StoreReady - Privacy

Effective Date: July 2025

This Privacy Policy describes how StoreReady ("Company," "we," "us," or "our"), a SaaS platform that helps mobile app developers generate, customize, and host essential pages, collects, uses, processes, and discloses your information in connection with your use of our mobile application and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy is designed to comply with the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By accessing or using our Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Policy, please do not use our Service.

1. Information We Collect

We collect information from you to provide, maintain, and improve our Service. The types of personal information we collect depend on how you interact with our Service.

1.1 Information You Provide Directly To Us

When you register for an account, use our Service, or communicate with us, you may provide us with the following types of personal information:

  • Account Information: Your name, email address, company name, password, and other registration details.
  • Profile Information: If you choose to add more details, such as a profile picture or contact preferences.
  • Payment Information: If you subscribe to a paid plan, our third-party payment processor collects your payment card details (e.g., credit card number, expiration date) directly. We do not store full payment card numbers on our servers, but we may receive limited information such as the last four digits of your card and billing address for transaction verification and record-keeping purposes.
  • Content Information: Any text, images, or other content you upload or generate using the Service (e.g., content for your privacy policy, contact us page, marketing pages).
  • Communication Information: Records of your correspondence with us, such as support inquiries, feedback, or survey responses.

1.2 Information Collected Automatically

When you access and use our Service, we automatically collect certain information about your device and usage patterns:

  • Usage Information: Information about how you interact with our Service, including the features you use, the pages you visit, the time spent on certain pages, the links you click, and the search queries you make.
  • Device and Log Information: Your Internet Protocol (IP) address, device identifiers (e.g., UDID, advertising ID), device type, operating system, browser type, mobile network information, referral URLs, access times, and crash data.
  • Location Information: We do not collect precise location information from your device. However, your IP address may indicate your approximate geographical location.

1.3 Information from Other Sources

We may receive information from third-party services integrated with our Service, such as analytics providers or payment processors, to the extent permitted by their privacy policies and applicable law. This information is typically aggregated or anonymized.

2. Categories of Personal Information Collected (CCPA)

For the purposes of the CCPA, the personal information we have collected from consumers in the preceding 12 months falls into the following categories:

  • Identifiers: Such as a real name, alias, postal address, unique personal identifier (e.g., device ID), online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): Such as name, email address, and financial information (limited payment data processed by third-party processors).
  • Commercial information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
  • Professional or employment-related information: Company name (if provided).
  • Inferences drawn from other personal information: To create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

3. Sources of Personal Information (CCPA)

We collect personal information from the following sources:

  • Directly from you: When you register for an account, use our Service, or communicate with us.
  • Automatically from your device: Through your use of the Service, including cookies and other tracking technologies.
  • From third-party service providers: Such as analytics providers, payment processors, and customer support platforms.

4. Legal Basis for Processing (GDPR)

We rely on the following legal bases under GDPR to process your personal data:

  • Performance of a contract: We process your personal data when it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This includes processing data to create your account, provide the Service, process payments, and provide customer support.
  • Legitimate interests: We process your personal data where it is necessary for our legitimate interests, provided that these interests are not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include:
    • Improving, maintaining, and personalizing our Service.
    • Ensuring the security and integrity of our Service.
    • Conducting analytics and research to understand user behavior and preferences.
    • Communicating with you about Service updates, new features, and promotions (where consent is not required).
    • Enforcing our terms and policies.
  • Consent: We may process your personal data based on your explicit consent for specific purposes, such as sending you marketing communications or using certain non-essential cookies. You have the right to withdraw your consent at any time.
  • Compliance with a legal obligation: We may process your personal data where it is necessary for compliance with a legal obligation to which we are subject, such as tax laws, anti-money laundering regulations, or court orders.

5. How We Use Your Information (Business Purposes for Collecting Personal Information - CCPA)

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: To operate, deliver, and improve the features and functionalities of the StoreReady platform, including account management, generating and hosting pages, and processing payments. (Performance of contract, Legitimate interests)
  • To Personalize Your Experience: To tailor the content, features, and marketing messages to your interests and preferences. (Legitimate interests)
  • For Communication: To send you service-related notifications, updates, security alerts, and support messages, and to respond to your inquiries and requests. (Performance of contract, Legitimate interests)
  • For Analytics and Improvement: To understand how users interact with our Service, monitor usage patterns, identify trends, and conduct research to improve the design, functionality, and performance of our platform. (Legitimate interests)
  • For Security and Fraud Prevention: To detect, prevent, and address technical issues, fraud, abuse, and other malicious activities, and to protect the security and integrity of our Service and our users. (Legitimate interests, Compliance with legal obligation)
  • For Marketing and Promotions: To send you promotional communications about StoreReady's products, services, offers, and news that we believe may be of interest to you, where permitted by law and with your consent where required. (Legitimate interests, Consent)
  • For Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, and to enforce our terms and policies. (Compliance with legal obligation, Legitimate interests)

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your personal information with third parties in the following circumstances:

6.1 Categories of Third Parties (CCPA)

  • Service Providers: We engage third-party companies and individuals to perform services on our behalf (e.g., hosting, data analytics, payment processing, customer support, email delivery, marketing assistance). These service providers have access to personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency request), or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such transactions, personal information held by us about our Service users may be among the assets transferred.
  • With Your Consent: We may share your information with your explicit consent or at your direction.
  • Affiliates: We may share your information with our current or future affiliates, in which case we will require them to honor this Privacy Policy.

