SECNDS LLC PRIVACY POLICY

Effective Date: [Current Date]
Last Updated: [Current Date]

Last Updated: July 20, 2025

SECNDS LLC ("we," "us," or "our") is committed to protecting your privacy while providing a platform to reduce food waste by connecting consumers with surplus food from local businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application, website, and related services (collectively, the "Service") in the United States. By using our Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

This policy complies with applicable federal and state laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)New York’s SHIELD Act, and other state-specific privacy regulations.

1. Information We Collect

We collect information to operate our Service, connect you with surplus food providers, and enhance your experience. The types of information we collect include:

A. Information You Provide Directly

  • Account Information: Name, email address, phone number, password, and preferences (e.g., dietary restrictions, favorite cuisines) when you create or update an account.

  • Transaction Information: Payment details (processed securely via third-party payment processors like Stripe), billing/shipping addresses, order history, and pickup details for surplus food orders.

  • Communications: Interactions with customer support, survey responses, feedback, or reviews about merchants or food items.

  • Preferences: Information you provide to personalize your experience, such as favorite merchants or notification settings.

B. Information Collected Automatically

  • Device Information: Hardware model, operating system, unique device identifiers, IP address, browser type, and mobile network information.

  • Usage Data: Pages visited, features used, session duration, clickstream data, and aggregated statistics about your interactions with the Service.

  • Location Information: With your explicit consent, precise GPS location to show nearby surplus food deals. We may also infer approximate location from your IP address for general functionality.

  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to improve functionality, analyze usage, and, where permitted, deliver targeted ads. You can manage cookie preferences via our cookie consent tool.

C. Information from Third Parties

  • Payment Processors: Transaction confirmations and limited payment details from providers like Stripe.

  • Social Media Platforms: Profile information (e.g., name, email) if you connect your account via Google, Facebook, or similar services.

  • Merchants: Order and pickup history, including feedback you provide to participating businesses.

  • Analytics Providers: Aggregated usage data from tools like Google Analytics to understand Service performance.

  • Geo-Location Services: Data from third-party providers to enable location-based features, as described in Section 7.

2. How We Use Your Information

We use your information to operate our surplus food platform, comply with legal obligations, and improve your experience. Specific purposes include:

A. Providing and Maintaining the Service

  • Create and manage user accounts.

  • Process orders and facilitate pickups of surplus food from merchants.

  • Send order confirmations, receipts, pickup reminders, and Service-related updates.

  • Provide customer support and respond to inquiries.

B. Improving and Personalizing the Service

  • Analyze usage patterns to optimize functionality and user experience.

  • Develop new features, such as improved search or recommendation tools.

  • Personalize content, such as suggesting nearby deals based on location or dietary preferences.

C. Marketing and Communications

  • Send promotional offers, newsletters, or updates about surplus food deals (you may opt out at any time).

  • Administer contests, surveys, or promotional activities to encourage food waste reduction.

  • Deliver targeted advertising, where permitted by law, based on your interests and usage.

D. Safety, Security, and Legal Compliance

  • Detect, prevent, and investigate fraud, abuse, or security incidents.

  • Enforce our Terms of Service and comply with federal and state regulations, including food safety and tax laws.

  • Maintain records for donation tracking, as required by laws like California’s SB 1383 or New York’s Food Donation and Food Scraps Recycling Law.

3. How We Share Your Information

We share your information only as necessary to operate the Service, comply with legal requirements, or with your consent. Sharing occurs in the following circumstances:

A. With Merchants

  • Order Fulfillment: Share your first name, order contents, and pickup time with merchants to facilitate transactions.

  • Feedback: Share your reviews or ratings to help merchants improve their offerings.

B. With Service Providers

We engage trusted third parties to perform functions like:

  • Payment processing (e.g., Stripe).

  • Cloud storage (e.g., AWS).

  • Analytics (e.g., Google Analytics).

  • Customer support platforms.

  • Marketing and advertising services. These providers are contractually bound to protect your information and use it only for the services they provide to us.

C. For Business Transfers

If SECNDS LLC undergoes a merger, acquisition, or asset sale, your information may be transferred. We will notify you before any such transfer occurs.

D. For Legal Reasons

We may disclose information to:

  • Comply with applicable laws, court orders, or government requests.

  • Protect our rights, property, or safety, or that of our users or others.

  • Assist in fraud prevention or investigations.

E. With Your Consent

We may share information for additional purposes if you provide explicit permission.

4. Data Retention

We retain your information only as long as necessary to:

  • Provide the Service.

  • Comply with legal obligations (e.g., tax records for 7 years, as required by the IRS).

  • Resolve disputes or enforce agreements.

Retention Periods:

  • Account Data: Retained for 3 years after account closure, unless required longer by law.

  • Transaction Records: Kept for 7 years to comply with tax and regulatory requirements.

  • Marketing Preferences: Retained until you opt out.

  • Donation Records: Kept as required by state laws (e.g., California SB 1383 requires monthly tracking of surplus food donations).

When information is no longer needed, we securely delete or anonymize it.

5. Your Privacy Rights

Depending on your state of residence, you may have specific privacy rights. Below are key rights under major U.S. state laws, including California (CCPA/CPRA)New York (SHIELD Act), and other states with similar laws (e.g., Virginia, Colorado, Connecticut, Utah).

A. Right to Know/Access

  • Request details about the personal information we collect, use, or share.

  • Obtain a copy of your data in a portable, machine-readable format (up to twice per year under CCPA/CPRA).

