Privacy Policy
Last updated: June 23, 2026
Farlo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Farlo mobile application ("App"). Please read this policy carefully.
Data Controller: Farlo Technologies LLC, a limited liability company organized under the laws of South Carolina. Contact: support@farlo.app.
1. Information We Collect
Information you provide directly:
- Account registration details: name, email address, and password (or social sign-in credentials via Apple or Google)
- Profile information: display name and profile photo
- Business owner details: business name, type (mobile or fixed location), business address, cuisine or category type, description, logo, photos, and social media handles
- Menu information: item names, descriptions, prices, categories, and photos
- Employee information: if you are a business owner who adds employees, we store their email addresses and shift records
- Booking requests: event details, dates, times, location, guest count, and contact information you submit when requesting a private event
- Financial information: estimates, deposit requests, and invoices exchanged between business owners and customers. Payment card details are never stored by Farlo — they are handled directly by Stripe (see Section 4).
- Communications you send through the App, including booking messages
Information collected automatically:
- Device information: device type, operating system, and unique device identifiers
- Precise geolocation: with your permission, we collect your device's real-time GPS location to show nearby businesses on the map. This is sensitive personal information under the California Consumer Privacy Act (CPRA) — see Section 11 for your rights regarding this data. You can disable location access in your device settings at any time.
- Usage data: how you interact with the App, features you use, and actions you take
- Push notification tokens: to deliver notifications about businesses and bookings
- Crash and performance data: technical diagnostic information to help us maintain and improve the App
Information from third parties:
- If you sign in with Apple or Google, we receive basic profile information (name and email) from those providers, subject to your privacy settings with them
- If you connect a Stripe account as a business owner, we receive your Stripe account identifier to enable payment processing
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account (legal basis: performance of contract)
- Display local businesses on the map and power location-based features (legal basis: performance of contract / legitimate interests)
- Process and manage event booking requests, including estimates, deposits, and invoices (legal basis: performance of contract)
- Facilitate payments between customers and business owners through Stripe (legal basis: performance of contract)
- Send push notifications about business locations, booking updates, payment activity, and owner announcements (legal basis: consent, which you may withdraw at any time)
- Allow business owners to manage their profiles, menus, employees, schedules, and bookings (legal basis: performance of contract)
- Improve and maintain the App (legal basis: legitimate interests)
- Respond to your questions or support requests (legal basis: legitimate interests)
- Comply with legal obligations (legal basis: legal obligation)
3. How We Share Your Information
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
We may share your information in the following circumstances:
- With other users: Your display name and profile photo are visible to other users. If you are a business owner, your business name, profile, menu, and location (when open) are visible to customers on the map. If you submit a booking request, your contact details are shared with the business owner to facilitate the booking.
- With service providers: We share information with third-party vendors that help us operate the App, including:
- Supabase — database, authentication, and file storage (servers located in the United States)
- Stripe — payment processing. When you make or receive a payment through the App, relevant transaction information is shared with Stripe. Stripe's privacy policy is available at stripe.com/privacy.
- Firebase (Google) — push notifications
- Google — maps, sign-in, and address autocomplete (Places API)
- Apple — sign-in and App Store services
- RevenueCat — subscription management
- For legal reasons: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Farlo, our users, or the public.
- Business transfers: If Farlo is acquired, merges with another company, or undergoes a similar corporate transaction, your information may be transferred as part of that transaction. We will notify you of any such change via the App or email.
4. Payment Processing
Payments in the App are processed by Stripe. Farlo does not store payment card numbers, bank account details, or other sensitive financial credentials. When a consumer makes a payment, funds are transferred directly to the business owner's connected Stripe account. Farlo does not hold or control these funds at any point. By using payment features, you agree to Stripe's terms and privacy policy.
5. Location Data
The App requests access to your precise device location to show nearby businesses. Location access is optional for consumers — the App will work without it, but map features will be limited. We do not share consumer location data with other users or third parties for advertising purposes.
Business owners who choose to mark their business as open on the map voluntarily share their real-time location with all App users. This location data is visible on the map while the business is marked as open, and is removed when the owner closes. Business owners control when and whether their location is broadcast.
Precise geolocation is classified as sensitive personal information under California law. California residents have the right to limit our use of this data to what is necessary to provide the requested service. See Section 11 for how to exercise this right.
6. Analytics and Tracking
We collect usage and diagnostic data (such as features used, session duration, and crash reports) to understand how the App is used and to improve it. We do not use third-party advertising networks or engage in cross-app tracking. We do not use Apple's Advertising Identifier (IDFA) for advertising purposes.
If we introduce analytics tools that engage in cross-app tracking in the future, we will update this policy and present Apple's App Tracking Transparency prompt before doing so.
