Privacy Policy

Overview

RAX ("RAX," "we," "us," or "our") operates the RAX mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By creating an account or using the RAX app, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Summary: We collect information you give us (like your email and posts), information generated by your use of the app (like location), and some technical data. We use it to run the Service, personalize your experience, and improve RAX. We do not sell your personal information.

Information We Collect

Information You Provide Directly

Account Registration: When you create an account, we collect your email address, username, password (stored as a one-way cryptographic hash), and account role (shopper or store owner).
Profile Information: Display name, biography, profile photo, and style preferences (vibes) you choose to add to your profile.
User Content: Photos, captions, tags, and other content you upload when creating posts, spots, or events. This also includes reviews you write for stores.
Store Information: If you register as a store owner or claim a store listing, we collect your store name, address, description, contact details, hours, and any product listings or promotional materials you add.
Communications: Any messages or information you send us through support channels or contact forms.

Information We Collect Automatically

Location Data: When you grant location permission, we collect your precise GPS coordinates to show you nearby stores, events, and spots. See the Location Data section for more detail.
Usage Information: How you interact with the app — features you use, stores you view, content you engage with, search queries, and pages you visit.
Device Information: Device type, operating system, app version, unique device identifiers, and mobile network information.
Log Data: Server logs including IP address, browser type (for web access), access times, and pages viewed.
Cookies and Local Storage: We use authentication tokens stored via secure device storage (Capacitor Preferences on mobile, localStorage on web) to keep you logged in.

Information from Third Parties

Apple Sign In / Google Sign In: If you choose to register or log in using Apple or Google, we receive your name and email address from those providers, subject to your privacy settings with them.
Google Places API: We use Google Places to enrich our store discovery features. Store names, addresses, ratings, and location data may be sourced from Google's databases when a store has not yet been claimed by its owner on RAX.

How We Use Your Information

We use the information we collect for the following purposes:

Providing and Operating the Service

Creating and managing your account
Displaying nearby stores, events, and community spots based on your location
Generating your personalized For You feed based on who and what you follow
Processing store owner features including product listings, orders, and discounts
Sending transactional emails such as password resets and order confirmations
Enabling social features such as following, liking, saving, and commenting

Improving the Service

Analyzing how users interact with RAX to fix bugs and improve features
Monitoring app performance and diagnosing technical issues
Conducting research to understand user needs and preferences
Training and improving content ranking and discovery algorithms

Safety and Security

Detecting, investigating, and preventing fraudulent transactions, spam, and abuse
Verifying accounts and enforcing our Terms of Service
Protecting the rights and safety of RAX, our users, and the public

Communications

Sending push notifications about activity on your content and followed accounts (with your permission)
Sending service announcements and policy updates
Responding to your support requests and questions

Legal Compliance

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from public authorities

How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

Publicly Visible Information

The following information is visible to all users of RAX by default:

Your username and profile photo
Posts, spots, and events you create
Store listings you manage or claim
Reviews you write
Your follower and following counts

Your email address, precise location history, and private account settings are never publicly visible.

Service Providers

We share information with trusted third-party vendors who help us operate the Service, including:

Cloud Infrastructure: Microsoft Azure for database hosting and image storage (Azure Blob Storage). Images you upload are stored on Azure and accessed via a public URL.
Authentication Providers: Apple and Google for social sign-in functionality.
Location Services: Google Maps Platform / Google Places API for store discovery and map features.
Payment Processing: Stripe for processing payments between buyers and store owners. RAX does not store your full payment card details.

Our service providers are contractually obligated to use your information only as necessary to provide services to us.

Business Transfers

If RAX is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our app before your information becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if we believe in good faith that such disclosure is necessary to comply with applicable law, respond to valid legal process, protect the rights of RAX or others, prevent fraud or imminent harm, or enforce our Terms of Service.

