Turnsapp Inc. ("Turnsapp," "we," "us," or "our") is committed to protecting the privacy and security of your
personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information
when you use our laundromat and dry-cleaning management platform and related services (the "Services").
Our Services Include:
- Laundromat & Dry-Cleaning Management Software
- Customer Engagement & Payment Processing
- Pickup & Delivery Optimization
- Automated Communications & Notifications
- Analytics & Reporting Tools
- Franchise & Multi-Location Support
- Point-of-Sale (POS) Hardware and Equipment
- AI-Powered Features and Automation
By using our Services, you agree to the collection and use of information in accordance with this Privacy
Policy.
When you register for our Services, we collect:
- Business name, address, and contact information
- Business owner/manager details (name, email, phone)
- Business license and tax identification numbers
- Payment and billing information
- User account credentials and preferences
- Hardware shipping and installation addresses
- Equipment serial numbers and warranty information
As part of providing our Services, we process customer data on your behalf, including:
- Customer names, phone numbers, and addresses
- Pickup and delivery preferences
- Order history and service details
- Payment information (processed securely through third-party processors)
- Communication preferences and history
- Loyalty program and promotional data
We share information with trusted third-party service providers who assist us in operating our Services:
Payment Processing
Stripe (Stripe, Inc.)
Purpose: Credit card and payment processing (US & International)
PayPal (PayPal Holdings, Inc.)
Purpose: Alternative payment processing
Razorpay (Razorpay Software Limited)
Purpose: Payment processing for India
What Razorpay Collects:
- Personal identifiers (name, email, phone, address, demographics)
- Transaction data and payment details
- Device & technical data (IP, browser, device info)
- Regulatory & KYC compliance data
Compliance:
- Privacy Policy: razorpay.com/privacy
- Regulatory Framework: Digital Personal Data Protection Act, 2023 (India)
- Data Fiduciary Status: Acts as Data Fiduciary under Indian law
- User Rights: Right to redress grievances, nominate representative
PayMaya / Maya (PayMaya Philippines, Inc.)
Purpose: Payment processing for Philippines
Security Measures:
- AES-256 encryption for data at rest and in transit
- Role-based access controls and data minimization
- First bank in Philippines with ISO 27001 & ISO 27701 certifications
Compliance:
- Privacy Policy: maya.ph/privacy
- DPO Contact: dpo@paymaya.com
- Terms Updated: May 20, 2025
- Regulatory Framework: Data Privacy Act of 2012 (Philippines)
- User Rights: Right to object, access, modify, erasure
PayRange (PayRange, Inc.)
Purpose: Cashless payment solutions for unattended retail
Important Security Note:
- Card data is NEVER viewed, passed through, or stored on PayRange servers
- Only last 4 digits of card + token are stored
- Multiple security safeguards against unauthorized access
Cloud Infrastructure
Amazon Web Services (AWS)
Purpose: Application hosting and data storage
- Privacy Policy: aws.amazon.com/privacy
- Data Processing Addendum: AWS DPA
- Certifications: ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 2
- Compliance: GDPR with DPA
Google Cloud Platform
Purpose: Cloud services and infrastructure
Communication Services
Twilio (Twilio Inc.)
Purpose: SMS messaging and voice services
- Privacy Policy: twilio.com/legal/privacy
- Data Protection Addendum: Twilio DPA
- Last Updated: August 22, 2025 (DPA), August 14, 2025 (Privacy)
- Framework: Binding Corporate Rules (BCRs) - approved by EU DPAs
- Certifications: ISO 27001
Artificial Intelligence and Machine Learning
OpenAI (OpenAI, Inc.)
Purpose: AI-powered features including automated text generation, intelligent
suggestions, and natural language processing
Important Privacy Protections:
- By default, OpenAI does NOT use API data for training models
- API inputs/outputs do NOT become training data (unless explicitly opted in)
- Data retained for abuse monitoring for maximum 30 days, then deleted
- Zero data retention available for highly sensitive applications
What OpenAI Processes:
- Text inputs you provide to AI features
- Generated responses and outputs
- Technical metadata (timestamps, API usage)
Security: AES-256 encryption at rest, TLS 1.2+ in transit
Note: You can opt out of AI-powered features at any time through your account settings.
Disabling AI features will not affect core platform functionality.
Delivery and Logistics Services
DoorDash (DoorDash, Inc.)
