This Privacy Policy describes how Kangaroo LLC (“Kangaroo,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you use the Kangaroo mobile application (the “App”). By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address (university .edu email), full name, username, and password (managed by Firebase Authentication).
• Profile Information: Bio, profile photo or avatar selection, gender (optional—you may select “Prefer not to answer”), school/college, dorm, and campus location.
• Payment Information: When you save a payment method, Stripe collects and stores your card details (card number, expiration, CVC). Kangaroo stores only the last four digits and card brand for display purposes. Kangaroo never stores your full card number.
• Payout Information: To receive payouts via Stripe Connect, you provide your date of birth, mailing address, and bank account details directly to Stripe. Kangaroo stores your date of birth and address locally to pre-fill forms for convenience; bank account details are stored only by Stripe.
• Listing Content: Titles, descriptions, prices, images, categories, timing preferences, and audience targeting selections you provide when creating listings.
• Messages and Communications: Text messages, images, and other content you send through in-app chats and negotiations.
• Support Communications: Messages you send through in-app support chat and support tickets.
• Dispute and Report Information: Reasons, descriptions, and evidence you provide when filing disputes, reports, or complaints.
• Survey Responses: Information you provide during onboarding, including how you heard about the App.

1.2 Information Collected Automatically

• Device Information: We collect your device’s push notification token (FCM token) to deliver notifications. We access UserDefaults for storing local preferences and settings.
• Transaction Records: We automatically create and maintain records of all transactions, including amounts, fees, timestamps, and transaction status changes.
• Usage Data: We record actions such as when you last viewed certain sections of the App (e.g., feed, marketplace, transaction history) for badge and notification management.
• Biometric Authentication Events: When you use Face ID or Touch ID to confirm payments, the authentication is processed entirely on your device by Apple’s LocalAuthentication framework. Kangaroo does not collect, store, or transmit any biometric data. We only receive a success or failure result.

2. How We Use Your Information

• Providing the Service: To create and manage your account, display your profile to other users at your university, process transactions, facilitate chats and negotiations, and deliver push notifications.
• Payment Processing: To process payments, issue refunds, manage payouts, charge additional fees (receipts, delivery, lost/damaged), and maintain financial records.
• Safety and Security: To verify university email domains, enforce rate limits, detect fraud, manage user restrictions, process reports and disputes, and maintain the security of the platform.
• Communication: To send you transaction updates, dispute resolutions, restriction notifications, listing expiration warnings, and other service-related communications via push notifications and in-app messages.
• Platform Improvement: To generate aggregated, anonymized analytics about platform usage, transaction volumes, and user engagement. Individual users are not identifiable in analytics data.
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of our users and the public.

3. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

3.1 With Other Users

The following information is visible to other users at your university: your username, full name, bio, profile photo or avatar, school, dorm, location, gender (if provided), number of completed transactions, and whether you have a payment method on file. Your email address is not displayed to other users in the App (but may be visible in dispute records to involved parties).

3.2 With Stripe

We share information with Stripe, Inc. to process payments and manage connected accounts. This includes your name, email address, and transaction data. For payout accounts, Stripe directly collects and processes your date of birth, address, Social Security number (last four digits or full, as required by Stripe), and bank account information. Stripe’s use of your data is governed by the Stripe Privacy Policy.

3.3 With Firebase (Google)

We use Google Firebase for authentication, database storage (Firestore), file storage (Firebase Storage), push notifications (Firebase Cloud Messaging), and serverless functions (Cloud Functions). Google’s use of this data is governed by the Google Cloud Privacy Notice.

3.4 With Administrators

Kangaroo administrators have access to user profiles, transaction records, chat histories, dispute details, and other platform data for the purposes of resolving disputes, enforcing Terms of Service, managing user restrictions, and maintaining platform operations.

3.5 Legal Requirements

We may disclose your information if required to do so by law, legal process, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Kangaroo, our users, or the public.

4. Data Storage and Security

Your data is stored on Google Firebase servers located in the United States. We implement the following security measures:

• Firebase Authentication for secure account management with email verification.
• Firestore Security Rules that enforce field-level access control, ensuring users can only read and write data they are authorized to access.
• Server-side validation of all payment operations, with idempotency protections to prevent duplicate charges.
• Rate limiting on sensitive operations to prevent abuse.
• Encryption in transit (HTTPS/TLS) for all data transmitted between the App and our servers.
• Payment card data is processed and stored exclusively by Stripe, which is PCI DSS Level 1 certified. Kangaroo never handles or stores full card numbers.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Active Accounts: Your personal information is retained for as long as your account is active.
• Transaction Records: Transaction records, ledger entries, and withdrawal history are retained for financial auditing and legal compliance purposes, even after account deletion. These records are anonymized upon account deletion (your user ID is replaced with “deleted_user”).
• Chat and Negotiation History: When you delete your account, your messages remain in anonymized form so the other party retains their records. Your identity is replaced with “Deleted User” and the last message is replaced with “Message unavailable.”
• Ratings: Ratings you gave or received are anonymized (not deleted) upon account deletion, so the other party’s rating history remains intact.
• Images: Profile photos, chat images, and receipt images are permanently deleted from Firebase Storage upon account deletion.
• Stripe Data: Your Stripe Customer and Connect accounts are deactivated upon account deletion. Stripe may retain data in accordance with its own retention policies and legal obligations.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your profile information, username, bio, and profile photo at any time through the App. You can manage your notification preferences in the App’s Settings.

6.2 Account Deletion

You can delete your account at any time through Settings > Delete Account. See our Terms of Service, Section 16, for details on what happens to your data upon deletion.

6.3 Push Notifications

You can control which push notifications you receive through the App’s notification settings. You can also disable push notifications entirely through your device’s system settings.

6.4 Payment Methods

You can add or remove saved payment methods at any time through the App.

6.5 Blocking

You can block other users to prevent them from viewing your content or contacting you. You can manage your blocked users list in Settings.

7. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collect personal information, our business purpose for collecting personal information, and the categories of third parties with whom we share personal information.
• Right to Delete: You have the right to request that we delete your personal information. You can exercise this right at any time through the account deletion feature in the App, or by contacting us.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• No Sale of Personal Information: Kangaroo does not sell your personal information to third parties and has not done so in the preceding 12 months.

To exercise your rights, contact us at support@collegekangaroo.com or use the account deletion feature in the App. We will verify your identity before processing any request.

8. Children’s Privacy

Kangaroo is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

9. Third-Party Links and Services

The App may contain links to third-party websites or services (such as Stripe’s onboarding pages). We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party service you access through the App.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by other reasonable means. Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Kangaroo LLC
support@collegekangaroo.com