7. Push Notifications
We may send push notifications about nearby businesses, booking status updates, payment activity, and owner announcements. You can manage notification preferences within the App or through your device's system settings at any time. Withdrawing consent for notifications does not affect other aspects of your account.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the App's services. If you delete your account, we will delete or anonymize your personal information within 30 days, except:
- Financial records (estimates, deposits, invoices, and transaction logs) may be retained for up to 7 years as required by applicable tax and financial recordkeeping law;
- Information we are required to retain by applicable law or legal process; and
- Aggregated or anonymized data that no longer identifies you, which we may retain indefinitely.
9. Data Security
We implement appropriate technical and organizational measures to protect your information against unauthorized access, loss, or disclosure, including encryption in transit (TLS) and access controls on our databases. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
In the event of a data breach that creates a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law, including within 72 hours where required by the GDPR.
10. Children's Privacy
The App permits users aged 13 and older to create an account for general browsing and discovery. However, users must be at least 18 years of age to place orders, make payments, or enter into financial transactions through the App. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@farlo.app and we will delete it promptly.
11. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights regarding your personal information:
- Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions (e.g., to complete a transaction, comply with a legal obligation, or exercise free speech).
- Right to Correct: You may request correction of inaccurate personal information we hold about you.
- Right to Opt Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You may still submit an opt-out request to confirm our practices.
- Right to Limit Use of Sensitive Personal Information: We collect precise geolocation, which is sensitive personal information under the CPRA. You may request that we limit our use of your precise location to what is necessary to provide the App's core mapping features. The most effective way to exercise this right is to revoke location access through your device settings.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of the above rights.
How to Submit a Request: You may submit a privacy request by emailing support@farlo.app or through the "Delete Account" function in the App. We will respond within 45 days. We may need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf by providing written authorization.
Minors Under 16: We do not sell or share the personal information of users we know to be under 16 years of age.
12. Other U.S. State Privacy Rights
A number of U.S. states — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and a growing list of others — have enacted comprehensive consumer privacy laws. If you are a resident of a state with such a law, you may have some or all of the following rights, depending on your state of residence:
- Right to Confirm and Access: to confirm whether we are processing your personal data and to access that data.
- Right to Correct: to correct inaccuracies in the personal data we hold about you.
- Right to Delete: to request deletion of personal data we have collected about you.
- Right to Data Portability: to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
- Right to Opt Out: to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. As described in Section 3, we do not sell your personal data, do not use it for targeted advertising, and do not engage in such profiling.
Sensitive data. Several of these laws require opt-in consent before processing sensitive data, which includes precise geolocation. We collect precise geolocation only after you grant location permission through your device, and you may withdraw that permission at any time in your device settings.
How to exercise your rights. You may submit a request by emailing support@farlo.app or through the "Delete Account" function in the App. We will respond within the timeframe required by your state's law (generally 45 days, with an extension where permitted). We may need to verify your identity before acting on your request.
Right to appeal. Where your state's law provides an appeal right, if we decline to act on your request you may appeal our decision by replying to our response or contacting us at support@farlo.app. If your appeal is denied, you may contact your state attorney general.
13. International Users and GDPR
The App is operated from the United States. If you are located in the European Union, United Kingdom, or another jurisdiction with data protection laws, please be aware that your information will be transferred to and processed in the United States.
Legal Bases for Processing (EU/UK Users): We process your personal data on the following legal bases under GDPR Article 6: (a) performance of a contract (account creation, bookings, payments); (b) legitimate interests (App improvement, security, fraud prevention); (c) compliance with legal obligations; and (d) your consent (push notifications, optional location sharing).
International Transfers: When we transfer personal data from the EU or UK to the United States, we rely on available transfer mechanisms including Standard Contractual Clauses (SCCs) with our service providers (Supabase, Stripe, Google/Firebase, RevenueCat) where applicable. You may request information about these mechanisms by contacting us.
EU/UK Data Subject Rights: In addition to the access, correction, and deletion rights described elsewhere in this Policy, EU and UK residents have the right to:
- Restrict processing of your personal data in certain circumstances;
- Receive your personal data in a portable format;
- Object to processing based on legitimate interests;
- Withdraw consent at any time (for processing based on consent) without affecting the lawfulness of prior processing;
- Not be subject to solely automated decision-making that produces legal or similarly significant effects; and
- Lodge a complaint with your local supervisory authority (in the EU, your national data protection authority; in the UK, the Information Commissioner's Office).
We aim to respond to data subject requests within 30 days. We will appoint an EU/UK representative as required by applicable law upon our having an establishment in or significant users from those regions.
14. Your Choices and Rights
Regardless of your location, you may:
- Access or correct your account information through the App's account settings
- Delete your account through the "Delete Account" option in the App
- Opt out of push notifications through App or device settings
- Revoke location access through your device settings
- Contact us at support@farlo.app for any data request you cannot fulfill through the App
15. Third-Party Links and Services
The App integrates with third-party services including Google Maps, Apple Maps, and Stripe. This Privacy Policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you use.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you through the App or by email. Your continued use of the App after changes constitutes your acceptance of the updated policy.
17. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, or to submit a privacy rights request, please contact us at support@farlo.app.