Privacy Policy

Introduction & Scope

RushUp ("RushUp," "we," "us," or "our") operates the RushUp platform available at rushup.us and as a Progressive Web App ("PWA") (collectively, the "Service"). RushUp is independently operated and based in the United States.

This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use our Service. By using RushUp, you acknowledge that you have read and understood this Privacy Policy.

This policy applies to all users — including Consumers (users who browse and claim deals) and Businesses (businesses and creators who create deals) — as well as visitors to our website.

Information We Collect

2.1 Information You Provide Directly

• Account registration: email address, password (hashed), display name, and profile photo (if provided via Google OAuth).
• Business applications: business name, business type, city, phone number, website/social URL, business description, and optional business address.
• Contact form submissions: name, email address, subject, and message content.

2.2 Location Data

• With your consent, we collect your precise GPS coordinates (latitude and longitude) when you browse the deals page.
• Location is used solely to calculate which deals fall within your selected search radius and is not stored in our database — it is processed in your browser in real time.
• Business/Application location: When a business submits an application or creates a deal, their business coordinates (lat/lng) and address are stored in our database to enable location-based filtering for consumers.
• You may deny location access at any time; the Service will fall back to a city-based search.

2.3 Information Collected Automatically

• Browser/device data: User agent string, browser type, operating system — collected by our hosting provider for performance and security purposes.
• Log data: IP addresses, page views, and access timestamps — retained by our infrastructure providers for up to 90 days for security and abuse prevention.
• Cookies and local storage: We use browser localStorage to store your authentication session token, theme preference, and recently viewed items. We do not use third-party advertising cookies.

2.4 Authentication via Third Parties

• If you sign in with Google OAuth, we receive your name, email address, and profile photo from Google. We do not receive your Google password.
• Google's privacy practices are governed by Google's Privacy Policy.

How We Use Your Information

We use the information we collect to:

• Create and manage your user account and authenticate your identity.
• Display nearby deals based on your location or city preference.
• Process deal claims and issue digital deal QR codes to your account.
• Enable businesses to create, publish, and manage deals.
• Review and process business applications.
• Send transactional emails (e.g., account verification, deal confirmations) via Resend.
• Send in-app and email notifications from platform administrators to businesses.
• Detect, investigate, and prevent fraudulent activity and policy violations.
• Comply with applicable law and respond to legal requests.
• Improve the Service through aggregated, anonymized usage analytics.

We do not use your personal information for targeted advertising, sell it to data brokers, or share it with any third party for their own marketing purposes.

Data Sharing & Sub-Processors

We share your personal information only with the following categories of service providers (sub-processors) strictly for the purpose of delivering our Service:

• Database & Authentication Provider — Managed cloud database, authentication, and file storage. Acts as a GDPR-compliant data processor.
• Hosting Provider — Web hosting, edge network, and deployment infrastructure.
• Email Delivery Provider — Transactional email delivery (deal confirmations, admin notifications).
• Geocoding Service — Converting addresses to coordinates for business applications. No personal data is sent beyond the address string provided.

We may disclose your information if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of RushUp, our users, or the public.

Data Retention & Deletion

• Account data is retained for as long as your account is active.
• Business application data is retained indefinitely for audit and compliance purposes, even if an application is rejected.
• Deal data is retained for at least 12 months after expiry for dispute resolution.
• Server logs (IP addresses, access timestamps) are retained for up to 90 days.
• Account deletion: Administrators may permanently hard-delete user accounts, which removes all associated profile data from the live database. Some data may remain in backup snapshots for up to 30 days.
• To request deletion of your account or data, contact legal@rushup.us.

Your Rights & Choices

6.1 All Users

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may update your profile information via your account settings.
• Deletion: You may request deletion of your account and personal data.
• Location: You may deny or revoke GPS location permission in your browser settings at any time.

6.2 California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to: (a) know what personal information is collected; (b) know whether personal information is sold or disclosed and to whom; (c) opt out of the sale of personal information; (d) access their personal information; and (e) equal service without discrimination. RushUp does not sell personal information. To exercise your rights, contact legal@rushup.us.

6.3 EU/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under GDPR including: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object to processing. Our legal basis for processing is typically legitimate interest (service delivery) or consent (location data). Contact legal@rushup.us to exercise these rights.

Children's Privacy (COPPA)

The RushUp Service is intended for users 13 years of age and older. Businesses must be at least 18 years old. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete that information.

If you believe we have collected information from a child under 13, please contact us immediately at legal@rushup.us.

Security

We implement reasonable technical and organizational security measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit.
• Encrypted passwords: Never stored in plaintext; managed by our authentication provider.
• Row-Level Security (RLS) policies on all database tables, ensuring users can only access their own data.
• Service-role API keys restricted to server-side code only.
• Regular access control audits.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Cookies & Local Storage

We use the following client-side storage mechanisms:

• Authentication cookies/tokens: Stored in browser cookies and localStorage by our authentication provider to maintain your login session. Required for Service functionality.
• Theme preference: Stored in localStorage to remember your dark/light mode preference.
• Recent items: Stored in localStorage to display recently viewed deals and queries.

We do not use tracking cookies, advertising pixels, or analytics cookies that report to third-party platforms (e.g., Google Analytics, Facebook Pixel).

You may clear localStorage and cookies through your browser settings at any time, which will log you out of the Service.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last Updated" date at the top of this page and, where appropriate, by sending an email notification or displaying a prominent notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: