← SignStops

Privacy Policy

Effective date: January 1, 2026

Last updated: May 26, 2026

1. Information We Collect

Account data: name, email address, phone number, profile photo, and role (agent or driver).

Agent data: brokerage name, office address, MLS ID (if provided), sign style preferences, and delivery history.

Driver data: vehicle make/model/year, driver's license (for background check), Stripe Express account details, GPS location during active deliveries, and delivery photos.

Payment data: payment method tokens (stored by Stripe — we never store raw card numbers), payout history, and earnings records.

Usage data: pages visited, feature interactions, device type, browser, and IP address.

2. How We Use Your Information

  • To match Agents with available Drivers for delivery requests
  • To process payments and driver payouts via Stripe
  • To conduct background checks through our third-party provider
  • To send in-app, email, and SMS notifications about delivery activity
  • To comply with tax reporting obligations (1099-NEC for qualifying Drivers)
  • To detect fraud and enforce our Terms of Service
  • To improve Platform features and performance

3. Location Data

Drivers' GPS coordinates are recorded during active delivery checklists to verify sign placements. Location data is stored with each placement record and is visible to the Agent who posted the delivery request. We do not track Driver location continuously outside of active delivery sessions.

Agents' office addresses are used to calculate proximity for delivery matching and are visible to Drivers who accept their delivery requests.

4. Sharing Your Information

We share information only as described below:

  • Between users: Agents can see Driver profiles, ratings, and delivery photos for deliveries they posted. Drivers can see Agent name and property address for gigs they accept.
  • Stripe: Payment and identity data required to process transactions and conduct KYC for Stripe Express accounts.
  • Stripe: Driver identity verification data (SSN, document images) for KYC compliance via Stripe Identity — handled directly by Stripe.
  • Twilio / Resend: Phone number and email address for notification delivery. These providers do not use your data for their own marketing.
  • Legal compliance: We may disclose information if required by law, court order, or to protect the rights and safety of users or the public.

We do not sell personal information to third parties.

5. Data Retention

We retain each category of data for the minimum period required for the stated purpose, then delete or anonymise it:

Data typeRetention periodBasis
Account & profile dataAccount lifetime + 3 yearsLegal / dispute resolution
Real-time GPS (driver location)30 minutesCPRA §1798.121 — no further value after gig
GPS history (placement records)2 yearsCPRA §1798.121 — dispute resolution window
Gig odometer GPS (start/end)2 yearsMileage pay reference
Driver's license scan7 years from last completed gigIRS Form 1099-NEC retention requirement
Insurance certificate3 years from last completed gigFCRA / contractor dispute window
Background check consent3 years from uploadFCRA adverse action window
Driver selfie / profile photoAccount lifetime + 2 yearsIdentity verification audit trail
Delivery photos (sign placement proof)2 yearsAgent dispute resolution
Payment & invoicing records7 yearsIRS tax record requirement
1099-NEC tax records7 yearsIRS mandatory retention
Event / analytics logs90 daysOperational debugging

Automated deletion is enforced in our database via scheduled jobs. To request manual deletion of your account and all associated data, email privacy@signstops.com — we will respond within 30 days. Note that data required for tax or legal compliance cannot be deleted before the applicable retention period expires.

6. Cookies & Analytics

We use the following types of browser storage:

  • Strictly necessary: Authentication tokens stored by Supabase in localStorage to keep you logged in. These cannot be disabled without breaking login.
  • Analytics (optional): Anonymous Core Web Vitals metrics (page load speed, layout stability) sent to our own database. No personally identifiable information is included. You can opt out via the cookie banner on your first visit, or by emailing privacy@signstops.com.

We do not use advertising cookies, third-party tracking pixels, or cross-site trackers.

7. Your Rights

Depending on your state of residence, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of non-essential analytics
  • Data portability (receive a copy of your data in a machine-readable format)

To exercise these rights, email privacy@signstops.com. We will respond within 45 days.

