Privacy Policy

1. Introduction

Tumaro ("we," "us," or "our") operates the Tumaro mobile detailing marketplace platform available at tumaro.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including when you create an account as a customer or service provider ("detailer").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, and profile photo when you create an account.
• Business Information (Detailers): Business name, business address, service descriptions, pricing, and availability schedules.
• Vehicle Information (Customers): Vehicle make, model, year, and color to facilitate service bookings.
• Booking Details: Service addresses, appointment dates and times, special instructions, and service preferences.
• Communications: Messages exchanged between customers and detailers through our in-app messaging system.

2.2 Financial and Payment Information

• Customer Payment Information: When you make a payment, your payment card details (card number, expiration date, CVV) are collected and processed directly by our payment processor, Stripe, Inc. We do not store your full card number or CVV on our servers. We retain only a tokenized reference, card brand, and last four digits for transaction records.
• Detailer Payout Information: To receive earnings, detailers provide bank account details (account number, routing number), tax identification information (last four digits of SSN or EIN), date of birth, and legal address through Stripe's secure onboarding. This information is collected and stored exclusively by Stripe and is never stored on Tumaro's servers.
• Financial Account Data: With your explicit consent, we may use Stripe Financial Connections to verify your financial account information, including account balance and ownership details, solely to confirm you have sufficient funds and to validate account ownership for fraud prevention. This data is accessed on a read-only basis and is stored exclusively in the United States.
• Transaction History: We maintain records of payment amounts, dates, service descriptions, platform fees, tips, refunds, and payout statuses for accounting and dispute resolution purposes.

2.3 Information Collected Automatically

• Location Data: With your permission, we collect GPS location data from detailers to display their location on the map for customers. Customers provide service addresses for bookings.
• Device and Usage Data: Browser type, operating system, IP address, pages visited, time spent on the Service, and referring URLs.
• Cookies: We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Process bookings and facilitate services between customers and detailers
• Process payments from customers and transfer earnings to detailers
• Verify financial account ownership and sufficient funds to prevent fraud and failed transactions
• Send booking confirmations, reminders, and service updates via email or SMS
• Display detailer locations on the service map
• Enable in-app messaging between customers and detailers
• Resolve disputes, process refunds, and handle chargebacks
• Comply with legal obligations, including tax reporting
• Improve and maintain the security and performance of the Service
• Prevent fraud, unauthorized access, and other illegal activities

4. How We Share Your Information

We do not sell your personal information. We share information only as follows:

• Between Customers and Detailers: When a booking is made, we share the customer's name, service address, vehicle info, and special instructions with the assigned detailer. The detailer's business name and location are shared with customers.
• Payment Processor (Stripe): We share necessary transaction details with Stripe to process payments, manage connected accounts, facilitate payouts, and comply with financial regulations. Stripe's privacy policy governs their use of this data: stripe.com/privacy.
• Authentication Provider (Clerk): We use Clerk for secure user authentication. Clerk processes your email, name, and authentication credentials. See clerk.com/privacy.
• Mapping Services (Mapbox): We share location data with Mapbox to display maps and calculate routes. See mapbox.com/legal/privacy.
• Communication Services: We use SendGrid (email) and Twilio (SMS) to send transactional notifications. Only the information necessary for delivery (email address or phone number, message content) is shared.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Tumaro, our users, or the public.

We do not share your financial account data, bank account details, or payment card information with any third parties other than our payment processor (Stripe) as described above.

5. Financial Data and Stripe Financial Connections

Our Service uses Stripe Financial Connections to access certain financial account information with your explicit consent. This section describes how this data is handled:

• What We Access: Account ownership verification and account balance information, solely to confirm sufficient funds and validate identity for fraud prevention.
• Consent: We will only access your financial account data after you provide explicit, informed consent through Stripe's authorization flow. You may revoke this consent at any time.
• Data Storage: All financial data accessed through Stripe Financial Connections is stored exclusively in the United States.
• Data Sharing: Financial account data accessed through Stripe Financial Connections is not shared with any third parties. It is used solely for the purposes described above.
• Data Retention: Financial connection data is retained only as long as necessary to fulfill the purpose for which it was collected or as required by law.
• Security: Financial data is encrypted in transit and at rest using industry-standard encryption protocols (TLS 1.2+ and AES-256).

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted between your device and our servers is encrypted using TLS/SSL
• Payment and banking information is processed by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of security certification in the payments industry
• Passwords are hashed using industry-standard algorithms; we never store plaintext passwords
• Database access is restricted and monitored
• We conduct regular security reviews of our codebase and infrastructure
• Authentication is managed by Clerk with support for multi-factor authentication

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

• Account Data: Retained as long as your account is active. You may request deletion at any time.
• Transaction Records: Retained for a minimum of 7 years as required by tax and financial regulations.
• Messages: Retained while your account is active. Deleted when the conversation is deleted by the user or upon account deletion.
• Financial Connection Data: Retained only as long as necessary to verify account standing and process the associated transaction.
• Location Data: Current location data for detailers is updated in real-time and not stored historically. Service addresses are retained as part of booking records.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request a machine-readable copy of your data.
• Revoke Consent: Revoke consent for financial data access at any time by disconnecting your financial account in your account settings or by contacting us.
• Opt-Out of Communications: Unsubscribe from non-essential communications at any time. Note that transactional notifications (booking confirmations, payment receipts) cannot be opted out of while your account is active.

To exercise any of these rights, contact us at privacy@tumaro.app.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

11. Third-Party Services

Our Service integrates with the following third-party services:

Each third-party service has its own privacy policy governing their use of data. We encourage you to review their policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@tumaro.app
• Website: tumaro.app