Privacy Policy for Deal Once

Effective Date: 2 December 2025
Last Updated: 2 December 2025

Deal Once ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

1. Information We Collect

1.1 Personal Information

When you create an account and use Deal Once, we collect:

Account Information: Name, email address, phone number, profile photo
Location Data: Your approximate location to show nearby services and listings
Photos and Media: Images you upload for listings, profile pictures, and verification
Payment Information: Payment details are securely processed through Stripe (we do not store your full payment card details)
Communications: Messages you send through the app's messaging system

1.2 Automatically Collected Information

Device Information: Device type, operating system, unique device identifiers
Usage Data: Features you use, pages you view, time spent on the app
Log Data: IP address, crash reports, performance data
Advertising Identifiers (Android Only): On Android devices, Google AdMob may access a device advertising identifier solely for ad delivery. This identifier is not used for tracking, personalization, or building user profiles. iOS devices do not provide advertising identifiers to our app.

2. How We Use Your Information

We use the collected information for:

Service Delivery: To provide, maintain, and improve Deal Once services
Matching: To connect service providers with job requesters based on location and preferences
Communication: To send notifications about offers, messages, job updates, and app announcements
Payments: To process secure payments and verify transactions
Safety: To verify identities, prevent fraud, and ensure user safety
Analytics: To understand how users interact with the app and improve functionality
Advertising: To display non-personalized contextual ads through Google AdMob

3. Permissions We Request

Camera Permission

We request camera access to allow you to:

Take photos for your profile picture
Capture images of items or services you're listing
Upload verification photos for completed jobs

You can deny camera permission and still use the app by selecting photos from your gallery.

Location Permission

We request location access to:

Show you nearby services and listings
Help service providers find jobs in their area
Improve search results based on proximity

Location data is approximate and used only to enhance your experience.

Precise Location (GPS Coordinates)

During transaction verification, we collect precise GPS coordinates of both parties when entering the verification code:

For product sales: Precise location of both buyer and seller
For service transactions: Precise location of both service provider and customer

This location data is used to:

Verify that both parties are at the agreed location
Prevent fraud and unauthorized transactions
Resolve disputes about product delivery or service completion
Ensure platform safety and security

Location data is only collected during the verification process and is stored securely for dispute resolution purposes.

Photo Library/Storage Permission

We request access to your photo library to allow you to select existing photos for your profile and listings.

Notification Permission

We request permission to send you push notifications about:

New offers on your job requests
Acceptance or rejection of your offers
Messages from other users
Job completion reminders
Payment confirmations

4. How We Share Your Information

With Other Users

When you create a listing or make an offer, certain information becomes visible to other users:

Your name and profile photo
Listings you create
Offers you make
Messages you send

With Service Providers

Supabase: Database and authentication services (data stored securely in Singapore)
Stripe: Payment processing (compliant with PCI-DSS standards)
Google AdMob: Non-personalized advertising services
Expo: Push notification delivery

Legal Requirements

We may disclose your information if required by law, court order, or to:

Comply with legal obligations
Protect our rights and property
Prevent fraud or illegal activities
Protect the safety of users

5. Data Security

We implement industry-standard security measures to protect your information:

Data encryption in transit (HTTPS/TLS)
Data encryption at rest
Secure authentication through Supabase
PCI-compliant payment processing through Stripe
Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as:

Your account is active
Needed to provide you services
Required by law or for legitimate business purposes

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

Access and Control

You have the right to:

Access: Request a copy of your personal information
Update: Edit your profile and account information in the app
Delete: Request deletion of your account and associated data
Opt-Out: Disable push notifications in your device settings
Restrict: Limit how we process your information

How to Exercise Your Rights

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

8. Children's Privacy

Deal Once is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that a child under 18 has provided us with personal information, we will delete it immediately.

9. Advertising and Privacy

Important: We display non-personalized advertisements in the app using Google AdMob. These ads are based on the content of the app, not on your personal data or browsing behavior across other apps and websites.

What Data AdMob Collects

AdMob may collect minimal technical information to serve ads:

Device type and operating system
IP address (for general location, not precise tracking)
App usage (which screens show ads)
Device advertising identifier (Android only - not used for tracking or creating user profiles)

Non-Personalized Ads

We use non-personalized advertising, which means:

✅ Ads are based on app content, not your behavior
✅ We do not track you across other apps or websites
✅ We do not build a profile of your interests
✅ We do not share your personal data with advertisers
✅ No cross-app or cross-site tracking occurs

App Tracking Transparency (iOS)

We do not use App Tracking Transparency (ATT) or any tracking frameworks. Since we only serve non-personalized contextual ads, user tracking is not necessary. This means:

You will not see a tracking permission dialog
No tracking occurs across other companies' apps or websites
Ads are contextual and privacy-friendly
No personal data is shared for advertising purposes

SKAdNetwork (iOS)

We use Apple's SKAdNetwork framework for privacy-preserving ad attribution on iOS. This allows ad networks to measure ad effectiveness without tracking individual users or compromising your privacy.

Your Advertising Choices

While we don't use personalized advertising, you can still manage advertising preferences on your device:

Android: Settings → Google → Ads → Reset advertising ID
iOS: Settings → Privacy & Security → Tracking (to see app tracking status)

Learn more about Google's advertising practices: Google Ads Policy

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy in the app
Updating the "Last Updated" date
Sending you a notification (for material changes)

Your continued use of Deal Once after changes are posted constitutes acceptance of the updated policy.

12. Third-Party Links

The app may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information (we do not sell your information)
Right to deletion
Right to non-discrimination for exercising your rights

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent

15. Australian Privacy Rights (Privacy Act 1988)

If you are an Australian resident, Deal Once complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

Your Rights Under Australian Privacy Law

Access: You have the right to request access to the personal information we hold about you
Correction: You can request correction of inaccurate, out-of-date, incomplete, or misleading personal information
Complaints: You can lodge a complaint about our handling of your personal information
Overseas Disclosure: We may disclose your personal information to overseas recipients (Supabase servers in Singapore, Stripe payment processing). By using our service, you consent to this disclosure

Collection and Use of Personal Information

We collect and use your personal information in accordance with the APPs:

APP 3 - Collection: We only collect information that is reasonably necessary for our business functions
APP 5 - Notification: We notify you about how we collect, use, and disclose your information through this Privacy Policy
APP 6 - Use or Disclosure: We only use or disclose your information for the primary purpose of providing Deal Once services, or for related secondary purposes you would reasonably expect
APP 8 - Cross-border Disclosure: Your information may be stored on servers located in Singapore (Supabase) and processed by Stripe. We take reasonable steps to ensure overseas recipients comply with Australian privacy standards
APP 11 - Security: We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure

Making a Privacy Complaint

If you have a complaint about how we handle your personal information:

Contact us at support@dealonce.com with details of your complaint
We will acknowledge your complaint within 7 days
We will investigate and respond within 30 days
If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au

Data Retention in Australia

We retain your personal information for as long as necessary to provide our services and comply with Australian legal obligations. When we no longer need your information, we will take reasonable steps to destroy or de-identify it.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Email: support@dealonce.com
App: Deal Once
Response Time: We will respond to all inquiries within 30 days

For data deletion requests or privacy-related concerns, please include "Privacy Request" in your email subject line.