1. Information We Collect
We collect the following information to operate this service:
Account Information (registered users)
- Email address
- Password (securely hashed — we never store or see your plain-text password)
- Display name (auto-generated, customisable by premium users)
- Avatar URL and bio (optional, user-provided)
Automatically Collected Data
- Device fingerprint (anonymous one-way hash based on browser and device characteristics)
- Browser information (user agent, screen size, timezone)
- IP address (for rate limiting and abuse prevention)
User-Submitted Content
- Report content (ratings, visit date, notes you provide)
- Location data (venue coordinates you place on the map)
- Flags and feedback you submit
Owner Verification and Venue Claim Data
- Business contact name and business email submitted for manual claim verification
- Verification attempt metadata and claim request status records
- Business phone numbers associated with venue listings (including OTP verification flow)
- Any supporting ownership evidence you provide through support channels
Payment and Billing Data
- Transaction metadata for paid services (amount, currency, timestamp, status, and reference IDs)
- Limited billing details required to investigate payment issues and refunds
Analytics Data
- Page view data (session ID, referrer, device type, city)
2. How We Use Information
We use collected information to:
- Authenticate and manage your account
- Prevent spam and abuse of the platform
- Enforce rate limits to ensure fair usage
- Display reports and public profile information to other users
- Improve and maintain the service
- Detect and prevent fraudulent activity
- Send transactional emails (e.g. password resets)
- Process venue ownership claims and protect against fraudulent claim attempts
- Process payments and reconcile billing events
3. Account Data & Anonymous Usage
If you create an account, we store your email address and a securely hashed password. Authentication credentials are managed by Supabase Auth and your plain-text password is never stored in our database.
You may also use the platform without an account. Anonymous usage relies on a one-way device fingerprint hash that cannot be reversed to identify individuals.
We do NOT store:
- Your full payment card number, CVV, or full card expiry details on RubRadar systems
- Tracking cookies for advertising
- Your plain-text password
4. Payments
Paid transactions are processed through eWAY and Commonwealth Bank (CommBank) payment infrastructure. Payment credentials are processed by the payment provider and banking network, not stored as raw card details by RubRadar.
We may receive limited payment metadata (for example transaction references, status, and card type/last digits where provided by the processor) to support billing, reconciliation, fraud prevention, and refund handling.
5. Data Selling & Sharing
We do not sell, rent, or trade your personal information to third parties. We only share data in the following limited circumstances:
- With service providers who help us operate the platform (see Third-Party Services below)
- When required by law, subpoena, court order, or other legal process
- To protect the rights, safety, or property of RubRadar, our users, or the public
- In connection with a merger, acquisition, or sale of assets (you would be notified)
6. Data Storage and Security
Data is stored securely using industry-standard encryption with:
- Supabase (PostgreSQL database) for reports, venue data, and authentication
- Upstash (Redis) for temporary rate limiting data
- Vercel for hosting and analytics
- Twilio Verify for owner-claim OTP verification delivery and checks
- eWAY and Commonwealth Bank for payment processing infrastructure
- Authentication credentials are managed by Supabase Auth with industry-standard hashing
7. Data Retention
- Account data: Stored for the lifetime of your account unless you request deletion
- Reports: Stored indefinitely unless deleted
- Rate limit data: Automatically deleted after 7 days
- Soft-deleted reports: Permanently purged after 30 days
- View analytics: Stored indefinitely in aggregate
- Owner claim and verification records: retained as reasonably required for fraud prevention, dispute handling, and legal compliance
- Payment records: retained for accounting, reconciliation, and legal obligations
8. Your Rights
You have the right to:
- Request deletion of your account and all associated data
- Request deletion of individual reports
- Object to processing of your data
- Request a copy of your data
- Withdraw consent at any time
To exercise any of these rights, contact us at contact@rubradar.com or use the account settings in the app.
9. Cookies and Local Storage
We use sessionStorage to cache your device fingerprint for consistency. If you are logged in, we use authentication session cookies to keep you signed in. We do not use tracking cookies for advertising or cross-site tracking.
10. Third-Party Services
We use the following third-party services:
- Supabase: Database hosting and authentication
- Vercel: Hosting and analytics
- Upstash: Rate limiting and caching
- Cloudflare Turnstile: CAPTCHA verification
- Twilio Verify: Owner claim OTP delivery and verification
- eWAY / Commonwealth Bank: Payment processing
Each service has its own privacy policy. We do not share your data beyond what is necessary to operate the service.
11. International Users
Data may be processed in the United States or other countries where our service providers operate. By using this service, you consent to the transfer of your information to these locations.
12. Children's Privacy
This service is not intended for users under 18 years of age. We do not knowingly collect information from children.
13. Changes to Privacy Policy
We may update this privacy policy from time to time. Please check back periodically for changes. Your continued use of the service after changes constitutes acceptance.
14. Contact
For privacy concerns or data requests, please contact us at contact@rubradar.com