Privacy Policy

This policy applies to visitors to our marketing site, organization administrators and team members who use Bus Stash on behalf of a business ("Customer"), and individuals who interact with Customer-operated features such as public request flows linked from tours or events. If you use the Service as part of your job, your organization may have additional policies that also apply.

We collect information in the following categories, depending on how you use the Service:

• Account and profile data. For example: name, email address, organization name, workspace identifiers, and similar details you or your administrator provide when creating or managing an account.
• Operational and content data. Information your organization enters or generates in the Service, such as tours, runs, requests, receipts, notes, assignments, and status updates needed to operate your workflows.
• Public request interactions. Some features allow people to submit requests through links (for example, QR-based flows) without creating a Bus Stash account. We collect the information submitted in those flows so the relevant organization can fulfill the request and maintain records.
• Technical and usage data. Such as IP address, device and browser type, general location derived from IP (for example, region or city level), timestamps, and diagnostic logs. We use this to secure the Service, troubleshoot issues, and understand aggregate usage patterns.
• Communications. If you contact support or correspond with us, we retain those messages and related metadata to respond and improve support quality.

We use the information above to:

• Provide, operate, maintain, and improve the Service;
• Authenticate users, enforce access controls, and protect accounts;
• Send service-related and administrative messages (for example, security notices or account verification);
• Detect, prevent, and address fraud, abuse, security incidents, and technical problems;
• Comply with law and respond to lawful requests; and
• Analyze usage in aggregate to improve reliability and product experience.

We do not use your organization's operational data to train public machine-learning models for unrelated third parties, and we do not sell lists of our customers or their contacts for unrelated marketing purposes.

We do not sell your personal information and we do not share it with third parties for their own independent marketing purposes. We only disclose information as described in this policy: for example, to provide the Service, when instructed by a Customer (such as integrations the Customer enables), when required by law, or in connection with a business transaction as described below.

We may share information in these situations:

• Service providers. We use trusted vendors (for example, hosting, email delivery, security, and analytics) who process information on our behalf under contractual terms that require appropriate confidentiality and security measures. They may only use the data to provide services to us.
• Customer organizations.If you are a member of an organization's workspace, your administrators and authorized teammates can access information needed to administer the account and use the Service, consistent with their own policies.
• Integrations.If a Customer connects third-party services (such as cloud storage or other tools), information may be shared with those services according to the Customer's configuration and the third party's terms.
• Legal and safety. We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Bus Stash, our users, or others.
• Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality arrangements. We will take reasonable steps to ensure continuity of protections.
• With your direction. When you ask us to share information, or when you otherwise consent.

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security.

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods can vary based on the type of data and your organization's settings. Customers may contact us regarding deletion or export requests where applicable.

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing of your personal information, or to object to processing or request portability. To exercise these rights, contact us using the details below. We may need to verify your request and may decline requests where permitted by law (for example, if fulfillment would impair others' rights or our legal obligations).

If you receive marketing emails from us (where applicable), you can opt out using the link in those emails. Transactional and security-related messages may continue as needed to operate your account.

The Service is not directed to children under 13 (or the age required by local law), and we do not knowingly collect personal information from children for commercial purposes. If you believe we have collected such information, contact us and we will take appropriate steps.

We may process and store information in the United States and other countries where we or our service providers operate. Those countries may have different data protection laws than your country of residence. Where required, we use appropriate safeguards for cross-border transfers.

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. If changes are material, we will provide additional notice as appropriate (for example, by email or an in-product notice). Your continued use of the Service after the effective date constitutes acceptance of the updated policy, to the extent permitted by law.

For privacy-related questions, requests, or complaints, contact [email protected].