Privacy Policy

1. Introduction

QuickKey ("we," "us," or "our") operates a marketplace platform that connects customers with independent locksmith service providers. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our mobile applications, website, and related services (collectively, the "Platform").

By creating an account or using the Platform, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Platform.

2. Information We Collect

We collect information in the following categories:

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in with Google or Apple, we receive your name and email address from those providers. For locksmith users, we also collect business name, business email, business phone number, business address, and website URL.

2.2 Phone Number and OTP Verification

Customers provide a phone number during onboarding. When submitting a job request, we send a one-time passcode (OTP) via SMS to verify phone possession. We store your phone number in E.164 format. We do not store OTP codes after verification. We retain verification challenge metadata (timestamps, success or failure status) for fraud prevention and audit purposes.

2.3 Location and GPS Data

We collect location data to provide core platform functionality, including matching customers with nearby locksmiths and displaying map-based search results. For customers, we collect the service address provided with job requests and, with your permission, your device's GPS location for "use my location" search features. For locksmiths, we collect business address, service ZIP codes, and, with your permission, device GPS location for nearby job discovery. Location data is stored as geographic coordinates and used for distance calculations and search ranking.

2.4 Uploaded Files

Customers may upload up to three (3) photos or documents per job request to describe the service needed. Locksmith users submit licensing documents, insurance certificates, and optionally a business logo or avatar during onboarding. All uploaded files are stored securely in object storage. We verify file types and apply size limits. We strip EXIF geolocation metadata from customer images before any public-facing use. Locksmith documents are kept private and are accessible only to QuickKey administrators for review purposes.

2.5 Device and Technical Information

We automatically collect certain technical information when you use the Platform, including device type, operating system version, unique device identifiers, IP address, browser type (for web access), app version, and general diagnostic data. This information helps us maintain platform security, diagnose technical issues, and improve performance.

2.6 Usage Data

We collect information about how you interact with the Platform, including pages and screens viewed, features used, search queries, actions taken (such as job creation, offer acceptance, and message sending), timestamps of activity, and navigation patterns. This data is used to improve the Platform, understand user behavior, and optimize the user experience.

2.7 Communications

We store messages sent through the per-job messaging system between customers and locksmiths. We may also retain communications you send to our support team at team@quickkeymobile.com or other QuickKey contact addresses.

2.8 Billing Information

For locksmith users with paid memberships, payment information (such as credit card details) is collected and processed directly by Stripe, our payment processor. QuickKey does not store full credit card numbers. We receive and store a Stripe customer identifier, subscription status, plan type, and billing event history to manage membership entitlements.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Matching and service delivery: To connect customers with nearby, qualified locksmiths based on location, service area, availability, and ranking criteria
• Communication: To facilitate messaging between customers and accepted locksmiths, and to send you service-related notifications (job updates, application status, new messages)
• Billing: To process locksmith membership subscriptions, manage plan entitlements, and handle billing events
• Verification and safety: To verify phone numbers via OTP, review locksmith documents for approval, prevent fraud and abuse, and enforce our Terms of Service
• Platform improvement: To analyze usage patterns, improve features, optimize search and ranking algorithms, and fix bugs
• Legal compliance: To comply with applicable laws, respond to legal requests, and protect our rights and the rights of our users
• Customer support: To respond to your inquiries, resolve disputes, and provide technical assistance

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Between users: When a locksmith accepts a job, the customer and locksmith can see relevant information about each other (such as name, business details, job details, and service address) necessary to complete the service. Messaging content is shared between the customer and accepted locksmith for that job.
• With service providers: We share information with third-party service providers who process data on our behalf, as described in Section 5.
• For legal purposes: We may disclose information if required by law, regulation, legal process, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of QuickKey, our users, or the public.
• Business transfers: If QuickKey is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With your consent: We may share information in other circumstances with your explicit consent.

