sessionStorage only to deduplicate page views, and it honors the Global Privacy Control (Sec-GPC) and Do Not Track (DNT) signals.Account Credentials: Names, email addresses, and passwords. Date of birth is collected at registration for age verification and is not shared with third parties.
Team Identifiers: Organization roles (Owner/Lister) and associated team permissions, as described in our Terms of Service.
Location & Address Data: We collect precise geolocation data and home/business addresses. This data is used solely for local sourcing area personalization, routing, and marketplace localization; it is never shared with third parties for marketing purposes.
eBay Integration Data: Encrypted OAuth 2.0 tokens used to manage listings on your behalf. We never see or store your eBay password.
User-Generated Content: Inventory photos and images of sourcing receipts submitted through the app.
Financial Sourcing Data: Cost-basis, purchase dates, and sourcing locations provided via the receipt scanner or manual entry.
Purchase & Subscription Data: We use RevenueCat to manage subscriptions via the Apple App Store and Google Play Store. This includes transaction history and anonymous identifiers. The Stroop LLC does not store or process your credit card information.
Technical Data: IP addresses, device identifiers (iOS/Android), and crash reports via Sentry, used for troubleshooting and platform stability. An anonymous device ID is recorded at account creation for legal consent audit purposes. Consent-record IP capture: Your IP address at the time of each of the following actions is captured and stored as part of the tamper-evident consent record for that action: (1) account creation / email verification, (2) Terms of Service acceptance (clickwrap), (3) onboarding profile completion, and (4) eBay account linking. These records are retained indefinitely for legal compliance and are hashed weekly to the Bitcoin blockchain. A public transparency report of all consent batch anchors is available at strooply.com/legal/records.
Marketing-Site Visitor Analytics: When you browse our public marketing pages (the homepage, /download, /privacy, /terms, and similar pre-account pages), we record privacy-preserving analytics directly on our own servers. For each page view we store: the page path, the country derived from your IP address, a coarse browser-and-OS family parsed from your User-Agent (for example, "Chrome on Android"), the referring domain (for example, "google.com"), and a daily-rotating visitor token. The visitor token is a SHA-256 hash of your IP address, your User-Agent string, and a server-side random salt that rotates every 24 hours at UTC midnight. The salt is permanently destroyed within 48 hours of rotation, after which the token is mathematically irreversible. Your raw IP address is read once in memory to compute the token and the country, and is never written to disk for analytics purposes. We honor the Global Privacy Control (Sec-GPC) and Do Not Track (DNT) browser signals: when either signal is set, the analytics request is rejected before any record is created. No cookies, no third-party trackers, no advertising identifiers, and no cross-site tracking are used. Retention: Raw per-visit records (path, country, User-Agent family, referrer domain, daily visitor token) are deleted automatically after 90 days. Daily aggregate counts (total page views per page, per country, per referrer per day) are retained indefinitely as non-personal statistical aggregates that cannot be re-identified to any individual visitor.
Listing Automation: Utilizing "Agentic Vision" to generate eBay-compliant titles, descriptions, and Item Specifics.
Market Analytics: Querying marketplace APIs to provide demand velocity, sell-through rates, and pricing averages.
Financial Reporting: Automating cost-tracking and ROI analytics via OCR receipt extraction.
Sourcing Personalization: Your home address and ZIP code are used to personalize sourcing area recommendations, calculate mileage between locations, and plan sourcing routes.
Account Security: Facilitating authentication and preventing unauthorized access to your eBay tokens.
Legal Compliance: IP address, device ID, and timestamp are recorded at account creation and subscription upgrades to maintain an immutable consent audit log.
The following table maps each category of personal information we collect to its processing purpose(s) and legal basis. For California residents, the "Business Purpose" column satisfies the CCPA/CPRA disclosure requirement under Cal. Civ. Code § 1798.100(b).
