Privacy Policy

Last updated: April 9, 2026

FoldStack, LLC ("FoldStack," "we," "us," or "our") operates the FoldStack platform, including the FoldStack website (foldstack.app), the FoldStack Owner mobile application, the FoldStack Customer mobile application, and related services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

• Business owners (tenants): Business name, owner name, email address, phone number, and password when you register your business on FoldStack.
• Customers: Name, email address, phone number, home address, and laundry preferences when you sign up through a tenant's registration page.
• Staff members: Name, email address, phone number, and role assignment when invited by a business owner.

Payment Information

• We use Stripe to process payments. When you add a payment method, your card details are sent directly to Stripe and stored by Stripe — we never see, store, or have access to your full card number. We receive only a token, card brand, last four digits, and expiration date for display purposes.
• Business owners who accept payments connect their own Stripe account via Stripe Connect. Customer payments are routed to the owner's Stripe account. FoldStack may collect a platform fee as disclosed in the owner's service agreement.

Location Information

• Addresses: Customer addresses are collected for pickup and delivery routing.
• GPS location: The Owner mobile app may request access to your device's location for route navigation and proximity alerts. This is optional — you can deny location access and still use the app. We do not continuously track your location in the background.

Order Preferences and Add-Ons

• Laundry preferences: Detergent choice, wash and dry temperatures, and special handling instructions are stored per customer and auto-populated on new orders.
• Optional add-ons: Customers may select add-on services such as bleach treatments, stain removal, fabric softener, special handling for bedding or pillows, and other extras. These selections are stored and retained with order history.

Subscription Plans

• Owners may offer customers recurring subscription plans (weekly, biweekly, or monthly). If you subscribe to a plan, we store your subscription preference, selected tier, and cadence. Subscriptions can be cancelled at any time.

Reviews, Ratings, and Tips

• Reviews: After delivery, if the owner has enabled reviews, customers may submit a 1–5 star rating and optional written comment. Reviews are stored and visible to the owner.
• Tips: After delivery, customers may submit an optional tip via a separate Stripe charge. Tip amounts are recorded for owner reporting purposes. Tips go entirely to the Owner.

Mileage and Route Data

• When an owner logs a pickup or delivery route, we record the distance traveled per stop using the Google Maps Distance Matrix API. Mileage logs are retained for the owner's tax and accounting records and can be exported as a CSV report at any time.

Communications

• In-app messages: Messages exchanged between owners and customers within an order are stored to provide the messaging feature and for dispute resolution.
• Photos: Proof-of-pickup and proof-of-delivery photos uploaded by owners are stored for verification purposes.

Device and Usage Information

• Device identifiers: We store a device fingerprint when you trust a device for auto-login. This is used solely for authentication — not for tracking or advertising.
• Push notification tokens: If you enable push notifications, we store your device's push token (via Firebase Cloud Messaging) to deliver order updates.
• We do not currently collect analytics, advertising identifiers, or browsing behavior data. If we add analytics in the future, we will update this policy and notify you.

2. How We Use Your Information

• Provide the Service: Connect laundry business owners with their customers, process orders, coordinate pickups and deliveries, handle payments, and send notifications.
• Authentication and security: Verify your identity via email, password, SMS one-time codes (OTP), and trusted device tokens.
• Communications: Send transactional emails (password resets, staff invitations, order confirmations) and SMS messages (OTP codes, delivery alerts).
• Mileage and tax records: Retain route distance logs for owner tax deductions and accounting. Owners may export a CSV report of orders, mileage, and totals at any time.
• Improve the Service: Diagnose technical issues, monitor system health, and develop new features.
• Legal compliance: Respond to legal requests and enforce our terms.

We do not sell your personal information. We do not use your data for advertising or profiling.

3. How We Share Your Information

Between users of the Service:

• Business owners and their staff see customer information (name, address, phone, order details) as needed to fulfill orders.
• Customers see business information (business name, branding, contact details) for the tenant they are registered with.
• Tenants cannot see other tenants' data. Customer data is isolated to the tenant it belongs to.

Third-party service providers:

• Stripe (stripe.com) — Payment processing and card storage. Subject to Stripe's Privacy Policy.
• Twilio (twilio.com) — SMS delivery for OTP codes and notifications. Subject to Twilio's Privacy Policy.
• Firebase / Google (firebase.google.com) — Push notification delivery via Firebase Cloud Messaging. Subject to Firebase's Privacy Policy.
• Amazon Web Services (aws.amazon.com) — Cloud hosting, data storage (S3), email delivery (SES), and database hosting. Data is stored in AWS US-East-1 (Virginia). Subject to AWS's Privacy Policy.
• Google Maps Platform (cloud.google.com/maps-platform) — Address autocomplete and route distance calculations. Subject to Google's Privacy Policy.

Aggregated data: We may share anonymized, aggregated statistics (e.g., "average delivery time in a region") with partners. This data contains no personally identifiable information.

Legal requirements: We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Retention

• In-app messages and photos: Retained for up to 90 days after order delivery, then automatically deleted.
• Account data (name, email, address, phone): Retained while your account is active, plus 30 days after account deletion to allow for reactivation.
• Order history: Retained while your account is active. Business owners may retain order records longer for tax and accounting purposes.
• Audit logs: Minimal logs (e.g., "account deleted on [date]") retained for up to 90 days for fraud prevention and legal compliance.
• Legal holds: If required by law (subpoena, tax audit, legal dispute), data may be retained longer than the periods above. It will be deleted when the legal obligation ends.

5. Your Rights and Choices

• Access your data: You may request a copy of the personal data we hold about you by emailing support@foldstack.app.
• Delete your account: You may delete your account from within the app or by contacting us. We will delete your data as described in the retention section above.
• Opt out of communications: You can disable push notifications in your device settings. Transactional emails (password resets, order updates) cannot be opted out of while your account is active.
• Correct your data: You can update your profile information (name, email, phone, address) at any time from within the app or CRM.

California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email support@foldstack.app.

Illinois residents: We do not collect biometric data. If we add biometric features in the future (e.g., fingerprint login), we will comply with the Illinois Biometric Information Privacy Act (BIPA) and obtain your consent.

6. Children's Privacy

The Service is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@foldstack.app.

7. Security

We take reasonable measures to protect your data, including:

• All data transmitted over HTTPS (TLS 1.2+).
• Passwords hashed using industry-standard algorithms (never stored in plain text).
• Payment card data handled entirely by Stripe (PCI-DSS compliant) — never touches our servers.
• Database access restricted to authorized services only (not publicly accessible).
• JWT-based authentication with short-lived access tokens and refresh token rotation.

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through an in-app notification. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or how your data is handled:

• Email: support@foldstack.app
• Website: foldstack.app