Privacy Policy
Effective July 18, 2026 · Version 2026-07-18.2
We collect data needed to review access, operate orders, document custody, process payments, communicate, prevent abuse, and meet legal obligations. We do not sell personal data or share it for cross-context behavioral advertising. We use service providers only for defined operational purposes.
1. Who is responsible for your data
My Laundry determines why and how personal data is used for this service and is the primary business or controller for that processing. Some providers act on our instructions; others may act independently for payment, fraud, network security, telecommunications, or legal compliance, as described below.
Quality Labs Technology Service, LLC01-830Service region: Estados Unidos de Norteaméricamylaundryon@gmail.com2. Data we collect
Identity and contact
Name, email, phone number, city, account identifier, authentication records, role, verification status, and communication preferences. If you choose Google sign-in, we receive the Google account identifier, verified email, profile name, and optional profile image supplied for authentication.
Access and applications
Requested role, service interest, notes, interview availability, vehicle and delivery experience, laundry business name, address, and capacity.
Orders and logistics
Pickup and delivery addresses and windows, service dates, detergent or care choices, recurrence, item or weight information, order status, assigned participants, timestamps, incidents, and quality results.
Payments
Amount, currency, payment status, Stripe customer and transaction identifiers, refund information, and fraud or dispute signals. Full card details are entered with and handled by Stripe, not stored by My Laundry.
Documents and custody evidence
Photos of bags or garments, condition and handoff evidence, filenames, file type and size, upload status, timestamps, signatures, and notes. We do not currently collect government IDs, passports, Social Security numbers, selfies, or biometrics. A future identity or business-document process would require a separate notice before collection.
Communications
Support messages, notification content, phone number, opt-in and opt-out timestamps, provider message identifier, routing and delivery status, and related audit history.
Device and security
IP address, browser and device information, request headers, session and essential-cookie data, logs, request identifiers, access events, error records, and abuse or security signals.
Sign-in protection
A keyed, pseudonymous value derived from the normalized email address, failed-attempt count, attempt window, and temporary lock expiration. My Laundry does not store the submitted password; Supabase verifies and protects password credentials.
Consent and policy records
The Terms and Privacy versions you accepted, acceptance time, and records needed to demonstrate or withdraw consent where applicable.
3. Where data comes from
We receive data directly from you, from authorized account users, drivers and laundry partners involved in an order, from automated use of the platform, and from providers such as Google, Stripe, and Twilio that return authentication, payment, or delivery status. We may also receive lawful fraud, identity, or business-verification results if a separately disclosed verification process is enabled.
4. Why we use data
- Review access requests and create, secure, and support accounts.
- Schedule, route, process, track, document, and deliver orders.
- Calculate prices, collect payment, issue refunds, reconcile events, and prevent fraud.
- Send requested service notices and respect SMS or communication choices.
- Maintain chain of custody, investigate incidents, resolve claims, and protect clothing and people.
- Audit operations, troubleshoot, measure reliability, enforce policies, and improve the service using appropriately limited data.
- Comply with tax, accounting, legal, safety, payment-network, and law-enforcement obligations.
5. Companies that process data with us
These are the core technology providers currently designed into My Laundry. Their roles and subprocessors can change, so their linked notices provide the most current details. We disclose only the data reasonably needed for the function being provided.
Supabase
Database, authentication, and private file storageAccount identifiers, profile and service data, consent records, and authorized custody evidence
Provider privacy noticeGoogle account identifier, verified email, profile name, optional profile image, and authentication event metadata
Provider privacy noticeStripe
Payment processing, refunds, and fraud preventionPayment details provided directly to Stripe, transaction identifiers, amount, status, and risk signals
Provider privacy noticeTwilio
Transactional SMS and delivery-status reporting, when the SMS program is activatedPhone number, message content, sender and recipient metadata, timestamps, and delivery status
Provider privacy noticeVercel
Application hosting, content delivery, and operational securityIP address, request metadata, device/browser information, and application logs
Provider privacy noticeGoogle authenticates the Google account you choose and may process sign-in data under its own privacy terms. My Laundry does not receive your Google password or use Google sign-in to access Gmail, Drive, Calendar, contacts, or other Google content. Stripe and Twilio may act both as service providers processing on our instructions and as independent controllers for limited purposes such as fraud prevention, network operations, regulatory records, and legal compliance. Supabase hosts our database, authentication, and private storage. Vercel hosts and delivers the application and processes request-level operational data.