| Category of Information | Sources | Business Purpose | Legal Basis (WPA) |
|---|---|---|---|
| Account Credentials (name, email, password, DOB) | Directly from you at registration | Account creation, authentication, age verification | Performance of contract; Legal obligation (age verification) |
| Location & Address Data (precise geolocation, home/business address) | Directly from you; device GPS with your permission | Sourcing area personalization, mileage calculation, route planning | Your consent (geolocation); Performance of contract (address) |
| eBay Integration Data (OAuth tokens, listing data, transaction history) | eBay APIs with your authorization | Listing management, inventory tracking, financial reporting | Performance of contract |
| User-Generated Content (inventory photos, receipt images) | Directly from you via app upload | AI-powered listing generation, OCR cost-basis extraction | Performance of contract |
| Financial Sourcing Data (cost-basis, purchase dates, sourcing locations) | Directly from you; OCR extraction from receipts | ROI analytics, profit calculation, tax summary tools | Performance of contract |
| Purchase & Subscription Data (transaction history, anonymous IDs) | RevenueCat; Apple App Store; Google Play Store | Subscription management, billing, entitlement verification | Performance of contract |
| Technical Data (IP address, device ID, crash reports) | Automatically from your device | Troubleshooting, platform stability, consent audit log | Legitimate interest (stability); Legal obligation (consent records) |
| Marketing-Site Analytics (page path, country, browser family, referrer, daily token) | Automatically from your browser during marketing page visits | Aggregate traffic analysis, content optimization | Legitimate interest (with GPC/DNT opt-out honored) |
| Consent & Identity Records (IP, timestamp, device UA, cryptographic hashes) | Automatically at consent events | Legal compliance, dispute resolution, tamper-evident audit trail | Legal obligation |
Sensitive Personal Information (CPRA Disclosure): Under the California Privacy Rights Act, the following categories we collect qualify as "sensitive personal information": (1) precise geolocation data and (2) account log-in credentials. We use these categories only as necessary to provide the Service to you (geolocation for sourcing personalization; credentials for authentication). We do not use sensitive personal information for purposes beyond what is necessary to provide the Service, and therefore the CPRA "Right to Limit" does not apply. You may still request deletion of this data pursuant to Section 8.
Strooply utilizes a multi-tier AI architecture powered by the Google Gemini model family.
Vertex AI Path: Most processing occurs via Google Cloud Vertex AI. Your data is protected by enterprise-grade terms and is not used to train Google's public models.
AI Studio Fallback: In the event of Vertex AI service interruptions, the Service may fall back to Google AI Studio. Data processed via this path is subject to Google's standard API terms, which may differ from enterprise protections. We minimize use of this fallback path. To disable the AI Studio fallback entirely, go to Account Settings > Privacy and toggle off "AI Studio Fallback." If disabled, AI-powered features may be temporarily unavailable during Vertex AI degradation, but your data will only be processed under enterprise protections.
Preview Model Terms: Some models we utilize are in "Preview" status. Users acknowledge that technical specifications and terms for these specific versions are subject to evolution by Google.
No Biometrics: Our AI systems are used exclusively for object identification and text extraction. We do not collect, process, or store biometric identifiers such as facial geometry or fingerprints.
Human Oversight: In accordance with state privacy laws regarding automated decision-making, we maintain a "Human-in-the-Loop" architecture (the "Pilot Rule"). You are required to review and approve all AI-generated content before it is published to eBay.
For full disclosure of the models integrated into the Service, including training data documentation required by California AB 2013, see our AI Transparency & Data Disclosure page.
As an authorized eBay developer, we adhere to the eBay Data Protection Addendum (DPA):
Authorized Use: We access eBay data solely to provide functionality you have authorized, including listing management, bookkeeping, and inventory tracking.
No Secondary Use: We do not use your eBay data to train AI models, build third-party databases, or for any purpose not explicitly authorized by you.
Token Security: Your eBay OAuth tokens are encrypted at rest using AES-256-GCM and are never transmitted to any party other than eBay's API endpoints.
Token Revocation: If you disconnect your eBay account from Strooply (revoking the OAuth token), we will purge all eBay-sourced data from our active databases within twenty-four (24) hours, except where retention is required for your own tax or accounting records.
