Privacy Policy

Daily Adventure Box, Inc.

Document ID: DAB-PP-2026-01 Version: 2.0 Last Updated: March 2026

This Privacy Policy describes how DailyAdventureBox Inc. ("DAB," "we," "us," or "our") collects, uses, protects, and shares personal data when you access our mobile app, website (www.dailyadventurebox.com), Fund Adventure Portal, Contractor Portal, self-service lockers, or any related services (collectively, the "Services").

This policy is designed to comply with all applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and all other current and future state data privacy laws. This policy also meets Apple App Store and Google Play Store requirements for data transparency, user consent, and third-party sharing disclosures.

1. Information We Collect

a. Information You Provide

Name, email address, phone number
Account credentials (password, social login tokens via Google, Apple, or Facebook)
Digital signatures and NDA/agreement acceptance records (Fund Adventure Portal)
Support inquiries, correspondence, and feedback
Marketing preferences and communication opt-in/opt-out status

b. Information Collected Automatically

IP address, device ID, device type, operating system version, browser type
App usage data, session duration, feature interaction, screen views
Rental activity (items rented, duration, return status, damage reports)
Fund Adventure Portal activity (Boxes purchased, transaction history, refund requests, account balance, compliance acknowledgments)
Engagement metrics via analytics tools

c. Location Data

We collect precise geolocation data only with your explicit permission to locate nearby DAB lockers and provide location-based services. You may revoke permission at any time through your device settings.

d. Payment Data

Payment processing is handled exclusively by Stripe, Inc., a PCI DSS Level 1 compliant processor. We do not store full credit card numbers, CVV codes, or bank account details. We receive payment metadata (last 4 digits, card type, expiration) and transaction records from Stripe.

2. How We Use Your Data

Service Delivery: Facilitate rentals, process payments, manage accounts, operate the Fund Adventure and Contractor Portals, and provide customer support.
Security & Enforcement: Monitor rental behavior, enforce terms of use, assess equipment damages, detect fraud, and prevent unauthorized access. We may suspend or blacklist accounts for repeated damage, misuse, theft, or noncompliance.
Operational Improvement: Analyze usage patterns to improve Services, optimize locations, and enhance user experience.
Communications: Send transactional notifications (rental confirmations, refund status, buyback updates) and optional marketing emails (opt-out available at any time).
Legal Compliance: Comply with applicable laws, regulations, legal processes, and government requests.
Payment Recovery: Share limited account/rental data with Stripe for security deposits, authorization holds, and equipment recovery in cases of damage, loss, or theft.

3. Data Processors & Third-Party Sharing

We do not sell your personal data. We do not share personal data for cross-context behavioral advertising.

We share limited data with the following service providers under strict confidentiality agreements and data processing addenda:

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing	Name, email, payment method, transaction amounts
Supabase, Inc.	Database, authentication, data storage	Account data, rental/ownership records, transactions
Google LLC / Firebase	Analytics, social login, push notifications	Device info, usage metrics, auth tokens
Apple Inc. / Meta Platforms	Social login (optional)	Auth tokens, name, email (as authorized by you)
GitHub, Inc.	Fund Adventure Portal hosting (static)	No personal data stored

We may also disclose personal data if required by law, court order, subpoena, or government investigation, or to protect the rights, property, or safety of DAB, our users, or the public.

4. Your Privacy Rights

a. All Users (All States)

Opt out of marketing communications (via unsubscribe link or by contacting us)
Revoke geolocation consent through device settings
Request access to, correction of, or deletion of your personal data

b. California Residents (CCPA/CPRA)

Right to Know: Request disclosure of personal information collected, used, disclosed, and sold.
Right to Delete: Request deletion of personal information, subject to legal exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Right to Limit Use of Sensitive Information: We do not use sensitive personal information for purposes beyond what is necessary to provide our Services.
Right to Non-Discrimination: We will not discriminate against you for exercising privacy rights.
Authorized Agent: You may designate an authorized agent with written permission.

c. All Other U.S. State Residents

DAB complies with all applicable state privacy laws nationwide, including those of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, New Hampshire, Nebraska, Kentucky, Maryland, Minnesota, and any state enacting privacy legislation hereafter. Rights generally include:

Right to access, delete, and correct personal data
Right to data portability in a commonly used format
Right to opt out of targeted advertising (we do not currently engage in targeted advertising)
Right to opt out of automated profiling (we do not use automated decision-making with legal effects)
Right to appeal a denied data request

Contact support@dailyadventurebox.com to exercise any right. We respond within forty-five (45) days.

5. Mobile-Specific Permissions

Our app may request access to camera, location, storage, notifications, and Bluetooth. These are used solely for locker access, rental tracking, and user experience. You may modify permissions in device settings at any time. Denying permissions may limit certain features but will not prevent use of core rental services.

6. Cookies & Tracking Technologies

Essential cookies: Authentication, session management, security (required).
Analytics cookies: Anonymized usage data via Google Analytics/Firebase.
Preference cookies: Language, region, display preferences.

We do not use advertising trackers or sell data to advertisers. Our Services do not currently respond to Do Not Track (DNT) browser signals, as no uniform standard exists.

7. Data Security

We implement industry-standard measures including: TLS/SSL encryption in transit and at rest; secure API communications; row-level security (RLS) in Supabase; regular security monitoring and auditing; PCI DSS compliance via Stripe. No system is fully immune to threats, but we continuously monitor and test our infrastructure.

8. Data Breach Notification

In the event of a data breach affecting your personal information, DAB will: (a) notify affected users via email within seventy-two (72) hours of confirming the breach, or as otherwise required by applicable state or federal law; (b) notify applicable state authorities as required; and (c) provide information about the breach scope, data affected, and steps taken to mitigate harm.

9. Data Retention

Account data: Retained while your account is active. Deleted or anonymized within 30 days of account deletion, except as required by law.
Transaction records & digital signatures: Retained for seven (7) years for tax, legal, and compliance purposes.
Rental activity logs: Retained for three (3) years for dispute resolution and fraud prevention.
Anonymized analytics: May be retained indefinitely.

10. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn of such collection, we will delete it promptly. Parents/guardians may contact support@dailyadventurebox.com to request removal.

11. International Users

Our Services are operated from and intended for use within the United States. Data will be transferred to and processed in the United States. By using our Services from outside the U.S., you consent to this transfer.

12. Contact & Data Requests

Daily Adventure Box, Inc.
Attn: Data Privacy
2884 North Carolina Highway 210, Smithfield, NC 27577
Email: support@dailyadventurebox.com

Verified data requests will be responded to within forty-five (45) days. If additional time is needed (up to 45 additional days), we will notify you of the extension and reason.

13. Changes to This Policy

We may update this policy by revising the "Last Updated" date. Material changes require advance notice via app alert, email, or prominent website notice. Continued use after notice constitutes acceptance.