Privacy Policy

1. INTRODUCTION

This Privacy Policy describes how INTERSHOP GO LLC ("Intershop Go," "we," "us," or "our") collects, uses, discloses, and protects personal information of users ("Users," "you," or "your") of our mobile application and related services (collectively, the "Service").

Intershop Go is a marketplace platform that connects Shoppers with local Store Owners for in-store pickup orders. We are not a retailer, seller, or party to transactions between Users.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE THE SERVICE.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide Directly

When you register and use our Service, we collect:

Account Information:

• Email address
• First name and last name
• Password (encrypted and hashed)
• User role (Shopper or Store Owner)
• Profile preferences and settings

Store Information (for Store Owners):

• Business name and description
• Store address and contact information
• Business hours and operating schedule
• Product listings (names, descriptions, prices, images)
• Stripe Connect account details (processed by Stripe)
• Tax identification information (processed by Stripe)

Order Information:

• Items ordered and quantities
• Order subtotal, taxes, and fees
• Pickup time and location
• Order status and history
• Special instructions or notes

Payment Information:

• Payment method details (processed securely by Stripe)
• Billing address
• Transaction history
• Note: We do NOT store full credit card numbers or CVV codes

Communication Data:

• Messages sent through our support system
• Customer reviews and ratings
• Store Owner replies to reviews
• Correspondence with customer support

Identity Verification (if required):

• Government-issued identification
• Business licenses and permits
• Tax documentation

2.2 Information Collected Automatically

Device Information:

• Device type, model, and manufacturer
• Operating system and version
• Unique device identifiers (IMEI, MAC address, advertising ID)
• Mobile network information
• Device settings and preferences

Location Information:

• Precise GPS location (with your consent)
• Approximate location based on IP address
• Store locations you visit or search for
• Delivery/pickup addresses

Usage Data:

• App features accessed and frequency of use
• Pages viewed and navigation paths
• Time spent on different screens
• Search queries and filters applied
• Items viewed, added to cart, or purchased
• Interaction with notifications
• App crashes and error logs

Log Data:

• IP address
• Browser type and version
• Referring/exit pages
• Date and time stamps
• Clickstream data

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Local storage
• Analytics identifiers
• Advertising identifiers

2.3 Information from Third-Party Sources

• Stripe: Payment processing data, fraud detection and risk analysis, payout information (for Store Owners), chargeback and dispute data
• Supabase: User authentication data, database storage and retrieval logs, security event logs
• Firebase: Push notification delivery status, app performance metrics, crash analytics
• Social Media (if you choose to connect): Profile information (name, profile picture), email address, friends list (if applicable), public profile data
• Analytics Providers: Aggregated usage statistics, performance metrics, user behavior patterns

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Service Delivery and Operations

Account Management:

• Creating and maintaining your account
• Authenticating your identity
• Managing your profile and preferences
• Processing account updates and deletions

Order Processing:

• Facilitating orders between Shoppers and Store Owners
• Coordinating pickup times and locations
• Sending order confirmations and updates
• Managing order history

Payment Processing:

• Processing payments securely through Stripe
• Calculating taxes and platform fees
• Distributing funds to Store Owners
• Managing refunds and disputes

Customer Support:

• Responding to inquiries and support requests
• Resolving technical issues
• Investigating complaints
• Providing assistance with orders

Personalization:

• Customizing your experience based on preferences
• Recommending stores and products
• Displaying relevant search results
• Tailoring content and features

Location Services:

• Displaying nearby stores
• Calculating distances and travel times
• Enabling order pickup coordination
• Providing location-based recommendations

Communications:

• Sending order status updates
• Delivering push notifications
• Sending promotional emails (with consent)
• Providing important service announcements

3.2 Service Improvement and Development

Analytics and Research:

• Analyzing usage patterns and trends
• Understanding user behavior and preferences
• Identifying popular features and content
• Measuring app performance

Product Development:

• Developing new features and services
• Improving existing functionality
• Testing and optimizing user experience
• Conducting A/B testing

Quality Assurance:

• Identifying and resolving bugs
• Monitoring app stability
• Improving performance and speed
• Enhancing user interface

3.3 Security and Fraud Prevention

Security Measures:

• Protecting against unauthorized access
• Detecting and preventing fraud
• Monitoring for suspicious activity
• Implementing security protocols
• Conducting security audits

Compliance and Legal:

• Complying with legal obligations
• Responding to legal requests and court orders
• Enforcing our Terms of Service
• Protecting our rights and property
• Preventing illegal activity

3.4 Marketing and Advertising

Promotional Communications (with consent):

• Sending marketing emails
• Displaying in-app promotions
• Announcing new features and stores
• Offering special deals and discounts

Advertising:

• Displaying relevant advertisements
• Measuring ad effectiveness
• Retargeting campaigns (with consent)

4. HOW WE SHARE YOUR INFORMATION

We share your information with the following categories of recipients:

4.1 Between Users

Shoppers and Store Owners: When you place an order, we share:

• Your name
• Contact information (email, phone if provided)
• Order details (items, quantities, special instructions)
• Pickup time and location

Public Information:

• Store Owner business information (name, address, hours)
• Product listings and prices
• Customer reviews and ratings (with your username)

4.2 Service Providers and Business Partners

Stripe (Payment Processing):

• Payment method details
• Transaction amounts and history
• Billing information
• Fraud detection data
• Payout information (for Store Owners)

Supabase (Database and Authentication):

• Account credentials (encrypted)
• User profile data
• Order history
• App usage data

Firebase (Push Notifications and Analytics):

• Device tokens
• Notification preferences
• App performance metrics
• Crash reports

Cloud Storage Providers:

• Images and files uploaded to the platform
• Product photos
• Profile pictures

Analytics Services:

• Anonymized usage data
• Performance metrics
• User behavior patterns

Customer Support Tools:

• Support ticket information
• Communication history
• Issue resolution data

Security and Fraud Prevention Services:

• Transaction data for fraud analysis
• Device fingerprints
• Risk assessment data

4.3 Legal and Regulatory Authorities

We may disclose your information to comply with:

• Legal obligations and regulations
• Court orders and subpoenas
• Government requests and investigations
• Law enforcement inquiries
• National security requirements

We may also disclose information to:

• Protect our rights, property, and safety
• Protect the rights and safety of Users
• Prevent fraud and illegal activity
• Enforce our Terms of Service
• Defend against legal claims

4.4 Business Transfers

In the event of:

• Merger or acquisition
• Sale of assets
• Bankruptcy or insolvency
• Corporate restructuring

Your information may be transferred to the acquiring entity or successor. We will notify you of such transfers and any changes to this Privacy Policy.

4.5 With Your Consent

We may share your information with third parties when you provide explicit consent, such as:

• Connecting to social media accounts
• Participating in surveys or research
• Opting into third-party services

WE DO NOT SELL YOUR PERSONAL INFORMATION TO THIRD PARTIES FOR MONETARY CONSIDERATION.

5. DATA SECURITY

We implement reasonable security measures to protect your information from unauthorized access, disclosure, alteration, and destruction:

5.1 Technical Safeguards

Encryption:

• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• End-to-end encryption for sensitive communications

Authentication and Access Controls:

• Password hashing using bcrypt
• Multi-factor authentication (where available)
• Role-based access controls
• Limited employee access to personal data

Secure Infrastructure:

• Secure cloud hosting (Supabase)
• Regular security patches and updates
• Firewall protection
• Intrusion detection systems

Database Security:

• Row-Level Security (RLS) policies in Supabase
• Parameterized queries to prevent SQL injection
• Input sanitization and validation
• Rate limiting to prevent brute-force attacks

API Security:

• Request signing and verification
• API key rotation
• HTTPS-only communication
• CORS policies

5.2 Organizational Safeguards

Security Policies:

• Employee security training
• Confidentiality agreements
• Incident response procedures
• Data breach notification protocols

Regular Audits:

• Security assessments and penetration testing
• Vulnerability scanning
• Code reviews
• Third-party security audits

Payment Security:

• PCI DSS compliance through Stripe
• Tokenization of payment data
• No storage of full credit card numbers

5.3 Limitations

HOWEVER, NO METHOD OF TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS 100% SECURE. WE CANNOT GUARANTEE ABSOLUTE SECURITY OF YOUR INFORMATION.