To provide the Service, we share minimum necessary data with the following sub-processors. We maintain Data Processing Agreements (DPAs) or equivalent contractual protections with each sub-processor.
| Sub-processor | Purpose | Data Shared | Location | Compliance |
|---|---|---|---|---|
| Google Cloud Platform (Vertex AI) | Primary AI processing for listing generation and photo analysis | Inventory photos, item descriptions, receipt images | United States | Enterprise data protection terms; data not used for model training |
| Google AI Studio | Fallback AI processing during Vertex AI service interruptions (minimized use) | Same as above (minimized use) | United States | Google standard API terms apply |
| RevenueCat | Subscription management and entitlement sync | Anonymous user IDs, transaction history, subscription status | United States | SOC 2 Type II; DPA in place |
| Sentry | Application crash reporting and performance monitoring | Anonymized stack traces, device type, OS version, app version | United States | SOC 2 Type II; no PII transmitted |
| Resend | Transactional email delivery (password resets, notifications, policy change notices) | Email address, user first name | United States | DPA in place; TLS encryption in transit |
| Replit | Primary database and application hosting | All data categories listed in Section 1 | United States | SOC 2 Type II certified; hosted on Google Cloud Platform (GCP) infrastructure |
| Cloudflare, Inc. (Turnstile) | Invisible bot-detection challenge on web portal pre-authentication forms (login, registration, password reset). Cloudflare processes the HTTP request and browser signals; no authenticated user data is shared. | IP address, browser request headers and signals. Strooply does not store any Turnstile-specific data. Processing is governed by the Cloudflare Turnstile Privacy Addendum. | United States | Turnstile Privacy Addendum |
| OpenTimestamps (Bitcoin blockchain) | Tamper-evident timestamping of consent records and document hashes | Only cryptographic hashes: no personal information is written to the blockchain. Hashes are one-way and cannot be reversed to reveal underlying data. | Decentralized (Bitcoin network) | N/A: public, permissionless infrastructure |
Sub-processor Updates: We will update this list when we add or replace a sub-processor. Material changes to sub-processors that handle your personal information will be communicated via the app interface or email at least 14 days before the new sub-processor begins processing your data.
We implement administrative, technical, and physical safeguards designed to protect your personal information:
Encryption: Sensitive tokens (eBay OAuth) are encrypted at rest using AES-256-GCM. All data in transit is protected via TLS 1.2+ (HTTPS). Database backups are encrypted at rest using provider-managed encryption.
Access Controls: Production database access is restricted to authorized personnel on a need-to-know basis. All administrative access requires multi-factor authentication (MFA). Access logs are maintained and reviewed periodically.
Isolation: Your data is strictly siloed by unique User IDs using Row-Level Security (RLS) enforced at the database level to prevent cross-user data leakage. Team data is isolated at the organization level; cross-team access is not possible.
Infrastructure Security: Automated vulnerability scanning and dependency monitoring. Regular security reviews of application code and infrastructure configuration.
Incident Response: We maintain a documented incident response plan. Security incidents are escalated, investigated, and communicated per Section 6C (Data Breach Notification).
Limitations: No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.
No Sale of Data: The Stroop LLC does not sell, rent, or lease your personal information or sourcing history to third-party data brokers.
Pre-Authentication Bot Protection: Our web portal's pre-authentication forms (login, registration, and password reset) use Cloudflare Turnstile for invisible bot detection. Cloudflare processes the HTTP request and browser signals at challenge time; no authenticated user data is shared. Cloudflare's handling of that data is governed by the Cloudflare Turnstile Privacy Addendum.
We retain your personal information only as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account Credentials | Duration of account + 90 days post-deletion | Grace period for account recovery; then permanently deleted |
| Location & Address Data | Duration of account; deleted within 90 days of account termination | No longer needed once Service relationship ends |
| eBay OAuth Tokens | Until you revoke access; purged within 24 hours of revocation | Per Section 4 (Token Revocation) |
| eBay-Sourced Transaction Data | Duration of account + 7 years post-termination | IRS record retention requirements (IRC § 6501) |
| Inventory Photos & Receipt Images | Duration of account; deleted within 90 days of account termination | No independent retention obligation |
| Financial Sourcing Data (cost-basis, ROI) | Duration of account + 7 years post-termination | IRS record retention requirements |
| Subscription & Billing Records | 7 years from transaction date | Tax and accounting compliance |
| Technical Data (crash reports) | 90 days from collection | Troubleshooting window; then auto-purged |
| Consent & Identity Records (hashes, IPs, timestamps) | Indefinite | Legal compliance; statute of limitations for contract disputes |
| Marketing-Site Analytics (raw per-visit records) | 90 days from collection | Then auto-deleted; only non-personal aggregates retained |
| Marketing-Site Analytics (daily aggregates) | Indefinite | Non-personal statistical data; cannot be re-identified |
What "Deletion" Means: When we delete your data, we remove it from our active production databases and instruct sub-processors to do the same. Residual copies may persist in encrypted backups for up to 30 additional days before being overwritten through normal backup rotation. Data that has been cryptographically hashed and anchored to the blockchain (consent records) cannot be removed from the blockchain, but the hash alone cannot be reversed to reveal your personal information.
