 8.
13. Contact Us
If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or have concerns about our data practices, you may contact us at:
TFX Media LLC d/b/a FallR8
Email: privacy@fallr8.com
Website: https://fallr8.com
When contacting us to exercise your privacy rights, please include sufficient information for us to verify your identity (such as the email address associated with your account) and clearly describe the right you wish to exercise. We will respond to all verified requests within the timeframe required by applicable law.
If you are not satisfied with our response to your request, you may contact your state's Attorney General or other applicable regulatory authority to file a complaint.
14. Additional Disclosures for Sellers
If you are a seller on FallR8, the following additional privacy disclosures apply to you:
- Stripe Connect. To receive payouts, you must create a Stripe Express connected account. During this process, you submit personal and financial information (including your legal name, date of birth, Social Security number or last four digits, government-issued identification, and bank account details) directly to Stripe. FallR8 does not receive or store this information. Stripe's collection and use of your information is governed by Stripe's Privacy Policy and Stripe's Connected Account Agreement.
- Shipping Information. When you purchase a shipping label through FallR8, your name, address, phone number, and email address are shared with Shippo and the selected carrier to facilitate shipment.
- Commission and Fees. Transaction fee amounts, commission rates, and payout records associated with your account are retained for financial reporting and tax compliance purposes.
- Tax Reporting. FallR8 may be required to report seller transaction information to the Internal Revenue Service (IRS) or state tax authorities as required by applicable law, including but not limited to IRS Form 1099-K reporting requirements.