Privacy Policy

1. Introduction

ONE ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications (ONE, Vendors, and Riders) and website at takeover.software (collectively, the "Services").

Please read this privacy policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when registering for our Services, including:

• Account Information: Name, email address, phone number, and password
• Profile Information: Profile photo, business name (for vendors), delivery preferences
• Payment Information: Processed securely through Stripe Connect. We do not store your full card details on our servers
• Identity Verification: For vendors and riders, government-issued ID and business documentation as required by Stripe for KYC/AML compliance
• Location Data: Delivery addresses, storefront locations, and real-time location for riders during active deliveries

2.2 Automatically Collected Information

• Device information (device type, operating system, unique device identifiers)
• Log data (access times, pages viewed, app features used)
• Location information (with your consent)
• Usage analytics and crash reports

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Connect customers with vendors and riders
• Facilitate communication between parties (via Stream Chat)
• Send push notifications about orders and updates (via OneSignal)
• Send transactional emails (via Resend)
• Verify identity for vendors and riders (via Stripe Identity)
• Prevent fraud and ensure platform safety
• Analyze usage patterns to improve our Services
• Comply with legal obligations

4. Information Sharing

We may share your information in the following circumstances:

4.1 With Other Users

• Customers: Vendors see your name, delivery address, and order details
• Vendors: Customers see your storefront information, location, and contact details
• Riders: See pickup/delivery addresses and customer first name

4.2 With Service Providers

• Stripe: Payment processing and identity verification
• Supabase: Database and authentication services
• Stream: Real-time chat functionality
• OneSignal: Push notifications
• Resend: Transactional emails
• Sentry: Error tracking and monitoring
• Google Maps: Location services

4.3 For Legal Reasons

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of ONE, our users, or others.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you Services. We may retain certain information for longer periods as required by law or for legitimate business purposes (e.g., financial records for tax compliance, dispute resolution).

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), if you are a resident of the European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise these rights, please contact us at privacy@takeover.software.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Row-level security in our database
• Regular security audits and updates
• Access controls and authentication
• Secure payment processing through PCI-DSS compliant Stripe

8. International Data Transfers

Your information may be transferred to and processed in countries other than Ireland. Our service providers (Stripe, Supabase, etc.) may store data in the United States or other countries. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR.

9. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

10. Cookies and Tracking

Our website may use cookies and similar tracking technologies to improve your experience. You can control cookies through your browser settings. Our mobile apps do not use cookies but may use device identifiers for analytics purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

13. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Ireland, this is the Data Protection Commission (DPC):