Privacy Policy

Effective date: May 15, 2026 · Last updated: May 15, 2026 This Privacy Policy explains how MowPro, operated by RaT Studios LLC (“MowPro,” “we,” “us,” or “our”), collects, uses, shares, and protects information when Providers and their end-customers (“Portal Users”) use the MowPro website, web application, and related services (collectively, the “Service”). Quick summary. Providers control the customer data they upload; MowPro acts as their processor for that data. MowPro is the controller of account, billing, and Service-usage data. We do not sell personal information. We use a small set of named subprocessors (Section 6). You have rights to access, correct, delete, and export your data (Section 9). 1. Who We Are and Our Role MowPro is operated by RaT Studios LLC. For most personal information you provide directly to us — including account credentials, billing information, and Service-usage data — MowPro is the controller. For Customer Data that Providers upload about their own customers, MowPro acts as the processor on the Provider’s behalf. Providers are responsible for their own privacy notices to their customers and for the lawful basis on which they collect that data. 2. Information We Collect 2.1 Information you provide directly • Account information: name, email address, phone number, password (stored hashed via our authentication provider), business name, business profile details. • Billing information: plan, billing address, tax ID where applicable, last four digits of payment card and card brand (full card numbers are stored by Stripe, not MowPro). • Customer Data (uploaded by Providers): customer names, emails, phone numbers, service addresses, notes, schedules, jobs, estimates, invoices, payment status, payment instructions, expenses, service requests, and similar records. • Support communications: messages you send to support@mowpro.app and related metadata. 2.2 Information collected automatically • Device and log data: IP address, browser type, operating system, device identifiers, referring URL, pages visited, and timestamps. • Cookies and similar technologies: authentication cookies (set by our auth provider), strictly necessary cookies, and, if enabled, analytics or product-usage cookies. See Section 11. • Error and performance data: diagnostic logs from our error-monitoring tools. 2.3 Information from third parties If you log in via a third-party identity provider or connect a payment processor, we receive limited information from that provider (for example, your name, email, and a unique identifier), subject to that provider’s privacy practices. 3. How We Use Information • Provide, operate, secure, and maintain the Service; • Authenticate users and manage Provider and Portal User access; • Process subscription payments and prevent fraud; • Generate invoices, reports, accounting exports, and service requests at your direction; • Communicate with you about your account, security, updates, and (where permitted) marketing; • Provide customer support; • Analyze and improve the Service using aggregated or de-identified data; • Comply with legal obligations and enforce our Terms. 4. Legal Bases (EEA/UK Users) If you are in the European Economic Area or the United Kingdom, we process personal information under one or more of the following legal bases under the GDPR/UK GDPR: • Contract: to provide the Service you have signed up for; • Legitimate interests: to secure and improve the Service, prevent fraud, and run our business, balanced against your rights; • Consent: for optional analytics cookies and marketing emails, where required; • Legal obligation: to meet tax, accounting, and other legal duties. 5. How We Share Information We share personal information only as follows: • With your direction: for example, when a Provider chooses to display their own contact details or payment instructions to Portal Users. • With subprocessors that help us run the Service, under written contracts requiring appropriate security and confidentiality (Section 6). • For legal reasons: to comply with law, respond to lawful requests, enforce our Terms, or protect rights, safety, and security. • In a business transfer: as part of a merger, acquisition, financing, or sale of assets, subject to a confidentiality obligation. We will notify you of any change in controller. We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA). We have not done so in the prior 12 months. 6. Subprocessors We use the following subprocessors to deliver the Service. We will update this list when we add or replace material subprocessors and, where required, provide notice and an opportunity to object. • Vercel Inc. — web hosting and content delivery (United States). • Supabase Inc. — database, authentication, and storage (United States and selected regions). • Stripe, Inc. — payment processing for MowPro subscriptions (United States), when paid billing is enabled. • Email delivery provider — transactional email (provider currently in evaluation; will be named here once selected). • Error monitoring provider — application error and performance monitoring (provider currently in evaluation; will be named here once selected). A current, more detailed subprocessor list is available on request at support@mowpro.app. 7. Data Security We use technical and organizational safeguards designed to protect personal information, including encryption in transit (HTTPS/TLS), encryption at rest in our database where supported by our provider, role-based access controls, row-level security policies, hashed credentials handled by our authentication provider, audit logging on administrative actions, and least-privilege access for our team. No system is perfectly secure, and we cannot guarantee absolute security. Breach notification. If we become aware of a security incident that compromises your personal information, we will notify you without undue delay and consistent with applicable law, and we will describe the nature of the incident, likely impact, and steps we are taking. 