Privacy Policy

Effective Date: August 20, 2025
Last Updated: August 2, 2025

Benri LLC ("we," "us," or "our") operates the Paddy mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

Personal Information

• Registration Data: Username, email address (for registered users)
• Profile Information: Display name, optional profile photo/avatar
• Authentication Data: OAuth credentials from Google or Apple Sign-In

Location Information

• Real-Time Location: GPS coordinates when using the App
• Background Location: Location updates when the App is backgrounded (only during active requests)
• Last Known Location: Stored to facilitate supply matching

Communication Data

• Messages: Chat messages between users (end-to-end encrypted)
• Request Details: Supply requests including type, urgency, and comments
• Push Notification Tokens: Device tokens for sending notifications

Technical Information

• Device Information: Device type, operating system, App version
• Usage Data: How you interact with the App's features
• Error Logs: Crash reports and error data for App improvement

Biometric and Behavioral Data

• Location Patterns: Analysis of location data may create identifiable patterns that could be considered biometric identifiers under certain state laws
• Usage Patterns: Behavioral patterns from app interaction that may identify individual users
• Algorithmic Profiling: Data used by our matching algorithms to make automated decisions about user compatibility

We use the collected information for:

Core App Functionality

• Supply Matching: Connect users in need with nearby helpers
• Real-Time Messaging: Enable secure communication between users
• Location Services: Facilitate meetup coordination and proximity matching
• Push Notifications: Alert users of new requests and messages

Safety and Security

• User Safety: Enable reporting and blocking features
• App Security: Prevent fraud, abuse, and unauthorized access
• Content Moderation: Review reported content and behavior

App Improvement

• Performance Optimization: Improve App speed and reliability
• Feature Development: Develop new features based on usage patterns
• Bug Fixes: Identify and resolve technical issues

Automated Decision-Making

We use automated systems and algorithms for:

• User Matching: Algorithmic matching of supply requests with nearby helpers
• Content Filtering: Automated detection of inappropriate content
• Safety Screening: Automated analysis of user behavior for safety concerns
• Notification Targeting: Automated decisions about which users receive notifications

User-to-User Sharing

• Public Profile Information: Display name and avatar are visible to other users
• Location Information: Approximate location shared only during active requests
• Chat Messages: Shared only between matched users

Service Providers

We may share information with third-party service providers:

• Supabase: Database hosting and authentication services
• Expo: Push notification delivery
• Google/Apple: OAuth authentication services

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users
• Prevent fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.

Encryption

• In Transit: All data transmitted using TLS 1.3 encryption
• At Rest: Database encryption using AES-256
• Messages: End-to-end encryption for user communications

Access Controls

• Authentication: Secure login with OAuth providers
• Database Security: Row-level security policies
• API Security: Authenticated and authorized API access

Data Minimization

• Collection: We collect only necessary information
• Retention: Data is retained only as long as necessary

Breach Response Commitment

In the event of a data security incident that affects your personal information, we will:

• Immediate Assessment: Investigate and assess the incident within 24 hours of discovery
• Regulatory Notification: Report to applicable authorities within legally required timeframes (typically 72 hours)
• User Notification: Notify affected users within 72 hours of confirming the breach affects personal data
• Remediation Actions: Take immediate steps to secure systems and prevent further unauthorized access

Notification Method

We will notify you of data breaches through:

• In-App Notification: Prominent alert when you next open the App
• Email Notification: To your registered email address (if available)
• Website Notice: Prominent notice on our website
• Direct Communication: Phone or mail if required by law

Information Provided

Breach notifications will include:

• Description of what happened and when we discovered it
• Types of information that were involved
• Steps we have taken to address the breach
• Steps you can take to protect yourself
• How to contact us for more information

Data Retention for All Users

• Profile Data: Retained until account deletion
• Message History: Retained until account deletion
• Location Data: Last known location updated continuously; historical data not stored

Legal Retention

Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention.

Access and Control

• Account Settings: Update profile information and preferences
• Data Access: Request a copy of your personal data
• Data Correction: Update or correct your information
• Account Deletion: Delete your account and associated data

Communication Preferences

• Push Notifications: Control notification settings in the App
• Email Communications: Opt out of promotional emails
• Location Sharing: Control when location is shared

California Privacy Rights (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

The App is intended for users 18 years and older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from someone under 18, we will delete that information immediately.

While our App is primarily designed for use in the United States, we may have users from other countries. We will comply with applicable international privacy laws and regulations.

OAuth Providers

• Google Sign-In: Subject to Google's Privacy Policy
• Apple Sign-In: Subject to Apple's Privacy Policy

Map Services

• Location Services: Subject to your device's location settings and permissions

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Sending a notification through the App
• Email notification (for registered users)

Changes become effective immediately upon posting unless otherwise stated.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

For urgent privacy concerns or data breach notifications, please use our web contact page at /contact