B. Right to Correction

  • Request correction of inaccurate or incomplete personal information.

C. Right to Deletion

  • Request deletion of your personal information, subject to exceptions (e.g., legal obligations to retain transaction records).

D. Right to Opt Out

  • Marketing Communications: Unsubscribe via email links or account settings.

  • Targeted Advertising: Opt out via our cookie preferences tool or browser settings (e.g., Do Not Track signals).

  • Data Sales/Sharing: For California residents, opt out of data sales or sharing for targeted advertising by clicking “Do Not Sell or Share My Personal Information” on our website or app.

E. Right to Non-Discrimination

  • We will not deny services, charge different prices, or reduce service quality for exercising your privacy rights.

F. Right to Limit Sensitive Data (California)

  • Under CPRA, you may limit the use of sensitive personal information (e.g., precise geolocation) to what is necessary for providing the Service.

G. State-Specific Requirements

  • California (CCPA/CPRA): Applies to businesses collecting personal information from California residents. You have the right to know what data we collect, how it’s used, and with whom it’s shared. You may also request deletion or opt out of data sales/sharing. We disclose data collection practices before collecting information, as required.

  • New York (SHIELD Act): Requires businesses to implement safeguards for personal data and notify residents of data breaches involving private information (e.g., Social Security numbers, financial data). We maintain reasonable security measures to comply.

  • Other States: States like Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA) grant similar rights (access, correction, deletion, opt-out). We ensure compliance with these laws where applicable.

H. Appeal Process

If we deny your privacy request, you may appeal by contacting us at privacy@secnds.com. For California residents, we will provide information to contact the California Attorney General if your appeal is denied.

I. Authorized Agents (California)

California residents may designate an authorized agent to submit requests on their behalf with written permission and verification of identity.

6. Security Measures

We implement industry-standard measures to protect your information, including:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest.

  • Access Controls: Strict authentication and role-based access for employees.

  • Security Audits: Regular testing to identify and address vulnerabilities.

  • Training: Ongoing employee training on data protection and food safety.

While we strive to protect your data, no system is completely secure. We cannot guarantee absolute security but will promptly notify you of any data breaches as required by law (e.g., New York SHIELD Act).

7. International Data Transfers

As a U.S.-based business, most data processing occurs domestically. If we transfer your information outside the U.S. (e.g., to cloud providers with international servers), we use safeguards like Standard Contractual Clauses to ensure compliance with applicable laws, including GDPR for any EU users accessing our Service.

We use third-party services like Google ReCAPTCHA to verify users and prevent automated abuse. ReCAPTCHA may process data such as IP addresses and device information, subject to Google’s Privacy Policy and Terms of Use.

8. Children’s Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13, as required by the Children’s Online Privacy Protection Act (COPPA). If we discover such data, we will delete it promptly. Contact us if you believe we have collected information from a child under 13.

9. Third-Party Links and Services

Our Service may link to third-party websites or services (e.g., merchant websites, payment processors). We are not responsible for their privacy practices. Review their policies before sharing information. For example, payments processed via Stripe are subject to Stripe’s Privacy Policy.

10. Compliance with Surplus Food Regulations

As a surplus food business, we comply with federal and state laws, including:

  • Bill Emerson Good Samaritan Food Donation Act: Protects donors from liability when donating food in good faith to nonprofits.

  • California SB 1383: Requires certain businesses to donate surplus edible food and maintain donation records. We track donation amounts, frequency, and types as required.

  • New York Food Donation and Food Scraps Recycling Law: Mandates large food waste generators to donate excess edible food and recycle scraps. We facilitate compliance for our merchant partners.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal, operational, or business changes. We will notify you of material changes via email, in-app notifications, or a prominent notice on our website at least 30 days before they take effect. Your continued use of the Service after such notice constitutes acceptance of the updated policy.

12. Contact Us

For questions, privacy requests, or to exercise your rights, contact us at:

Email: privacy@secnds.com

For California residents, you may designate an authorized agent to submit requests with written permission and identity verification.

13. Dispute Resolution

Any disputes related to this Privacy Policy or our privacy practices will be resolved through binding arbitration in [Insert State, e.g., Delaware], except for claims eligible for small claims court. Arbitration will follow the rules of the American Arbitration Association (AAA). You may opt out of arbitration within 30 days of first using the Service by emailing privacy@secnds.com.

14. State-Specific Disclosures

A. California (CCPA/CPRA)

  • Categories of Personal Information Collected: Identifiers (name, email, phone, IP address), commercial information (order history, payment details), geolocation data, internet activity (usage data, cookies), and inferences (preferences).

  • Categories Shared: Identifiers and commercial information with merchants for order fulfillment; identifiers and internet activity with service providers (e.g., analytics, payment processors).

  • No Sale of Data: We do not sell personal information as defined by CCPA. However, sharing data for targeted advertising may be considered a “sale” or “sharing” under CPRA. You may opt out via the “Do Not Sell or Share My Personal Information” link.

  • Sensitive Data: We collect precise geolocation only with your consent for location-based deals. You may limit its use via account settings.

B. New York (SHIELD Act)

  • We maintain reasonable safeguards to protect private information (e.g., Social Security numbers, financial data) and will notify you of any data breaches as required.

C. Other States

  • States like Virginia (VCDPA)Colorado (CPA)Connecticut (CTDPA), and Utah (UCPA) grant rights to access, correct, delete, and opt out of data processing. We comply with these laws where applicable.

  • If your state has specific privacy requirements, contact us to exercise your rights.