YOU ACKNOWLEDGE AND ACCEPT THAT:

• Internet transmission carries inherent risks
• Unauthorized access or data breaches may occur despite our efforts
• You use the Service at your own risk
• We are not liable for security breaches beyond our reasonable control

YOU ARE RESPONSIBLE FOR:

• Maintaining the confidentiality of your password
• Securing your device and account
• Notifying us immediately of any unauthorized access

6. DATA RETENTION

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

Account Information:

• Retained as long as your account is active
• Retained for 90 days after account deletion (for recovery purposes)
• Certain data may be retained longer for legal compliance

Order Information:

• Retained for 7 years for tax, accounting, and legal purposes
• Transaction records retained per financial regulations

Payment Information:

• We do NOT store full credit card numbers
• Stripe retains payment data according to their policies and PCI DSS requirements
• Transaction metadata retained for 7 years

Log Data and Analytics:

• Retained for 12-24 months for security and analytics purposes
• Anonymized data may be retained indefinitely

Communications:

• Support tickets retained for 3 years
• Marketing communications retained until you unsubscribe

Legal Hold:

• Data subject to legal proceedings retained until resolution
• Data required for regulatory compliance retained per applicable laws

6.2 Data Deletion

Upon account deletion:

• Personal information is deleted or anonymized within 90 days
• Certain information may be retained for legal, regulatory, or operational purposes
• Backup copies may persist for up to 90 additional days

WE MAY RETAIN ANONYMIZED OR AGGREGATED DATA INDEFINITELY FOR ANALYTICS AND RESEARCH PURPOSES.

7. YOUR RIGHTS AND CHOICES

You have the following rights regarding your personal information:

7.1 Access and Portability

Right to Access:

• Request a copy of the personal information we hold about you
• Receive information about how we use your data

Data Portability:

• Request your data in a structured, machine-readable format
• Transfer your data to another service provider

7.2 Correction and Deletion

Right to Correct:

• Update inaccurate or incomplete information
• Modify your profile and account settings

Right to Delete:

• Request deletion of your personal information
• Close your account permanently
• Note: Some information may be retained for legal compliance

7.3 Consent and Objection

Withdraw Consent:

• Revoke consent for data processing where consent is the legal basis
• Opt-out of marketing communications
• Disable location services

Object to Processing:

• Object to certain data processing activities
• Request restriction of processing in specific circumstances

7.4 Opt-Out Options

Marketing Communications:

• Unsubscribe from promotional emails via the unsubscribe link
• Disable push notifications in app settings
• Opt-out of SMS messages by replying STOP

Location Services:

• Disable location permissions in your device settings
• Note: This may limit certain app functionality

Cookies:

• Adjust browser settings to refuse cookies
• Use opt-out tools provided by analytics providers

Advertising:

• Opt-out of personalized advertising via device settings
• Use industry opt-out tools (NAI, DAA)

7.5 Exercising Your Rights

To exercise these rights, contact us at:

• Email: support@intershopgo.com
• Subject Line: "Privacy Rights Request"
• Include: Your name, email, and specific request

We will respond within:

• 30 days for most requests
• 45 days for complex requests (with notification)
• As required by applicable law

We may require identity verification before processing requests.

8. CHILDREN'S PRIVACY

8.1 Age Restrictions

The Service is NOT intended for users under 13 years of age. Users aged 13-17 may create accounts for non-financial use (e.g., browsing), but financial features including saving payment methods, processing payments, or placing paid orders are restricted to users 18 years of age and older.

We do NOT knowingly collect personal information from children under the applicable age.

8.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information:

• Contact us immediately at support@intershopgo.com
• We will take steps to delete the information promptly
• We will terminate the child's account

8.3 Verification

If we learn that we have collected information from a child without parental consent:

• We will delete the information as quickly as possible
• We will terminate the account
• We will notify the parent/guardian if contact information is available

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Transfers

Your information may be transferred to and processed in countries outside of your residence, including:

• United States (where our servers are located)
• Countries where our service providers operate
• Jurisdictions with different data protection laws

9.2 Safeguards

We implement appropriate safeguards for international transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by relevant authorities
• Binding Corporate Rules (where applicable)
• Your explicit consent (where required)

9.3 Data Protection

WE TAKE STEPS TO ENSURE YOUR INFORMATION IS PROTECTED IN ACCORDANCE WITH THIS PRIVACY POLICY, REGARDLESS OF WHERE IT IS PROCESSED.