Purpose: Delivery coordination and logistics via Drive API
What DoorDash Processes:
- Customer names, addresses, and phone numbers (for delivery)
- Pickup and drop-off locations
- Delivery instructions and preferences
- Order timing and status
Privacy Practices: Asynchronous data redaction, address obfuscation to prevent
re-identification
- Privacy Policy: about.doordash.com/privacy
- Controller Status: DoorDash acts as data Controller
- User Rights: Right to deletion, opt-out of data selling, opt-out of targeted advertising
- Compliance: GDPR, CCPA
Error Monitoring and Diagnostics
Sentry (Sentry, Inc.)
Purpose: Application error tracking and performance monitoring
Sentry collects technical error information when issues occur in our application, including error
messages, stack traces, device/browser information, IP addresses, and user interaction breadcrumbs. This
helps us identify and fix technical problems quickly.
- Privacy Policy: sentry.io/privacy
- Data Retention: 90 days
- Data Location: United States (EU hosting available)
- Compliance: GDPR with DPA
Customer Support and Messaging
Intercom (Intercom, Inc.)
Purpose: Customer support chat and in-app messaging
Important Cookie Notice: Intercom places cookies on your device to maintain chat
sessions and track your interactions. These are third-party, persistent cookies.
You can opt-out of Intercom tracking by:
- Contacting us to disable the chat widget for your account
- Managing cookie preferences through your browser settings
- Using our cookie preferences center
What Intercom Collects:
- Your name, email address, and account information
- Messages and conversation history with our support team
- Usage data including pages visited and features used
- Technical information (browser type, device, IP address)
- Privacy Policy: intercom.com/legal/privacy
- Data Processing Agreement: Intercom DPA
- Data Retention: 180 days after account closure
- Data Location: United States (EU-U.S. Data Privacy Framework certified)
- Compliance: GDPR with DPA
Location and Mapping Services
Google Maps Platform (Google LLC)
Purpose: Maps, geocoding, place search, and location services
We use Google Maps Platform for:
- Map display and navigation
- Address autocomplete and validation
- Place search and location selection
- Route optimization for pickup and delivery
With your explicit permission, we may:
- Access your device location
- Send location data to Google for geocoding and mapping
- Store search queries and map interactions
Important: We will request your permission before accessing your device location.
You may decline location access and continue using other features of our application.
Revoking Location Permission:
- Chrome: Settings > Privacy and Security > Site Settings > Location
- Safari: Preferences > Websites > Location
- Mobile: Device Settings > Apps > Turnsapp > Permissions
Analytics and Performance
Google Analytics (Google LLC) & Microsoft Clarity (Microsoft Corporation)
Purpose: Usage analytics, user behavior tracking, session recording, and heatmaps
These services help us understand how users interact with our application and identify areas for
improvement. They collect usage data, device/browser information, anonymized IP addresses, and click
patterns.
Hardware and Logistics
- Shipping and logistics providers for hardware delivery
- Equipment manufacturers and warranty service providers
We may communicate directly with your customers for:
- Order confirmations and status updates
- Pickup and delivery notifications
- Payment processing and receipts
- Customer support (when authorized by you)
We may disclose information when required by law or to:
- Comply with legal processes or government requests
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our Terms of Service
In the event of a merger, acquisition, or sale of assets, customer information may be transferred as part of
the business transaction.
Our QR code scanning feature requires access to your device camera. Your browser will request permission
before granting access.
How We Use Camera Data:
- Camera data is processed locally on your device only
- We do NOT transmit camera images to our servers
- We do NOT store or record camera data
- Only the scanned QR/barcode data is processed
Revoking Camera Permission:
- Chrome: Settings > Privacy and Security > Site Settings > Camera
- Safari: Preferences > Websites > Camera
- Firefox: Settings > Privacy & Security > Permissions > Camera
Voice input features use your browser's built-in speech recognition API and require microphone access.
How Voice Data is Processed:
- Audio is processed by your browser's speech recognition service:
- Chrome users: Google's speech recognition service
- Safari users: Apple's speech recognition service
- Edge users: Microsoft's speech recognition service
- We do NOT directly collect, store, or record audio data
- Only the transcribed text is sent to our application
Revoking Microphone Permission:
- Chrome: Settings > Privacy and Security > Site Settings > Microphone
- Safari: Preferences > Websites > Microphone
- Firefox: Settings > Privacy & Security > Permissions > Microphone
Note: Audio processing is subject to your browser provider's privacy policy (Google,
Apple, or Microsoft).
