Privacy Policy

Last updated: May 25, 2026

JS127 LLC ("FoldStack," "we," "us," or "our") operates the FoldStack platform, including the FoldStack website (foldstack.app), the FoldStack Owner mobile application, the FoldStack Customer mobile application, and related services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

• Business owners (tenants): Business name, owner name, email address, phone number, and password when you register your business on FoldStack.
• Customers: Name, email address, phone number, home address, and laundry preferences when you sign up through a tenant's registration page.
• Staff members: Name, email address, phone number, and role assignment when invited by a business owner.

Payment Information

• We use Stripe to process payments. When you add a payment method, your card details are sent directly to Stripe and stored by Stripe — we never see, store, or have access to your full card number. We receive only a token, card brand, last four digits, and expiration date for display purposes.
• Business owners who accept payments connect their own Stripe account via Stripe Connect. Customer payments are routed to the owner's Stripe account. FoldStack may collect a platform fee as disclosed in the owner's service agreement.

Location Information

• Addresses: Customer addresses are collected for pickup and delivery routing.
• GPS location: The Owner mobile app may request access to your device's location for route navigation and proximity alerts. This is optional — you can deny location access and still use the app. We do not continuously track your location in the background.

Order Preferences and Add-Ons

• Laundry preferences: Detergent choice, wash and dry temperatures, and special handling instructions are stored per customer and auto-populated on new orders.
• Optional add-ons: Customers may select add-on services such as bleach treatments, stain removal, fabric softener, special handling for bedding or pillows, and other extras. These selections are stored and retained with order history.

Subscription Plans

• Owners may offer customers recurring subscription plans (weekly, biweekly, or monthly). If you subscribe to a plan, we store your subscription preference, selected tier, and cadence. Subscriptions can be cancelled at any time.

Reviews, Ratings, and Tips

• Reviews: After delivery, if the owner has enabled reviews, customers may submit a 1–5 star rating and optional written comment. Reviews are stored and visible to the owner.
• Tips: After delivery, customers may submit an optional tip via a separate Stripe charge. Tip amounts are recorded for owner reporting purposes. Tips go entirely to the Owner.

Mileage and Route Data

• When an owner logs a pickup or delivery route, we record the distance traveled per stop using the Google Maps Distance Matrix API. Mileage logs are retained for the owner's tax and accounting records and can be exported as a CSV report at any time.

Communications

• In-app messages: Messages exchanged between owners and customers within an order are stored to provide the messaging feature and for dispute resolution.
• Photos: Proof-of-pickup and proof-of-delivery photos uploaded by owners are stored for verification purposes.
• Verification codes: When you log in from a new device, we send a one-time verification code to your email address to confirm your identity. We do not send marketing or promotional messages as part of this process.

Device and Usage Information

• Device identifiers: We store a device fingerprint when you trust a device for auto-login. This is used solely for authentication — not for tracking or advertising.
• Push notification tokens: If you enable push notifications, we store your device's push token (via Firebase Cloud Messaging) to deliver order updates.
• We do not currently collect analytics, advertising identifiers, or browsing behavior data. If we add analytics in the future, we will update this policy and notify you.

2. How We Use Your Information

• Provide the Service: Connect laundry business owners with their customers, process orders, coordinate pickups and deliveries, handle payments, and send notifications.
• Authentication and security: Verify your identity via email, password, one-time verification codes sent by email, and trusted device tokens.
• Communications: Send transactional emails (password resets, staff invitations, order confirmations, verification codes) and push notifications (order updates, delivery alerts).
• Mileage and tax records: Retain route distance logs for owner tax deductions and accounting. Owners may export a CSV report of orders, mileage, and totals at any time.
• Improve the Service: Diagnose technical issues, monitor system health, and develop new features.
• Legal compliance: Respond to legal requests and enforce our terms.

We do not sell your personal information. We do not use your data for advertising or profiling.

3. How We Share Your Information

Between users of the Service:

• Business owners and their staff see customer information (name, address, phone, order details) as needed to fulfill orders.
• Customers see business information (business name, branding, contact details) for the tenant they are registered with.
• Tenants cannot see other tenants' data. Customer data is isolated to the tenant it belongs to.