HOWEVER, DATA PROTECTION LAWS VARY BY JURISDICTION. WE CANNOT GUARANTEE THE SAME LEVEL OF PROTECTION IN ALL COUNTRIES.

10. THIRD-PARTY SERVICES AND LINKS

10.1 Third-Party Integration

The Service integrates with third-party services:

• Stripe: Payment processing (see Stripe's Privacy Policy)
• Supabase: Database and authentication (see Supabase's Privacy Policy)
• Firebase: Push notifications and analytics (see Google's Privacy Policy)
• Cloud storage providers: File hosting

10.2 Third-Party Privacy Practices

These third parties have their own privacy policies and terms of service.

WE ARE NOT RESPONSIBLE FOR:

• Third-party data collection practices
• Third-party privacy policies
• Third-party security measures
• Third-party use of your information

WE ENCOURAGE YOU TO REVIEW THIRD-PARTY PRIVACY POLICIES BEFORE USING THEIR SERVICES.

10.3 External Links

The Service may contain links to external websites or services not operated by us.

WE DO NOT CONTROL AND ARE NOT RESPONSIBLE FOR:

• Content on third-party websites
• Privacy practices of external sites
• Security of third-party services

ACCESSING THIRD-PARTY LINKS IS AT YOUR OWN RISK.

11. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Right to Know

You have the right to request:

• Categories of personal information we collect
• Specific pieces of personal information we hold
• Categories of sources from which we collect information
• Business or commercial purposes for collection
• Categories of third parties with whom we share information

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions for:

• Legal compliance
• Fraud prevention and security
• Internal operations
• Exercising free speech rights

11.3 Right to Opt-Out

We do NOT sell personal information as defined by CCPA.

If we ever engage in such practices, we will:

• Provide clear notice
• Offer an opt-out mechanism
• Honor "Do Not Sell My Personal Information" requests

11.4 Right to Non-Discrimination

We will NOT discriminate against you for exercising your CCPA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing different quality of service
• Suggesting you will receive different prices or quality

11.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf by:

• Providing written authorization
• Verifying your identity
• Verifying the agent's authority

11.6 Shine the Light Law

California residents may request information about disclosure of personal information to third parties for direct marketing purposes (once per year, free of charge).

12. CHANGES TO THIS PRIVACY POLICY

12.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time, in our sole discretion, for reasons including:

• Legal or regulatory changes
• New features or services
• Security enhancements
• Business operations

12.2 Notice of Changes

We will notify you of material changes by:

• Posting the updated Privacy Policy in the app
• Sending email notification to your registered address
• Displaying in-app notifications
• Updating the "Last Updated" date at the top

12.3 Review and Acceptance

We encourage you to review this Privacy Policy periodically.

Your continued use of the Service after changes take effect constitutes acceptance of the modified Privacy Policy.

If you do not agree to changes, you must stop using the Service and delete your account.

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 Our Cookie Policy

Intershop Go uses cookies and similar tracking technologies to provide essential functionality and improve your experience. By using our Service, you consent to our use of all cookies as described below.

13.2 Types of Cookies We use

All cookies listed below are REQUIRED for Intershop Go to function properly:

Essential Cookies (Required):

• Authentication tokens to keep you securely logged in
• Session management for secure transactions
• Security tokens to prevent fraud and unauthorized access
• CSRF protection tokens
• Language and locale preferences
• Cookie consent acceptance record

Analytics Cookies (Required):

• App usage statistics to improve features
• Performance monitoring to fix bugs and crashes
• Error tracking for technical improvements
• Feature usage patterns to enhance user experience
• Anonymous, aggregated data collection

Functional Cookies (Required):

• Shopping cart persistence between sessions
• Favorite stores and saved preferences
• Recent search history
• UI customization settings
• Notification preferences
• Order history and tracking

13.3 Why All Cookies Are Required

Unlike traditional websites, Intershop Go is a mobile marketplace application that requires data storage to function. Without these cookies:

• You cannot stay logged in
• Your shopping cart will not save
• Orders cannot be processed
• Store management features will not work
• Payment processing will fail

13.4 Third-Party Cookies

We use the following third-party services that may set their own cookies:

Stripe (Payment Processing):

• Payment method storage
• Fraud prevention
• Transaction processing
• Payout management for store owners

Supabase (Database & Authentication):

• User authentication
• Data storage and retrieval
• Real-time updates

Expo (App Infrastructure):

• Push notifications
• App updates
• Performance monitoring

These third-party cookies are governed by their respective privacy policies.