8. Data Retention We retain personal information for as long as your account is active and as needed to provide the Service. After account closure, we retain: • Operational backups for up to 35 days, then deleted on rolling schedule; • Tax, accounting, and financial records for at least 7 years where required by U.S. tax law; • Dispute and fraud-prevention records for as long as reasonably necessary; • De-identified or aggregated data indefinitely. Providers may export their data at any time and may request deletion (Section 9). Specific retention details for subscription billing are in the Billing & Cancellation Policy. 9. Your Rights and Choices Depending on where you live, you may have the following rights regarding your personal information: • Access the personal information we hold about you; • Correct inaccurate or incomplete personal information; • Delete personal information, subject to limited exceptions (e.g., tax records); • Port your data in a structured, commonly used, machine-readable format; • Restrict or object to certain processing; • Withdraw consent where processing is based on consent; • Opt out of sale or sharing of personal information — we do not engage in either, but you may submit a request to confirm; • Non-discrimination for exercising any of these rights; • Lodge a complaint with a supervisory authority (EEA/UK) or your state attorney general (US). To exercise any of these rights, email support@mowpro.app from the email associated with your account. We will verify your request and respond within 45 days (US) or one month (EEA/UK), with one possible extension where permitted. Portal Users should first contact the Provider that invited them; we will assist if the Provider is unresponsive. 10. Children and Youth Operators MowPro is intended for users 18 and older. Users aged 13–17 (or, in the EEA/UK, 16–17) may use the Service only with the permission and active supervision of a parent, guardian, or responsible adult who agrees to be bound by our Terms. We do not knowingly collect personal information from children under 13 in the United States or under 16 in the EEA/UK. If you believe a child has provided us personal information, contact us at support@mowpro.app and we will delete it. 11. Cookies and Similar Technologies We and our authentication and hosting providers use cookies and similar technologies for the following purposes: • Strictly necessary: session, authentication, security, load balancing. These cannot be disabled without breaking the Service. • Functional: remembering preferences and recent context. • Analytics and performance: understanding feature usage to improve the Service. Where required by law, we will request consent before setting these. You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent you from logging in. 12. International Data Transfers MowPro is operated from the United States, and our primary subprocessors process data in the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored in, and processed in the United States and other countries that may have different data-protection laws than your country. Where required, we rely on the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms with our subprocessors. 13. California Privacy Notice If you are a California resident, this section provides additional disclosures under the CCPA/CPRA. In the prior 12 months we have collected the categories of personal information described in Section 2 (identifiers, commercial information, internet or other electronic network activity, geolocation derived from IP, professional or employment-related information, and inferences) for the purposes described in Section 3, and have disclosed those categories to the subprocessors listed in Section 6 for the business purposes described. We do not sell personal information and do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes that would require an opt-out right under the CPRA. California residents may exercise the rights in Section 9 and may designate an authorized agent to do so on their behalf. 14. Data Processing Addendum Providers who need a Data Processing Addendum (DPA) for compliance with the GDPR, UK GDPR, or similar laws may request one at support@mowpro.app. Our standard DPA incorporates the EU Standard Contractual Clauses where relevant. 15. Changes to This Policy We may update this Privacy Policy. For material changes, we will notify you by email or in-app at least 30 days before the changes take effect. The “Last updated” date at the top reflects the most recent revision. 16. Contact Us MowPro / RaT Studios LLC Email: support@mowpro.app Privacy requests: support@mowpro.app (subject: “Privacy Request”) Mailing address: [Insert street address, city, state, ZIP]