In the event of a security breach affecting your data, we will:
- Notify affected users within 72 hours of discovery
- Provide details about the nature and scope of the breach
- Outline remediation steps being taken
- Offer assistance and support as appropriate
If applicable, you have the right to:
- Request access to personal information we hold
- Request correction of inaccurate information
- Request deletion of personal information
- Object to processing of personal information
- Request data portability
- Withdraw consent for processing
To exercise your rights, contact us at: privacy@turnsapp.com
As a business customer, you control your end-customer data and can:
- Export customer data at any time
- Delete customer records from our system
- Manage customer communication preferences
- Control data sharing and processing settings
We retain your business account information for as long as:
- Your account remains active
- Required to provide Services
- Necessary for legal, tax, or regulatory compliance
- Typically 7 years after account closure for financial records
You can control cookies through:
- Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies
- Our Cookie Preferences Center: Manage granular cookie consent (available in your
account settings)
- Opt-Out Links:
Note: Disabling certain cookies may affect platform functionality. Essential cookies cannot
be disabled as they are required for the application to work.
Our Services may involve transferring data internationally. We ensure adequate protection through:
10.1 Data Transfer Mechanisms
- Standard Contractual Clauses (SCCs) for EU data transfers
- Data Processing Agreements with all international service providers
- Compliance with local data protection requirements
10.2 Data Transfer Locations
| Service |
Data Location |
Safeguards |
| Stripe |
United States |
DPA, PCI-DSS |
| PayPal |
United States/Global |
DPA |
| Razorpay |
India |
DPDPA 2023 compliance |
| PayMaya |
Philippines |
DPA 2012 compliance, ISO 27001/27701 |
| PayRange |
United States |
PCI-DSS compliance |
| Sentry |
United States |
DPA, EU hosting available |
| Intercom |
United States |
EU-U.S. Data Privacy Framework, DPA |
| Google Maps |
United States/Global |
Controller-Controller DPA |
| Google Analytics |
United States |
Standard Contractual Clauses |
| Microsoft Clarity |
United States |
Standard Contractual Clauses |
| AWS |
United States/EU (configurable) |
AWS GDPR compliance |
| OpenAI |
United States |
DPA, SOC 2/3, GDPR/CCPA/HIPAA |
| DoorDash |
United States |
GDPR/CCPA compliance |
10.3 Data Processing Agreements
We have executed Data Processing Agreements (DPAs) with the following processors to ensure GDPR compliance:
- Stripe, Inc.
- Sentry, Inc.
- Intercom, Inc.
- Amazon Web Services
- Google Cloud Platform
- OpenAI, Inc.
Our Services are designed for business use and are not intended for individuals under 18. We do not knowingly
collect personal information from minors. If you believe we have collected information from a minor, please
contact us immediately at privacy@turnsapp.com.
Our platform may integrate with third-party services (POS systems, accounting software, etc.). This Privacy
Policy does not cover third-party services. Please review their privacy policies for information about their
data practices.
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email notification to your registered account
- Prominent notice on our platform
- Updated "Last Modified" date at the top of this policy
Continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.
This privacy policy was updated to include:
Frontend Services (Previously Updated):
- Sentry (error tracking) disclosure
- Intercom (customer support) disclosure with cookie notice
- Google Maps Platform disclosure with location consent details
- Google Analytics and Microsoft Clarity disclosures
- Camera access disclosure (QR scanner)
- Microphone access disclosure (voice input)
- Enhanced cookie disclosure with specific cookie table
- Data retention details per service
- International data transfers table
Backend Services (New in This Update):
- Razorpay (India Payments) - Complete disclosure including:
- Digital Personal Data Protection Act, 2023 compliance
- KYC and anti-money laundering compliance
- User rights under Indian law
- PayMaya / Maya (Philippines Payments) - Complete disclosure including:
- Data Privacy Act of 2012 (Philippines) compliance
- ISO 27001 & ISO 27701 certifications
- User rights under Philippines law
- PayRange (Payment Processing) - Complete disclosure including card data security
- OpenAI (AI & Machine Learning) - Complete disclosure including:
- AI-powered features explanation
- No training on customer data by default
- 30-day retention, then deletion
- Opt-out options
- DoorDash (Delivery & Logistics) - Complete disclosure including data redaction
practices
Enhanced Sections:
- Expanded payment processing section with 5 payment providers
- Added AI & Machine Learning subsection
- Added Delivery & Logistics subsection
- Updated data retention periods
- Expanded international data transfers table
