Welcome to Loco. This Privacy Policy explains how we collect, use, and protect your information when you use Loco.
Definitions
- Personal Information: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal information, such as collection, storage, use, disclosure, or deletion.
- Service Providers: Third-party companies or individuals who perform services on our behalf.
- You/Your: You as the user of our Service.
Information We Collect
We collect the following categories of information:
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account Information | Email address, phone number | You (during sign-up) | Authentication, account management |
| Identity Providers | Name, profile picture (via Google/Facebook/Apple) | Identity providers (OAuth) | Streamlined login |
| Usage Data | Feature usage, progress logs | Automatically via the Service | Analytics, personalization |
| Analytics Data | Device type, operating system, session duration | Google Analytics | Performance monitoring, improvement |
| Payment Data | Payment method details (card info, billing addr.) | You (during purchase via Stripe) | Payment processing, billing |
| Communications Data | Newsletter opt-in status, preferences | You (opt-in form) | Sending newsletters, marketing communications |
How We Collect Information
- Directly From You
You provide information when you sign up, subscribe to newsletters, or make purchases.
- Automatically Through Technology
We use Firebase and Google Analytics to collect usage and device data. We store preferences in localStorage.
- From Third-Party Providers
When you log in using Google, Facebook, or Apple, we receive profile information as permitted by you.
Use of Your Information
We use collected information to:
- Create, maintain, and secure your account.
- Provide, operate, and improve the Service.
- Analyze usage to understand trends and optimize features.
- Process payments and send billing information.
- Send you newsletters and marketing communications (only if you opt in).
- Comply with legal obligations (e.g., tax, fraud prevention).
Legal Bases for Processing (GDPR)
If you are in the European Economic Area (“EEA”), our legal bases for processing your personal data are:
- Consent: When you opt in to newsletters.
- Contract: To provide the Service and process payments.
- Legitimate Interests: To improve and secure the Service.
- Legal Obligation: To comply with applicable laws.
Sharing Your Information
We do not sell or rent your personal information. We may share information with:
- Service Providers
- Firebase (Authentication, Firestore, Hosting)
- Google Analytics (Usage analytics)
- Stripe (Payment processing)
These providers act on our behalf and are bound by contractual confidentiality obligations.
- Legal and Safety Purposes
We may disclose information if required by law or to protect rights and safety.
International Data Transfers
Your information may be transferred to—and maintained on—servers located outside your jurisdiction. When we do so, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.
Cookies and Tracking Technologies
- We use localStorage to remember your settings and preferences.
- We do not use third-party advertising cookies.
- Google Analytics uses first-party cookies to collect standard analytics data.
You may disable cookies in your browser settings but this may affect your ability to use certain features.
Data Retention
- Account Information: Retained as long as your account is active or until you delete it.
- Analytics and Usage Data: Retained for up to several months for trend analysis.
- Payment Information: Retained as required by law and Stripe’s policies.
You may request deletion of your data at any time by contacting us (see Section 13).
Your Rights
Under GDPR (EEA Residents)
- Access: Request a copy of your personal data.
- Correction: Ask us to correct inaccurate information.
- Deletion: Request erasure of your data.
- Portability: Receive your data in a structured format.
- Objection: Object to certain processing activities.
- Withdraw Consent: Withdraw consent at any time for processing based on consent.
Under CCPA (California Residents)
- Right to Know: Request details about personal data collected and shared.
- Right to Delete: Request deletion of personal data, subject to exceptions.
- Right to Opt-Out: Opt out of sale of personal data (we do not sell data).
- Non-Discrimination: You will not face discrimination for exercising your rights.
COPPA (Children’s Online Privacy Protection)
- Age Restriction: Our Service is intended for persons 18 years or older. We do not knowingly collect information from children under 18.
- If you believe we have collected data from a minor, please contact us to have it deleted.
To exercise any rights, email us at pavementdao at gmail dot com. We will respond within applicable legal timeframes.
Data Security
We implement reasonable administrative, technical, and physical safeguards, including:
- HTTPS/TLS encryption in transit.
- Secure authentication via Firebase.
- Restricted database access and regular security reviews.
- PCI-compliant payment processing through Stripe.
Third-Party Links
Our Service may contain links to other websites. We are not responsible for their privacy practices. We encourage you to review their policies before providing personal data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- We will revise the “Last Updated” date.
- If changes are material, we will notify you via email (if you have opted in) or in-app notification.
- Continued use of the Service after changes indicates acceptance.
Contact Us
If you have questions or wish to exercise your rights, please contact: pavementdao at gmail dot com
Thank you!