Third-Party Services

RAX integrates with the following third-party services. Each has its own privacy practices:

Google Maps Platform & Google Places API: Used for map rendering and store discovery. Subject to Google's Privacy Policy.
Apple Sign In: Subject to Apple's Privacy Policy.
Google Sign In: Subject to Google's Privacy Policy.
Microsoft Azure: Cloud infrastructure and image storage. Subject to Microsoft's Privacy Statement.
Stripe: Payment processing. Subject to Stripe's Privacy Policy.

We are not responsible for the privacy practices of these third parties. We encourage you to review their policies.

User Content & Public Activity

When you post photos, write captions, create events, or leave reviews on RAX, that content is visible to other users. Consider carefully what you share publicly.

Photos you upload are stored on Microsoft Azure Blob Storage and are served via a public URL. Anyone with the URL can view the image. Deleting a post from the app will remove it from our platform and mark it as deleted in our database, but cached copies may remain accessible for a short period in CDN edge servers.

If you tag a store in a post or check in at a location, that association is visible to other users browsing that store's page.

Location Data

Precise location data is central to RAX's core features. Here is how we handle it:

Collection: We collect your GPS coordinates when you actively use location-dependent features (browsing the Explore feed, searching for nearby stores, tagging a location on a post or spot).
Purpose: Location is used to surface stores, events, and spots near you, and to calculate distances displayed in the app.
Storage: Precise location coordinates are used in real-time for discovery features. We store the latitude and longitude only when you explicitly attach a location to content you create (such as a spot or event). We do not continuously track or log your location history.
Control: You can revoke location permission at any time in your device settings. The app will continue to function without location, but location-based features will be unavailable.

We do not share your real-time or historical location with advertisers or third parties for marketing purposes.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

Account Data: Retained while your account is active. When you delete your account, we begin the deletion process within 30 days. Some information may be retained for up to 90 days in backups.
User Content: Posts, reviews, and other content you create are deleted upon account deletion, subject to the exception below.
Aggregated/Anonymized Data: We may retain aggregated, anonymized analytics that cannot identify you indefinitely.
Legal Holds: We may retain certain information longer if required by law or for legitimate legal, safety, or business purposes.

Security

We take the security of your personal information seriously. We use commercially reasonable administrative, technical, and physical safeguards to protect against unauthorized access, alteration, disclosure, or destruction of your information. These include:

Passwords stored using one-way cryptographic hashing (bcrypt)
HTTPS encryption for all data in transit
Authentication tokens with expiry and refresh mechanisms
Azure Blob Storage access controls for uploaded images
Role-based access controls for store owner features

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

Your Rights & Choices

Account Controls

Access & Update: You can view and update your profile information at any time through the app's settings.
Delete Account: You can delete your account from within the app or by contacting us at privacy@raxapp.io. Account deletion is permanent and removes your profile, posts, and personal data subject to retention requirements above.
Download Your Data: You may request a copy of the personal data we hold about you by contacting us at privacy@raxapp.io.

Push Notifications

You can enable or disable push notifications at any time through your device's notification settings. Disabling notifications does not affect your ability to use the app.

Location Permissions

You can revoke location access at any time in your device settings (iOS: Settings → Privacy → Location Services; Android: Settings → Apps → RAX → Permissions).

Opt-Out of Marketing

We do not send marketing emails at this time. If we introduce marketing communications in the future, each email will include an unsubscribe link.

Children's Privacy

RAX is not directed to children under the age of 13 (or 16 for users in the European Economic Area). We do not knowingly collect personal information from children under these ages. If you believe we have inadvertently collected information from a child, please contact us at privacy@raxapp.io and we will promptly delete it.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@raxapp.io. We will respond within 45 days.

International Users

RAX is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws, including the right to lodge a complaint with your local data protection authority. Our lawful basis for processing your personal data is your consent (where explicitly obtained) and the legitimate interest of operating the Service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of material changes by posting the updated policy in the app and updating the "Last Updated" date at the top of this page.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@raxapp.io
General: hello@raxapp.io
Website: raxapp.io

We aim to respond to all privacy inquiries within 10 business days.