5. Third-Party Service Providers

We use the following third-party service providers to operate the Platform. Each provider processes data in accordance with their own privacy policies:

• Stripe (stripe.com) — Payment processing for locksmith membership subscriptions. Stripe receives billing information, email addresses, and subscription details. Stripe's privacy policy is available at stripe.com/privacy.
• Twilio (twilio.com) — SMS delivery for phone number verification (OTP). Twilio receives phone numbers and verification codes. Twilio's privacy policy is available at twilio.com/legal/privacy.
• Vercel (vercel.com) — Web application hosting and serverless API infrastructure. Vercel processes web requests, IP addresses, and serves our web application. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
• Neon (neon.tech) — Cloud database hosting (PostgreSQL). Neon stores our application data, including user accounts, job records, messages, and related data. Neon's privacy policy is available at neon.tech/privacy.
• Expo / EAS (expo.dev) — Mobile push notification delivery and app build services. Expo receives push notification tokens and notification content. Expo's privacy policy is available at expo.dev/privacy.

6. Cookies and Analytics

Our website uses cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze website traffic. We may use analytics services to collect aggregated usage data to help us understand how users interact with the Platform and improve our services.

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled.
• Analytics cookies: Used to collect aggregated data about Platform usage to help us improve our services. These do not collect personally identifiable information.

The mobile application does not use cookies but may use device-local storage for session management and application preferences. We use secure storage mechanisms for sensitive data such as authentication tokens.

We do not send raw personally identifiable information (PII) to analytics services. Analytics data is aggregated and anonymized before processing.

7. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide you with the Platform services. Specific retention practices include:

• Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
• Job records: Retained for operational, dispute resolution, and compliance purposes
• Messages: Retained while the associated job record exists
• Uploaded files: Customer job attachments are retained while the associated job exists. Locksmith documents are retained while the locksmith account is active.
• Verification records: OTP challenge metadata is retained for fraud prevention and audit purposes
• Billing records: Retained as required by applicable tax and financial regulations
• Audit logs: Retained for security and compliance purposes

You may delete your account at any time using the "Delete Account" feature in the app's Profile settings. This feature requires you to confirm your email address to prevent accidental or unauthorized deletion. You may also request deletion by contacting us at team@quickkeymobile.com.

Upon account deletion:

• Immediate: Your account is deactivated and you are signed out. You can no longer access the Platform.
• Within 30 days: Personal information (name, email, phone number, addresses) is anonymized or deleted. Profile data is removed from search results.
• Retained for legal/operational purposes: Job records, message history, and operational data may be retained in anonymized form for dispute resolution, fraud prevention, and platform integrity. Billing records are retained as required by tax and financial regulations. Audit logs are retained for security compliance.

If you change your mind within the 30-day anonymization window, contact team@quickkeymobile.com to request account reactivation. After anonymization is complete, account recovery is not possible.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete personal information
• Deletion: Request that we delete your personal information, subject to legal retention requirements
• Portability: Request your personal data in a structured, commonly used, and machine-readable format
• Restriction: Request that we restrict the processing of your personal information in certain circumstances
• Objection: Object to the processing of your personal information for certain purposes
• Withdraw consent: Where processing is based on consent, you may withdraw your consent at any time

To exercise any of these rights, please contact us at team@quickkeymobile.com. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Secure session management with token rotation
• Secure storage for authentication tokens on mobile devices
• Role-based access controls for internal systems
• Parameterized database queries to prevent injection attacks
• Rate limiting on authentication, OTP, and API endpoints
• Regular security monitoring and logging
• Webhook signature verification for third-party integrations

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

10. Children's Privacy

QuickKey is not designed for, directed at, or intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at team@quickkeymobile.com.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country. By using the Platform, you consent to the transfer of your information to the United States and other countries where our service providers operate. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions where we process it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on the Platform with a revised "last updated" date and, for registered users, by sending an email or in-app notification. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy.

13. Contact for Privacy Requests

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your data is handled, please contact us:

• Email: team@quickkeymobile.com
• General support: team@quickkeymobile.com

We will acknowledge your request within five (5) business days and provide a substantive response within thirty (30) days.