Privacy Policy

This Privacy Policy explains how Lightover Inc. (“Lightover,” “we,” “us”) collects, uses, and protects your information when you use KindlyQR.com and its associated mobile applications (the “Service”).

By using KindlyQR you agree to the practices described here. If any of it doesn’t sit right with you, please don’t use the Service.

Account

Your name, email address, password (stored hashed), and an optional profile photo.

Address & location

If you add a home address — used for distance-based marketplace features — or create a store pop-up, we store the address and convert it to precise latitude/longitude for distance math.

Inventory

The substance of the Service: locations, containers, items, photos, video, audio descriptions, free-form text, and the organizational structure you build on top of them.

Comments, audio & video

When you post a comment on an item you can attach text, audio, or video. We store the recording to deliver it to other users with access.

Messages

In-app private messages between users, kept so we can deliver them and maintain conversation history.

Marketplace & dibs

Listings, prices, categories, visibility settings, and the record of who offered what to whom.

Subscription history

The record of which user-stores you subscribe to and at which tier. Payment card details are entered directly into Stripe and are never visible to us.

Usage

Pages visited, features used, search queries, actions taken — the basic telemetry needed to keep the Service running and improvable.

Device

Device type, operating system, browser, and unique device identifiers. On mobile this includes the push notification token issued by Apple Push Notification Service (via Expo) so we can deliver alerts to your device.

Logs

Server-side logs of access: IP address, timestamps, referring URLs, and the requests your client makes to ours.

Cookies

Used to keep you signed in and remember your preferences. We do not place third-party advertising cookies.

We use the information above to provide the Service — to store and surface your inventory, deliver messages, calculate marketplace distances, authenticate you, and prevent abuse. We use it to communicate with you (transactional email, push notifications you’ve opted into), to improve the Service by understanding which features work and which don’t, and to comply with legal obligations when they arise.

We do not use your information to target advertising. We do not sell it. We do not share it with data brokers.

Other users — by your choice.

KindlyQR is designed for sharing. People you invite see the inventory data you grant them access to. Public marketplace listings are visible to all KindlyQR users. Items you offer through Dibs are visible to the people you designate. Messages are visible to conversation participants.

Service providers — by necessity.

Stripe

Processes payments and subscriptions for store sellers. Card data is entered directly into Stripe and never reaches our servers.

Google Gemini

Processes photos when you use the AI item identification feature. Photos are sent over HTTPS for analysis and a response.

Expo & APNs

Deliver push notifications to your device. We share a push token — a device-level identifier — with these services.

Postmark

Delivers transactional email (password resets, notifications).

Cloudflare

DNS and DDoS protection for our domain.

Law — when we must.

We may disclose information to comply with law, respond to legal requests, or protect rights and safety. We will tell you about such requests when we are legally permitted to.

Depending on where you live, you may have specific rights under laws such as the GDPR (European Economic Area, UK) or the CCPA (California). These typically include the right to:

• Accessrequest a copy of the personal data we hold about you.
• Deletiondelete your account and associated data.
• Correctionupdate inaccurate information.
• Portabilityreceive your data in a machine-readable format.
• Opt out of sale or sharingthere is nothing to opt out of — we don’t sell or share your data for cross-context advertising.
• Non-discriminationwe will not penalize you for exercising any of these rights.

To exercise any of these rights, email [email protected]. We respond within thirty days, sooner where required.

You can also delete your account from inside the app: Settings → Delete Account. Deletion removes your profile, items, photos, listings, messages, and store. If you have active Stripe subscriptions, we cancel them as part of the deletion.

We use reasonable technical and organizational measures: TLS in transit, encryption at rest where the data warrants it, secure authentication, scoped access controls, and routine review.

No system is invulnerable. Use a strong, unique password. Don’t share account credentials. Tell us at [email protected] if you suspect anything is wrong.

KindlyQR is not intended for children under 13. Users between 13 and 17 may only use the Service through a parent or guardian’s account, with their permission and supervision.

We may update this Privacy Policy from time to time. If we make material changes we will notify you through the Service or by email. The “Effective” date at the top of this page reflects the most recent revision.

Questions about this Privacy Policy, or about your data — [email protected].