7. International Data Transfers (GDPR)

Your personal information may be stored and processed in any country where we have facilities or where we engage service providers, including outside of the European Union/European Economic Area (EU/EEA). By using our Service, you understand that your information may be transferred to countries outside of your country of residence, which may have data protection laws different from those in your country.

When transferring personal data outside the EU/EEA, we implement appropriate safeguards, such as:

  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Using Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to third countries, which require recipients to protect the personal data they process from the EU/EEA to an equivalent standard.
  • Where applicable, relying on an EU-U.S. Data Privacy Framework certification or other mechanisms for transfers to the United States.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Account Information: We retain your account information for as long as your account is active. If you close your account, we will delete your personal data within a reasonable period, unless retention is required or permitted by law (e.g., for financial records, dispute resolution, or compliance with legal obligations).
  • Usage and Device Information: This data is typically retained for a shorter period, usually 12-24 months, for analytics and Service improvement purposes, after which it is anonymized or deleted.
  • Communication Records: We may retain records of your communications with us for a reasonable period to resolve disputes, provide customer service, and comply with legal obligations.
  • Content Information: Content you generate using the Service (e.g., published pages) will be retained as long as your account is active and you choose to keep the content published. Upon account closure or content deletion, it will be removed, though backups may exist for a limited time.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and there is no other legal ground for processing).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., if you contest the accuracy of the data, or if the processing is unlawful).
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
  • Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as our legal basis (unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims). You also have the absolute right to object to processing for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe your GDPR rights have been violated.

10. Your California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which personal information is collected, the business or commercial purpose for collecting personal information, the categories of third parties with whom we share personal information, and the categories of personal information that we disclosed for a business purpose.
  • Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions (e.g., if the information is necessary to complete the transaction for which it was collected, detect security incidents, or comply with a legal obligation).
  • Right to Opt-Out of Sale: You have the right to opt-out of the "sale" of your personal information. StoreReady does not sell your personal information.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not discriminate against you for exercising your privacy rights.

11. Sale of Personal Information (CCPA)

StoreReady does not sell your personal information. We do not and will not sell, rent, or trade your personal information to third parties for their direct marketing purposes or any other purpose.

12. How to Exercise Your Rights (GDPR & CCPA)

To exercise any of your privacy rights, please submit a verifiable request to us using the contact information provided below.

  • For Account Holders: You may be able to access, review, update, or delete certain personal information directly within your account settings.
  • Submitting a Request: Please submit your request to lucas@lucashowlett.com.
  • Verification Process: To protect your privacy and security, we may need to verify your identity before fulfilling your request. This may require you to provide additional information, such as your account email address, name, or other details to confirm your identity. For California residents, we may ask for specific pieces of information to verify you are the consumer about whom we collected personal information. We will typically respond to your request within 30 days for GDPR requests and 45 days for CCPA requests (with a possible extension for complex cases, which we will notify you about).
  • Authorized Agent (CCPA): Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

13. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption: Using industry-standard encryption protocols (e.g., SSL/TLS) for data in transit.
  • Access Controls: Restricting access to personal data to authorized personnel on a need-to-know basis.
  • Data Minimization: Collecting only the data necessary for the stated purposes.
  • Regular Security Audits: Performing regular assessments of our systems and practices to identify and address vulnerabilities.
  • Employee Training: Training our staff on data protection best practices and their obligations regarding data privacy.
  • Third-Party Vetting: Ensuring that our service providers also implement appropriate security measures.

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

14. Cookies and Tracking Technologies

We and our service providers may use cookies, web beacons, and similar technologies to collect information automatically as you use our Service.

  • What are Cookies? Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website or use an app. They are widely used to make websites work more efficiently and to provide information to the owners of the site.
  • How We Use Them:
    • Essential/Strictly Necessary Cookies: These are required for the operation of our Service, enabling core functionalities like secure login, account management, and payment processing.
    • Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works.
    • Functionality Cookies: These are used to recognize you when you return to our Service. This enables us to personalize our content for you and remember your preferences.
  • Your Choices: Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed. However, if you disable cookies, some features of our Service may not function properly.

15. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently received personal information from a child under the age of 16 without verifiable parental consent, we will delete that information from our records. If you believe we might have any information from or about a child under 16, please contact us at lucas@lucashowlett.com.

16. Updates to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also notify you through other means, such as email, if the changes are significant. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the terms.

17. Data Protection Officer (DPO) / Privacy Contact

While we may not have a formal designated Data Protection Officer, all privacy-related inquiries and requests for exercising your rights can be directed to our dedicated privacy contact:

Email: lucas@lucashowlett.com

18. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Company Name: StoreReady Email: lucas@lucashowlett.com