Privacy Policy

1. Introduction

PostUp Sign Installations (“PostUp,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at postup.breakglass.tech and related services (the “Service”).

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: Your name and email address when you create an account
• Contact information: Phone number (optional), used for installation notifications via SMS
• Property information: Property addresses, access instructions (gate codes, HOA restrictions), and listing details for installation scheduling
• Payment information: Credit card and billing details, which are collected and processed directly by Stripe — we do not store your full card number on our servers
• Communications: Messages, feedback, and support requests you send to us

2.2 Information Collected Automatically

• GPS-tagged photographs: Our installers capture GPS-verified photos at the installation site as proof of service. These photos include location metadata (latitude and longitude)
• Device information: Browser type, operating system, and device type when you access our platform
• Usage data: Pages visited, features used, and interaction patterns within the platform
• QR code scan data: When visitors scan QR codes on installed signs, we collect anonymous scan counts and timestamps

2.3 Cookies and Session Data

We use cookies for authentication and session management through Auth.js. These are essential cookies required for the Service to function. Specifically:

• Session cookies: Used to keep you logged in after authenticating via magic link. These cookies expire when you close your browser or after a set period of inactivity
• Authentication tokens: Secure, HTTP-only cookies that verify your identity across requests

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account, including authenticating your identity via magic link email
• Schedule, coordinate, and complete sign installations at your requested properties
• Provide real-time installation tracking and status notifications
• Generate GPS-verified photo proof of completed installations
• Process payments and generate invoices, including annual tax summaries
• Perform HOA, POA, and county compliance checks for your installations
• Send transactional emails (order confirmations, scheduling updates, installation completion notifications)
• Send SMS notifications about installation status (if you opted in with a phone number)
• Provide customer support and respond to your inquiries
• Improve our Service, fix bugs, and develop new features
• Comply with legal obligations and resolve disputes

4. How We Share Your Information

We do not sell your personal information. We share your information only with the following third-party service providers who are necessary to operate the Service:

• Stripe — Payment processing. Stripe receives your payment details (card number, billing address) to process transactions. Stripe's privacy policy governs their handling of your payment data. stripe.com/privacy
• Resend — Email delivery. Resend processes your email address to deliver transactional emails (magic link authentication, order confirmations, installation updates). resend.com/legal/privacy-policy
• Twilio — SMS notifications. If you provide a phone number, Twilio processes it to deliver installation status updates via text message. twilio.com/legal/privacy

We may also share your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

If PostUp is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on our platform.

5. Data Storage and Security

Your data is stored on secure servers hosted by Hetzner in the United States. Installation photos are stored on our servers and served through authenticated API routes — only you and authorized PostUp personnel can access your installation photos.

We implement industry-standard security measures to protect your information, including:

• HTTPS encryption for all data in transit
• Secure, HTTP-only authentication cookies
• Password-less authentication via magic links (reducing the risk of credential theft)
• Database encryption at rest
• Role-based access controls for administrative functions

While we take reasonable precautions to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as:

• Your account is active and you continue to use the Service
• Necessary to fulfill the purposes described in this policy
• Required by applicable law (e.g., tax records, invoices, and financial records may be retained for up to 7 years for compliance purposes)

Installation photos are retained for 12 months after the installation date, after which they may be archived or deleted. Invoices and payment records are retained for 7 years for tax and accounting purposes.

If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information, subject to legal retention requirements
• Data portability: Request your data in a structured, machine-readable format
• Opt-out of SMS: You can stop receiving SMS notifications at any time by removing your phone number from your account settings or replying STOP to any text message

To exercise any of these rights, please contact us at legal@postupsigns.com. We will respond to your request within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it
• Right to delete: You may request deletion of your personal information, subject to certain exceptions
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
• Sale of personal information: We do not sell your personal information to third parties

To exercise your CCPA rights, contact us at legal@postupsigns.com. We will verify your identity before processing your request.

9. Florida Privacy Rights

If you are a Florida resident, the Florida Digital Bill of Rights (FDBR) may provide you with additional privacy protections, including:

• The right to access your personal data
• The right to correct inaccuracies in your personal data
• The right to delete your personal data
• The right to obtain a copy of your personal data in a portable format
• The right to opt out of the processing of your personal data for targeted advertising (note: we do not engage in targeted advertising)

To exercise your Florida privacy rights, contact us at legal@postupsigns.com.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@postupsigns.com.

11. Third-Party Links

Our Service may contain links to third-party websites or services (such as Stripe's payment portal). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Offline Data Storage

Our platform includes progressive web app (PWA) functionality that allows certain data to be stored locally on your device using IndexedDB for offline access. This locally stored data includes pending job information and is synchronized with our servers when your device reconnects to the internet. This data remains on your device and is under your control — you can clear it at any time through your browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: legal@postupsigns.com
• Website: postup.breakglass.tech/contact
• Location: Dunnellon, FL 34432