Post-Termination Export: Upon account termination, you have 30 days to request a machine-readable (JSON) export of your inventory and financial data, as described in our Terms of Service. After this window, data subject to the retention periods above will be retained per this schedule; all other data will be deleted within 90 days.
All personal information collected by Strooply is stored and processed in the United States on infrastructure provided by the following:
International Users: If you access the Service from outside the United States, you acknowledge that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. We protect your data using the security measures described in Section 6 regardless of where you are located.
EU/UK Users: This Service is primarily directed at users in the United States. We do not specifically target or market to residents of the European Economic Area (EEA) or United Kingdom. If you are located in the EEA or UK and choose to use the Service, you do so voluntarily and acknowledge that your data will be transferred to the United States. We rely on your explicit consent (Article 49(1)(a) GDPR) as the legal mechanism for this transfer. You may withdraw consent at any time by deleting your account, though this will result in termination of the Service.
In the event of a security breach involving your personal information, The Stroop LLC will:
(a) Investigate and Contain. Take immediate steps to investigate the scope of the breach, contain it, and prevent further unauthorized access.
(b) Notify Affected Users. Provide written notice to affected users as required by applicable law, including:
(c) Content of Notice. Breach notifications will include: (1) a description of the incident; (2) the categories of information involved; (3) the approximate date of the breach; (4) steps we are taking in response; (5) steps you can take to protect yourself; and (6) contact information for questions.
(d) Regulatory Notification. Where required by law, we will notify the Washington Attorney General, the California Attorney General, or other applicable regulatory authorities within the timeframes prescribed by statute.
(e) Method of Notice. We will notify you via the email address associated with your account. If we do not have a current email address for you, or if the breach affects more than 500,000 Washington residents, we will provide substitute notice as permitted by RCW 19.255.010(9).
You may delete your account at any time through Account Settings > Delete Account in the app or web portal. Here is what happens when you initiate deletion:
(a) Immediate Effects (within 24 hours): Your account is deactivated and you are logged out of all sessions; your eBay OAuth token is revoked; your account becomes inaccessible to Team members (if applicable); your subscription is canceled (no further charges).
(b) 14-Day Grace Period: For 14 days after initiating deletion, you may contact [email protected] to reverse the deletion and restore your account with all data intact. After 14 days, deletion becomes irreversible.
(c) Data Purge (within 90 days of the grace period expiring): Inventory photos, receipt images, listing data, and location data are permanently deleted from active databases. Sub-processors are instructed to delete your data. Encrypted backup copies are overwritten through normal rotation within 30 additional days.
(d) Data We Retain After Deletion: Financial transaction records are retained for 7 years per IRS requirements. Consent and identity records (cryptographic hashes, timestamps) are retained indefinitely for legal compliance. Aggregate, de-identified analytics are retained indefinitely (cannot be re-identified to you).
(e) Data Export Before Deletion: Before deleting your account, you may request a full JSON export of your data from Account Settings. We recommend exporting before initiating deletion.
Mobile App (iOS & Android): The Strooply mobile app does not use browser cookies. Authentication state is maintained using secure device storage provided by the operating system: it is isolated to your device and inaccessible to other apps or to us remotely.
Web Portal: When you access Strooply through a web browser, we set one strictly essential session cookie. This cookie stores an encrypted session identifier that allows the server to recognize you as authenticated across page loads. It contains no personal information, is marked HttpOnly (inaccessible to browser scripts), Secure (transmitted only over HTTPS), and expires when your session ends or after a fixed inactivity period.
Marketing Site (sessionStorage): Our public marketing pages (the homepage, /download, /privacy, /terms, and similar pre-account pages) use a single ephemeral browser-tab token stored in sessionStorage. The token is a random 32-character identifier generated in your browser the first time you load a marketing page in a given tab. It is used only to deduplicate page-view records within that single tab session. The browser automatically destroys the token when the tab is closed. It is not a cookie, it is not transmitted to any third party, it is not readable by any other website, and it is not associated with any account. No browser-fingerprinting, local-storage tracking identifier, IndexedDB record, or service-worker cache is used by our marketing analytics.
