Legal
Privacy Policy
Effective: 2026-06-22 · Last updated: 2026-06-22
This Privacy Policy describes how Clickbuild Technologies LLC(“we”, “us”, “our”) handles personal information when you use the Passtimemobile application (the “App”) and related services. By using the App, you agree to this policy.
1. Information we collect
Account information. When you create an account we collect your email address, password (stored hashed, never in plaintext), first name, last name, phone number, role (Member or Host), and an optional avatar image.
Verification information.To verify your account we send one-time codes to your email (via Resend) or phone (via Telnyx). We store these codes briefly (≤ 10 minutes) and discard them after verification.
Authentication tokens.We issue JSON Web Tokens (JWT) to keep you signed in. Refresh tokens are stored encrypted on our servers and on your device in the operating system's secure storage (iOS Keychain / Android Keystore).
Payment information. Payments are processed by Stripe. We do not store your full card number, CVV, or bank details. We store transaction metadata (amount, currency, status, booking reference, platform fee). For Hosts, we store the Stripe Connect account identifier returned by Stripe.
Usage and device data. When you use the App we automatically collect basic device and diagnostic data (operating system, app version, error logs). Crash and performance data is processed via Sentry.
Push notifications. If you enable push notifications, we store a device push token (from Apple APNs or Google FCM) so we can deliver booking and message notifications.
2. How we use information
We use the information to:
- Create and maintain your account
- Authenticate you and keep your session secure
- Verify your email and phone number
- Match Members with Hosts and facilitate bookings
- Process payments and payouts (via Stripe Connect)
- Send transactional emails and notifications related to your account and bookings
- Detect, prevent, and respond to fraud, abuse, or security incidents
- Improve the App and diagnose issues
We do not sell your personal information. We do not use your data for behavioural advertising.
3. Third parties (sub-processors)
We share information with the following services strictly as needed to operate the App:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe (Stripe, Inc.) | Payment processing, Connect payouts | Payment + identity info for Hosts; transaction data for Members |
| Firebase (Google LLC) | Authentication and real-time features | Account identifiers, device tokens |
| Resend (Resend, Inc.) | Transactional email | Email address, OTP codes |
| Telnyx (Telnyx LLC) | SMS one-time codes | Phone number, OTP codes |
| Sentry (Functional Software, Inc.) | Error and performance monitoring | Crash logs, device + OS info |
| MongoDB Atlas (MongoDB, Inc.) | Database hosting | Account and booking data |
| Vercel (Vercel, Inc.) | API hosting | Request / response data needed to serve API calls |
| Expo / EAS (650 Industries, Inc.) | Mobile build and over-the-air updates | App binaries and metadata; no user data |
Each provider is bound by its own privacy and data-protection terms. We use them as data sub-processors and do not authorize them to use your personal information for their own purposes.
4. Data retention
- Account data: retained while your account is active and for up to 12 months after deletion (to handle disputes, fraud, and legal obligations).
- Verification codes: ≤ 10 minutes.
- Refresh tokens: ≤ 30 days, sooner if you sign out.
- Payment records: as long as required by tax and accounting laws (typically 7 years).
- Crash and diagnostic logs: ≤ 90 days.
5. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and associated personal data
- Object to or restrict certain processing
- Export your data in a portable format
- Withdraw consent at any time (where processing is based on consent)
To exercise any of these rights, email bara@clickbuild.tech. We respond within 30 days.
6. Children
Passtime is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If we learn that we have collected such information, we will delete it.
7. Security
We use encryption in transit (HTTPS / TLS) for all network requests, encryption at rest for sensitive fields, hashed passwords (bcrypt), and OS-level secure storage on your device. Despite these measures, no system is perfectly secure; we cannot guarantee absolute security.
8. International transfers
Our servers are hosted in the United States (Vercel, MongoDB Atlas). If you access the App from outside the US, your information will be transferred to and processed in the US. By using the App you consent to this transfer.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy at the same URL and update the “Last updated” date. Material changes will be communicated via in-app notice or email.
10. Contact
Clickbuild Technologies LLC
Email: bara@clickbuild.tech
For privacy-related requests, please include “Privacy” in the subject line.