8. California Residents — CCPA / CPRA

We do not sell or share your personal information with third parties for marketing or advertising purposes — including under CCPA/CPRA definitions.

Your CPRA rights:

  • Know what personal data we collect and how we use it (this policy)
  • Correct inaccurate personal information we hold about you
  • Request deletion of your personal data (subject to legal retention requirements)
  • Data portability — receive a copy of your data in a machine-readable format
  • Non-discrimination — exercising privacy rights will not affect your access to the Platform

Sensitive Personal Information (CPRA §1798.121)

We collect the following categories of Sensitive Personal Information (SPI) solely to deliver our core service. We do not use SPI for advertising, profiling, or secondary purposes beyond what is necessary to perform the Platform's functions:

  • Precise geolocation — used to route delivery drivers to sign installation addresses
  • Government ID (driver's license) — used to verify driver identity and eligibility to work
  • SSN / EIN preference flag — used solely to select the correct 1099 tax form type
  • Financial account data — held by Stripe; only card brand and last 4 digits are stored

You have the right to limit our use of your SPI to what is necessary for the service. Because we do not use SPI beyond service delivery, this right is automatically satisfied. If you believe we are using your SPI beyond these purposes, email us or use the "Limit My Sensitive PI" control in your Driver Settings (Privacy tab) to flag your preference for our review. The control is also accessible at the bottom of this page.

Automated Decision-Making Technology (ADMT) — CPPA Regs effective Jan 1, 2026

SignStops uses an automated gig-matching feature ("auto-approve") that may automatically accept a driver's work offer without manual agent review. This constitutes Automated Decision-Making Technology (ADMT) under California's CPPA regulations because it affects a driver's access to economic opportunity.

What it does: When a property's auto-approve setting is enabled, the Platform automatically accepts the first qualifying offer submitted. No human reviews the decision before acceptance.

Your opt-out right: California residents (and all users) may opt out of automated matching at any time. When opted out, all your offers are routed to manual agent review, regardless of the property's setting. This may reduce the speed at which your offers are accepted but does not affect your ability to use the Platform.

To opt out: go to Driver Settings → Privacy tab and toggle "Opt out of automated gig matching." You can opt back in at any time. Logged-in drivers can also toggle this preference at the Privacy Settings page.

To submit any verifiable privacy request, email privacy@signstops.com from the address associated with your account. We will respond within 45 days.

8a. Virginia Residents (VCDPA)

Virginia residents have similar rights under the Virginia Consumer Data Protection Act, including the right to correct inaccurate data, opt out of automated profiling that produces legal or similarly significant effects, and to appeal our response to a privacy request. Contact privacy@signstops.com to exercise these rights.

9. Security

We use industry-standard measures including TLS encryption in transit, row-level security on our database, and access controls to protect your information. Payment data is handled exclusively by Stripe and is never stored on our servers.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@signstops.com.

10. Children

The Platform is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated by email and in-app notification at least 14 days before taking effect.

12. Privacy Controls

We do not sell or share your personal information for cross-context behavioral advertising, so a formal "Do Not Sell" opt-out (CPRA §1798.120) is not required. If you have questions, email privacy@signstops.com.

Limit My Sensitive Personal Information (CPRA §1798.121)

If you are a driver, you can flag a preference to limit secondary uses of your sensitive PI (precise GPS, government ID) in Driver Settings. Because we only use SPI for service delivery, this flag triggers a manual review of your account to confirm compliance. Logged-in drivers: use the button below or go to Driver Settings → Privacy.

Opt out of automated gig matching (ADMT)

Logged-in drivers can opt out of the auto-approve gig-matching feature at any time. Driver Settings → Privacy.

Analytics cookies are optional. Update your preference at any time:

Contact

Privacy questions or data requests: privacy@signstops.com

Related documents: Terms of Service · Data Processing Agreement