Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an account or use the App, you may provide us with the following information:

• Account Information: Your email address, first name, last name, and optional zip code provided during registration or profile setup.
• Password: Your account password, which is securely managed through our authentication provider (Supabase Auth) and is never stored in plaintext.
• City Preferences: The Texas cities you select for construction zone tracking, your active city designation, and your notification preferences for each city.
• City Requests: If you request a city that is not yet available, we collect the city name and associate it with your account.

1.2 Information Collected Automatically

When you use the App, certain information is collected automatically:

• Device Push Token: If you enable push notifications, we collect your device’s Expo push notification token to deliver alerts about construction zones in your selected cities.
• Usage Data: We may collect general usage data such as app interactions, feature usage, and error logs to improve the App’s performance and reliability.
• IP Address: IP addresses may be temporarily processed and immediately transformed into hashed or anonymized form for security and rate-limiting purposes (e.g., to prevent abuse of our waitlist signup feature). We do not store raw IP addresses.
• Server-Side Logging: We may use server-side logging to monitor API performance, diagnose errors, and detect security threats. These logs may contain request metadata (such as timestamps, endpoints accessed, and response codes) and are typically retained for 30 days before being automatically purged.

1.3 Information We Do NOT Collect

We do not collect precise geolocation data, contacts, photos, microphone or camera data, browsing history, financial or payment information through the App, or any biometric data.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account.
• To deliver construction zone data and alerts for your selected Texas cities.
• To send push notifications based on your per-city notification preferences (new zones, major closures, ending soon alerts, and weekly digests).
• To process and prioritize city requests from users.
• To enforce account-level features (e.g., city limits based on your subscription tier).
• To improve, maintain, and optimize the App’s performance and user experience.
• To prevent abuse, fraud, and unauthorized access through rate limiting and security measures.
• To communicate important updates about the App or changes to our policies.

3. Legal Basis for Processing

We process personal information based on one or more of the following legal grounds: (a) performance of a contract when providing App services; (b) legitimate interests such as improving service reliability and preventing abuse; (c) compliance with legal obligations; and (d) user consent where required.

By using the App, you understand that your information may be processed and stored in the United States.

4. Data Storage and Security

4.1 Infrastructure

Your data is stored on Supabase, a cloud database platform hosted on Amazon Web Services (AWS). Supabase provides enterprise-grade security including encrypted connections (SSL/TLS), row-level security policies that restrict data access to authenticated users, and regular security audits.

4.2 Security Measures

We implement the following security measures to protect your data:

• Row-Level Security (RLS) policies ensure users can only access their own data.
• Server-side triggers enforce business rules (such as city limits) to prevent manipulation.
• Protected database columns prevent unauthorized modification of sensitive fields (e.g., subscription status).
• API keys and secrets are stored in an encrypted vault, not hardcoded in application code.
• Email verification is required for account activation.
• Passwords must meet minimum complexity requirements (8+ characters, uppercase letter, number).

While we implement reasonable administrative, technical, and organizational safeguards, no system can be guaranteed to be completely secure.

4.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the App’s services. When you delete a city from your saved cities, a historical record is maintained for audit purposes (containing the city name, notification preferences at the time of removal, and the date of the action). If you delete your account, all associated data—including your profile, saved cities, and notification preferences—is permanently removed through cascading deletion.

5. Third-Party Services

We use the following third-party services to operate the App:

• Supabase: Cloud database and authentication provider. Supabase processes and stores your account data, city preferences, and notification settings.
• Expo (React Native): Mobile app framework and push notification service. Expo processes your device push token to deliver notifications. Push tokens are also processed by Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM) to facilitate delivery to your specific device.
• Amazon Web Services (AWS): Cloud infrastructure provider hosting our database.

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

Construction zone information displayed within the App may originate from publicly available government or third-party data sources. Such data may be processed and reformatted for informational purposes within the App.

6. Push Notifications

If you opt in to push notifications, we will send you alerts based on your per-city preferences. These may include notifications about new construction zones, major road closures, zones ending soon, and periodic digest summaries. You can customize notification types and frequency for each city within the App, or disable notifications entirely through your device’s system settings.

Delivery timing and reliability of push notifications depend on third-party platform services and device settings. We do not guarantee delivery or timeliness of notifications. Notifications are provided for informational purposes only and should not be relied upon for real-time safety decisions.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: You can view all personal data associated with your account directly within the App.
• Correction: You can update your name, zip code, and notification preferences at any time through the App.
• Deletion: You can delete your account directly within the App (Settings > Delete Account) or by contacting us at admin@closurecast.com. See Section 7.1 below for details.
• Opt-Out of Notifications: You can disable push notifications for individual cities within the App or disable all notifications through your device settings.
• Data Portability: You may request a copy of your personal data by contacting us at admin@closurecast.com.

7.1 Account Deletion and Data Retention

When you delete your account, the following data is permanently and immediately removed: your profile information (name, email, zip code), all saved cities and notification preferences, city request history, push notification token, active subscription details, and Terms of Service acceptance records.

To comply with tax, legal, and financial reporting obligations, we retain the following anonymized data after account deletion: payment transaction records with personal information removed (retained up to 7 years as required by tax law), and an anonymized audit record containing one-way cryptographic hashes of your email and name (not your actual email or name — these hashes cannot be reversed), account creation and deletion dates, account age, Terms of Service versions accepted, subscription tier and plan at deletion, and total payment history. These hashes are used solely for compliance verification, fraud prevention, and legal dispute resolution.

If you have an active paid subscription, deleting your account does not automatically cancel your app store subscription. Please cancel your subscription through Google Play or Apple App Store settings before deleting your account.

8. Children’s Privacy

The App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at admin@closurecast.com.

9. State-Specific Privacy Rights

9.1 California Residents (CCPA)

If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, request deletion of your personal information, and opt out of the sale of your personal information. We do not sell personal information. To exercise these rights, contact us at admin@closurecast.com.

9.2 Texas Residents (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act provides you with rights regarding your personal data, including the right to access, correct, delete, and obtain a copy of your personal data. To exercise these rights, contact us at admin@closurecast.com. We will respond to verified requests within 45 days.

10. Cookies and Tracking Technologies

The ClosureCast mobile app does not use cookies, web beacons, or similar tracking technologies. We do not engage in cross-app tracking or behavioral advertising.

If we introduce a web-based version of ClosureCast or integrate third-party analytics in the future, this section will be updated to disclose any cookies or tracking technologies used, their purpose, and how you can manage your preferences. Any such changes will be reflected in an updated version of this Privacy Policy, and you will be prompted to review and accept the changes.

11. Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, user information may be transferred as part of that transaction subject to applicable privacy protections. If such a transfer occurs, we will notify you via email or a prominent notice within the App and outline your choices regarding your personal information.

12. Service Analytics

We may use aggregated and anonymized usage statistics that do not identify individual users to improve platform performance, understand feature adoption, and support service planning. These aggregated statistics cannot be used to identify any individual user.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the App and updating the “Last Updated” date. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

True Tone Mirror LLC
Email: admin@closurecast.com
Website: closurecast.com