This Privacy Policy describes how BeachBaskit ("Company," "we," "our," or "us") collects, uses, discloses, and protects information about you when you use the BeachBaskit mobile application, website, and related services (collectively, the "Services"). By using the Services, you consent to this Policy. If you do not agree, do not use the Services.
For terms governing your use of the Services, please see our Terms of Service.
1. Scope
This Policy applies to personal information processed by BeachBaskit in connection with the Services. It does not apply to third-party websites, services, or applications that we do not own or control, even if accessed through the Services.
2. Information We Collect
We collect information that you provide directly, information collected automatically, and information from third parties as described below.
2.1 Information You Provide
- Account Information: Name, email address, phone number, authentication data (including via Google/Apple sign-in through Firebase Auth), and profile details.
- Transaction Information: Items bought or sold, quantities, time/location parameters for matches, order history, cancellations, disputes, and related logs.
- User Content: Photos, item descriptions, chat messages, dispute submissions, feedback, and communications you send us.
2.2 Payment Information
Payments are processed by Stripe, Inc. We do not store full payment card numbers or sensitive payment data on our servers. Stripe may collect and process payment credentials, billing details, payout details for sellers (including tax information where required), and fraud signals subject to Stripe's own terms and privacy policy.
2.3 Location & Device Information
- Geolocation Data: Approximate and precise location (when enabled) via device OS/location services and geolocation SDKs to facilitate proximity-based matching and safety features.
- Device/Log Data: IP address, device identifiers, app version, OS/browser type, language, crash logs, and usage analytics (e.g., Firebase Analytics events).
- Push Tokens: Device tokens for push notifications (e.g., via Firebase Messaging and local notifications).
- Cookies and Similar Technologies: We and our service providers may use cookies, SDKs, and similar technologies to operate the Services, remember preferences, measure performance, and help prevent fraud. You can control certain tracking through your device and browser settings.
2.4 Information from Service Providers
We receive information from service providers that enable core features, including Firebase (Auth, Firestore, Storage, Messaging, Analytics), Google Maps/Geocoding, Apple/Google sign-in, and Stripe. These providers process data subject to their own terms and policies.
3. How We Use Information
- Provide, operate, and improve the Services and core marketplace features (matching based on item type, quantity, location, and time windows).
- Authenticate users; secure accounts; prevent, detect, and investigate fraud, abuse, and violations of our policies.
- Process payments, refunds, and payouts through Stripe; manage taxes and compliance where applicable.
- Enable chat and time-limited communications related to matched transactions.
- Send transactional messages and push notifications (e.g., match alerts, confirmations, dispute updates).
- Analyze usage and performance (e.g., via Firebase Analytics) to improve reliability and user experience.
- Comply with legal obligations and enforce our Terms of Use.
4. How We Share Information
- With Other Users: When a match occurs, we share limited information necessary to complete the transaction and coordinate the meetup (e.g., item details, meetup time/location, and in-app chat messages). We do not share your payment details with other users.
- With Service Providers: We share information with vendors that support our Services (e.g., Firebase/Google, Apple, Stripe, hosting providers, analytics, customer support). They process data per our instructions and applicable agreements.
- For Legal & Safety: We may disclose information to comply with law, legal process, or requests from authorities; to enforce our Terms; or to protect rights, property, and safety of users and the public.
- Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction, subject to this Policy.
We do not "sell" or "share" personal information as those terms may be defined under certain U.S. state privacy laws. Depending on where you live, you may have rights to access, delete, or correct your information, or to opt out of certain processing. You can submit requests via our Support page.
We may also share or disclose account information, transaction records, chat logs, or other data when required to comply with subpoenas, court orders, tax or audit inquiries, or lawful requests from government, law-enforcement, or regulatory authorities. Such disclosures are limited to what is necessary and proportionate under applicable law.
5. Data Retention
- We retain personal information as long as needed to provide the Services, comply with legal/financial obligations (e.g., tax/audit), resolve disputes, and enforce agreements. You may request deletion of your account at any time in the app.
- To protect your data and prevent accidental or repetitive requests, BeachBaskit imposes a brief cooldown period of 3 days between cancellation of an account deletion request and new requests for account deletion.
- Upon account deletion, we will delete or de-identify personal information where feasible. We may retain certain records where required or permitted by law (for example, payment, payout, tax, fraud-prevention, and dispute-resolution records).
6. Security
We implement technical and organizational safeguards appropriate to the risk, including encrypted transport (HTTPS), Firebase Security Rules for data access, secure credential storage, and reliance on Stripe's PCI-compliant systems. However, no method of transmission or storage is 100% secure; you use the Services at your own risk.
7. Your Choices & Controls
- Account & Deletion: You may request account deletion via in-app settings or by contacting us. Certain data (e.g., payment/dispute records) may be retained as required by law.
- Location: You can disable device location permissions at any time; core geolocation-based features may not function without them.
- Notifications: Control push notifications through device settings; essential service messages may still be sent.
- Marketing Emails: You may unsubscribe via the link in the email. Transactional emails will continue as needed.
- Access/Correction: You may access or update certain information in your account settings or by contacting us.
8. Children's Privacy
The Services are not intended for individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information, please contact us so we can delete it.
9. International Users
The Services are intended for use in the United States. If you access the Services from outside the U.S., you understand that your information may be processed and stored in the U.S., subject to U.S. laws.
10. Governing Law
This Policy is governed by the laws of the State of Colorado, USA, without regard to conflict-of-laws principles. Dispute resolution terms are described in our Terms of Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated Policy with a revised Effective Date. Your continued use of the Services after the Effective Date constitutes acceptance of the updated Policy.
12. Contact Us
If you have questions, please email us at support@beachbaskit.com or visit our Support page.
Last updated: December 2025 · © 2026 Krida LLC