Third-party service providers:

• Stripe (stripe.com) — Payment processing and card storage. Subject to Stripe's Privacy Policy.
• Resend (resend.com) — Email delivery for transactional messages, password resets, and one-time verification codes. Subject to Resend's Privacy Policy.
• Firebase / Google (firebase.google.com) — Push notification delivery via Firebase Cloud Messaging. Subject to Firebase's Privacy Policy.
• Amazon Web Services (aws.amazon.com) — Cloud hosting, data storage (S3), and database hosting. Data is stored in AWS US-East-1 (Virginia). Subject to AWS's Privacy Policy.
• Google Maps Platform (cloud.google.com/maps-platform) — Address autocomplete and route distance calculations. Subject to Google's Privacy Policy.

Aggregated data: We may share anonymized, aggregated statistics (e.g., "average delivery time in a region") with partners. This data contains no personally identifiable information.

Legal requirements: We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Retention

• In-app messages (text and photos): Retained indefinitely while your account is active. Messages and any photos attached to them may be needed for customer history and dispute resolution. They are removed only when you request account deletion (see anonymization below).
• Order proof photos (pickup and delivery): Automatically deleted 1 year after the order is delivered. These are the photos taken by the business owner at the doorstep — they are separate from any photos sent inside the in-app message thread.
• Account data (name, email, address, phone): Retained while your account is active. When you request account deletion, a 30-day grace period begins during which the business owner is notified and may export records for their accounting.
• After the grace period: Your personal information (name, email, phone, street address, and GPS coordinates) is permanently anonymized — replaced with placeholder values that cannot be linked back to you. Your city, state, and zip code are retained for aggregate geographic analytics only.
• Order and payment records: Retained with anonymized customer references. Business owners are required by law to maintain financial records for tax and accounting purposes. These records will show "Deleted User" rather than your name.
• Stripe payment data: Your Stripe customer profile and stored payment methods are permanently deleted from Stripe's servers when your account is anonymized.
• Message content and photos: In-app message text is replaced with "[message removed]" and any attached photos are permanently deleted from our storage.
• Audit logs: Minimal logs (e.g., "account anonymized on [date]") retained for up to 90 days for fraud prevention and legal compliance.
• Legal holds: If required by law (subpoena, tax audit, legal dispute), data may be retained longer than the periods above. It will be deleted when the legal obligation ends.

5. Your Rights and Choices

• Access your data: You may request a copy of the personal data we hold about you by emailing support@foldstack.app.
• Delete your account: You may request deletion of your account from within the app or by contacting us. A 30-day grace period begins upon your request, during which the business owner is notified and may export order records for their accounting. After 30 days, your personal information is permanently anonymized as described in the retention section above. You may cancel the deletion request during the grace period by contacting the business owner.
• Opt out of push notifications: You can disable push notifications in your device settings. Transactional emails (password resets, order updates, and one-time verification codes) cannot be opted out of while your account is active, as they are required to operate the Service.
• Correct your data: You can update your profile information (name, email, phone, address) at any time from within the app.

California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email support@foldstack.app.

EU residents (GDPR): You have the right to erasure under GDPR Article 17. The 30-day grace period serves as the processing window under legitimate interest (the business owner's accounting obligations). Order and payment records are retained under the legal obligation exemption (Article 17(3)(b)).

Illinois residents: We do not collect biometric data. If we add biometric features in the future (e.g., fingerprint login), we will comply with the Illinois Biometric Information Privacy Act (BIPA) and obtain your consent.

6. Children's Privacy

The Service is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@foldstack.app.

7. Security

We take reasonable measures to protect your data, including:

• All data transmitted over HTTPS (TLS 1.2+).
• Passwords hashed using industry-standard algorithms (never stored in plain text).
• Payment card data handled entirely by Stripe (PCI-DSS compliant) — never touches our servers.
• Database access restricted to authorized services only (not publicly accessible).
• JWT-based authentication with short-lived access tokens and refresh token rotation.

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through an in-app notification. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or how your data is handled:

• Email: support@foldstack.app
• Website: foldstack.app