No tracking or advertising cookies, no third-party trackers: We do not use analytics cookies, advertising cookies, or any third-party cookies. We do not embed Google Analytics, Facebook Pixel, Hotjar, Plausible, Fathom, Mixpanel, Segment, or any other third-party analytics or advertising provider on the marketing site or in the app. All visitor analytics are processed and stored exclusively on our own servers, as described in Section 1 ("Marketing-Site Visitor Analytics"). No cookie or storage value set by Strooply is shared with third parties or used to track your activity across other websites.
EU / UK visitors (ePrivacy / PECR): Because our marketing analytics use no cookies and no device-or-browser-identifying persistent storage, no cookie consent banner is required under the EU ePrivacy Directive or the UK Privacy and Electronic Communications Regulations (PECR). Visitors from the EU and UK see the same marketing site as visitors from elsewhere, with no banner, no popup, and no consent dialog.
Can you disable cookies? The session cookie is required for the web portal to function. Disabling it will prevent login. The marketing-site sessionStorage token is optional; disabling JavaScript or browser storage will not block your access to any page. If you prefer to avoid cookies and storage entirely, use the mobile app, which requires neither.
Washington (My Health My Data Act & Washington Privacy Act): You have the right to access, correct, delete, and withdraw consent for the processing of your personal data.
Right to Appeal (WPA): If we deny your privacy request, you have the right to appeal our decision within 30 days by emailing [email protected] with the subject line "WPA Appeal." We will respond within 45 days. If the appeal is denied, you may contact the Washington State Attorney General at atg.wa.gov/file-complaint.
Washington My Health My Data Act: Strooply does not collect, share, or sell consumer health data as defined under the Washington My Health MY Data Act.
Data Protection Assessments (WPA § 6): The Stroop LLC conducts and documents Data Protection Assessments for processing activities that present a heightened risk of harm to consumers, as required by the Washington Privacy Act. These assessments cover: processing of precise geolocation data for sourcing personalization; use of automated decision-making systems (AI-generated listing content); and processing of sensitive data categories. These assessments weigh the benefits of processing against potential risks to consumer rights and are made available to the Washington Attorney General upon request. They are not published publicly due to their confidential nature.
Consumer Health Data: Strooply does not intentionally collect, use, share, or sell consumer health data as defined under the Washington My Health My Data Act (RCW 19.373). If you upload receipt images that incidentally contain health-related purchase information (e.g., pharmacy receipts), that data is processed solely for cost-basis extraction and is not categorized, tagged, or used as health data. You are advised not to upload receipts containing sensitive health information. If you do so inadvertently, you may delete the associated record at any time from your inventory, and the underlying image will be purged in accordance with our standard deletion procedures.
California (CCPA / CPRA): If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):
(a) Right to Know / Access. You may request disclosure of: the categories of personal information we have collected about you; the categories of sources from which we collected it; the business or commercial purpose for collecting it; the categories of third parties with whom we share it; and the specific pieces of personal information we have collected about you.
(b) Categories of Sources. We collect personal information from the following categories: directly from you (registration, onboarding, use of the Service); from your devices (technical data, geolocation with permission); from third-party services you authorize (eBay via OAuth, Apple App Store, Google Play Store via RevenueCat); and from your browser (marketing-site analytics).
(c) Business Purposes for Collection. We collect and use personal information for the following business purposes: providing the Service (listing automation, inventory management, financial tools); account creation, authentication, and security; debugging and troubleshooting; performing services on your behalf (eBay listing management); internal research for technological development (aggregate analytics); and legal compliance (consent records, age verification).
(d) Sale and Sharing. We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. There is nothing to opt out of.
(e) Sensitive Personal Information. We collect the following categories of sensitive personal information: precise geolocation and account log-in credentials. These are used only as necessary to provide the Service. We do not use or disclose sensitive personal information for purposes other than those permitted under CPRA § 1798.121(a).
(f) Right to Delete. You may request deletion of your personal information. We will comply except where retention is necessary for: completing a transaction; detecting security incidents; complying with legal obligations (e.g., tax record retention); or exercising or defending legal claims.
(g) Right to Correct. You may request correction of inaccurate personal information we maintain about you.
(h) Right to Non-Discrimination. We will not deny you the Service, charge different prices, or provide a different quality of service because you exercised a CCPA/CPRA right.