6. Operational sharing
- Drivers: receive the contact, address, timing, order, and handoff information needed for an assigned route.
- Laundry partners: receive the order, item, care, intake, quality, custody, and release information needed to process assigned work.
- Banks and payment networks: receive payment information through Stripe as needed to authorize, settle, refund, and investigate transactions.
- Professional and public authorities: data may be disclosed to advisers, insurers, auditors, courts, regulators, or law enforcement when reasonably necessary and legally permitted or required.
- Business transactions: data may transfer in a financing, merger, acquisition, or asset transaction subject to applicable notice, confidentiality, and prior privacy promises.
7. Document and image protections
Custody evidence is stored in private storage rather than a public gallery. Access is limited by role, order participation, server-side authorization, and time-limited retrieval. We limit supported file types and size, keep audit records, and use evidence for operational verification, claims, safety, and fraud prevention. Evidence photographs should focus on the bag, garments, seal, or handoff and should avoid faces, identity documents, license plates, and the interior of a home. A future identity or business document process would receive a specific purpose notice. Do not upload unrelated documents or more information than requested, and never send documents through an unapproved channel.
8. Retention and deletion
Retention depends on whether an access request, account, order, payment, claim, or support matter remains active; operational and security needs; tax, accounting, insurance, contract, and payment-network obligations; limitation periods; and legal holds. The platform currently assigns custody evidence a retention review date 365 days after upload, but that date does not automatically delete the file. Evidence remains under restricted access until an authorized deletion or de-identification process is carried out, and it may be held longer for a dispute, incident, safety issue, or legal obligation. A written retention schedule and automated deletion controls must be approved before production document collection expands beyond custody evidence. Pseudonymous sign-in throttle records are removed opportunistically after 30 days of inactivity. We will update this section when those controls change.
9. Your privacy choices and rights
Depending on your location and applicable law, you may request access, correction, deletion, a portable copy, restriction, or confirmation of processing, and may appeal a denied request. You may also opt out of targeted advertising, sale or sharing, and certain profiling where those rights apply. My Laundry does not currently sell personal data, use it for cross-context behavioral advertising, or make decisions producing legal or similarly significant effects solely through profiling. We may verify a request and retain the minimum record needed to document our response. Authorized agents may be required to prove authority.
Quality Labs Technology Service, LLC01-830Service region: Estados Unidos de Norteaméricamylaundryon@gmail.com10. Cookies, local storage, and analytics
The platform uses essential session technologies for authentication and security. The public legal notice uses local browser storage to remember that the current notice was displayed. We do not currently include third-party advertising trackers. If optional analytics or non-essential cookies are added, we will update this notice and provide any legally required controls before activating them.
11. Security and incident response
We use layered measures such as private storage, role-based authorization, row-level database controls, signed provider webhooks, bounded request bodies, restricted service credentials, and audit records. No system can guarantee absolute security. If an incident affects personal data, we will investigate, contain, document, and provide notices required by applicable law.
12. Children and international processing
My Laundry is not directed to children under 13 and is intended for adults who can contract for service. We do not knowingly collect personal data from children under 13. Providers may process data in the United States and other locations where they or their subprocessors operate, subject to their contractual and legal transfer safeguards.
13. Policy changes
Each posted revision identifies its version and effective date. A material expansion in how previously collected data is used or shared will not be activated where affirmative consent is required unless and until the corresponding notice and consent control is available.