13.5 Data Storage and Security

Local Storage (AsyncStorage):

• Stored on your device
• Encrypted where applicable
• Cleared when you delete the app or clear data

Cloud Storage (Supabase):

• Encrypted in transit (SSL/TLS)
• Encrypted at rest
• Backed up regularly
• Retained according to our data retention policy

13.6 Your Rights and Controls

While you cannot disable individual cookies, you have the following rights:

Right to Access:

• View all data we've collected about you
• Export your data in machine-readable format
• Available in Settings > Privacy & Data > View My Data

Right to Deletion:

• Clear all non-essential data
• Available in Settings > Danger Zone > Delete Account
• Note: This will log you out and remove saved preferences

Right to Be Forgotten:

• Permanently delete your account and all associated data
• Available in Settings > Danger Zone > Delete Account
• This action is irreversible

Right to Withdraw Consent:

• You may withdraw consent by deleting your account
• Continued use of the Service constitutes ongoing consent

13.7 Cookie Lifespan

Session Cookies:

• Expire when you close the app
• Used for temporary authentication

Persistent Cookies:

• Remain until you clear data or delete the app
• Used for saved preferences and cart items

Consent Record:

• Valid for 365 days
• You will be asked to re-consent annually

13.8 Changes to Cookie Policy

We may update our cookie practices. Significant changes will trigger a re-consent request. Your continued use after changes constitutes acceptance.

13.9 Contact Us About Cookies

For questions about our cookie practices:

• Email: support@intershopgo.app

14. DO NOT TRACK SIGNALS

Some browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals because there is no industry standard for compliance.

15. AUTOMATED DECISION-MAKING

We may use automated decision-making for:

• Fraud detection
• Risk assessment
• Personalized recommendations

You have the right to:

• Request human review of automated decisions
• Express your point of view
• Contest automated decisions

16. BIOMETRIC DATA

We do NOT collect biometric data (fingerprints, facial recognition, etc.) unless explicitly disclosed and consented to for specific features.

17. SENSITIVE PERSONAL INFORMATION

We do NOT intentionally collect sensitive personal information such as:

• Health information
• Financial account numbers (beyond payment processing)
• Social Security numbers
• Genetic data
• Precise geolocation (without consent)

If you provide such information, you consent to its processing as described in this Privacy Policy.

18. DISCLAIMER OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

WE ARE NOT LIABLE FOR:

• Unauthorized access to or disclosure of your information
• Data breaches caused by third parties
• Security vulnerabilities beyond our reasonable control
• Loss or corruption of data
• Misuse of information by other Users
• Third-party privacy practices
• Consequences of your failure to secure your account

YOU ACKNOWLEDGE THAT:

• Internet transmission is inherently insecure
• No security measures are foolproof
• You use the Service at your own risk
• You are responsible for protecting your account credentials

19. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

INTERSHOP GO LLC

General Privacy Inquiries:

• Email: support@intershopgo.com
• Subject Line: "Privacy Inquiry"

Data Protection Officer (GDPR):

• Email: support@intershopgo.com

California Privacy Rights (CCPA):

• Email: support@intershopgo.com
• Subject Line: "CCPA Request"

Response Time:

We will respond to inquiries within 30 days (or as required by applicable law)

20. ACKNOWLEDGMENT AND CONSENT

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.

YOU FURTHER ACKNOWLEDGE AND CONSENT TO:

• Collection, use, and disclosure of your information as described
• International transfer of your data
• Use of cookies and tracking technologies
• Automated decision-making processes
• Sharing of information with third-party service providers
• Processing of your information for the purposes stated
• Risks associated with internet transmission and data storage

IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.