(i) Global Privacy Control (GPC) & Do Not Track (DNT). We recognize the Global Privacy Control signal (Sec-GPC: 1) as a valid opt-out preference signal under CCPA regulations. We also honor the legacy Do Not Track signal (DNT: 1). On our marketing site, when either signal is present, no analytics record is created.
(j) Authorized Agents. You may designate an authorized agent to submit a privacy request on your behalf. To do so, provide us with: (1) a signed written authorization from you permitting the agent to act on your behalf, or (2) proof that the agent holds a valid power of attorney under California Probate Code §§ 4000–4465. We may still require you to verify your own identity directly with us before fulfilling the request.
(k) Verification Process. When you submit a privacy request (Right to Know, Delete, or Correct), we will verify your identity by matching at least two data points you provide against information we already have on file (e.g., your registered email address and date of birth). For requests to access specific pieces of personal information, we may require a signed declaration under penalty of perjury. We will respond to verified requests within 45 days (extendable by an additional 45 days with notice).
(l) Annual Metrics. If and when The Stroop LLC meets the threshold requiring publication of annual CCPA metrics (Cal. Civ. Code § 1798.185(a)(7)(C)), we will publish them at strooply.com/legal/ccpa-metrics.
To submit a California privacy request, contact us at [email protected] with the subject line "California Privacy Request."
Global Privacy Control (Sec-GPC) and Do Not Track (DNT): On our public marketing site we honor both the Global Privacy Control browser signal (CCPA-recognized opt-out preference signal under California regulations, transmitted via the Sec-GPC: 1 request header) and the legacy Do Not Track signal (transmitted via the DNT: 1 request header). When either signal is present, no marketing-site analytics record of your visit is created. No additional opt-out action is required from you.
Strooply is a business tool intended for users 18 and older. We enforce a date-of-birth age gate at onboarding and do not knowingly collect personal information from children under 18.
If you are added to a Team as a "Lister," the following applies to your personal information:
(a) What We Collect From Listers: The same categories of information described in Section 1 apply to Listers, including account credentials, technical data, and consent records. Listers must independently complete age verification and accept these Terms.
(b) What Team Owners Can See: Team Owners have visibility into the following Lister activity within their organization: listings created, edited, or published by the Lister; inventory items added by the Lister; and activity timestamps. Team Owners cannot see: the Lister's personal email address (unless voluntarily shared), date of birth, home address or personal location data, personal financial data or subscription details, or crash reports specific to the Lister's device.
(c) Lister Rights: Listers retain all privacy rights described in this Policy (access, correction, deletion) independently of the Team Owner. A Lister may delete their account at any time; this will remove them from the Team and delete their personal data per the schedule in Section 6A. Inventory and listing data created by a Lister within a Team workspace is owned by the Team Owner and is not deleted when a Lister leaves.
(d) Owner Responsibility: Team Owners are responsible for informing Listers about the data practices described in this section before adding them to the Team.
Crash Reporting (Sentry): By default, the app sends anonymized crash reports to help us identify and fix bugs. If you would like to disable crash reporting before an in-app toggle is available, please contact us at [email protected] and we will accommodate your request. Disabling crash reporting will not affect your use of the Service, but may limit our ability to diagnose issues affecting your account.
AI Studio Fallback: You may disable the AI Studio fallback path in Account Settings > Privacy. See Section 3 for details.
Marketing-Site Analytics: Honored automatically via GPC/DNT signals as described in Section 8. No additional opt-out action is required.
Consent-Record Data (IP, device ID, timestamps): This data is collected as a legal compliance measure and cannot be opted out of while using the Service. If you do not wish for this data to be collected, your sole remedy is to not use the Service.
We may update this policy to reflect changes in the law or our Service. We will notify you of material changes via the app interface or email. Continued use of the Service after notification constitutes acceptance of the updated policy.
For questions regarding this policy or your data rights, contact:
The Stroop LLC
PO Box 274, Selah, WA 98942
Email: [email protected]
Phone: (509) 834-8027
The Stroop LLC is committed to making this Privacy Policy accessible to all users. If you need this policy in an alternative format (such as large print, plain language summary, or screen-reader-optimized text), please contact us at [email protected] and we will provide a reasonable accommodation within 10 business days.
Version v2.1-20260520