Privacy Policy
This Privacy Policy ("Policy") describes how Lorenzo Frascolla, a sole proprietor doing business as Namas ("Namas," "we," "us," or "our"), collects, uses, discloses, and safeguards personal information when you use the Namas mobile application (the "App") or our website at namas-app.com (the "Site," and together with the App, the "Service"). Namas is the data controller for purposes of the EU/UK GDPR and the "business" for purposes of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA/CPRA").
By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, do not use the Service.
1. Scope and eligibility
The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we discover that we have collected personal information from someone under 18, we will delete it as soon as reasonably practicable and may terminate the associated account. If you believe we have inadvertently collected information from a minor, contact us at contact@namas-app.com.
2. Categories of personal information we collect
The following table summarizes the categories of personal information we collect, consistent with the enumerated categories under the CCPA/CPRA, the sources of that information, the business purposes for which we use it, and the categories of third parties with whom we share it.
| Category | Examples | Source | Purpose | Shared with |
|---|---|---|---|---|
| Identifiers | Name, email, account ID, IP address, device ID | You; automatically from your device | Account creation, authentication, communications, fraud prevention | Hosting and auth provider (Supabase), notification provider (Expo) |
| Commercial information | Bookings, session history, ratings, promo code usage | You; other users you transact with | Operating the marketplace | Counterparty user (Coach/Client), payment processor (Stripe) |
| Financial information | Payment method token, last 4 digits, billing ZIP, payout bank details (Coaches only) | You (via Stripe); Stripe | Processing payments, issuing refunds, remitting payouts, tax reporting | Stripe, Inc. (payments); tax authorities where required by law |
| Internet/network activity | App events (sign-up, booking, cancellation), crash logs, diagnostic data | Automatically from your device | Service operation, debugging, fraud/abuse detection, product analytics | Error-tracking and analytics providers |
| Geolocation data (approximate) | City/area entered by you; coarse IP-derived location | You; automatically | Session discovery by location, fraud detection | None (retained internally) |
| Audio/visual information | Profile photos and session photos you upload | You | Displaying profiles and listings | Other users on the Service |
| Professional or credential information (Coaches) | Biography, certifications, coaching history you disclose | You | Marketplace listings, Client decision-making | Other users on the Service |
| Inferences | Derived preferences (e.g., categories you browse) | Automatic | Personalizing session discovery and recommendations | None outside our service providers |
| User-generated content | Direct messages, ratings, reports, support correspondence | You | Enabling messaging, trust and safety, support | Recipient user(s); law enforcement as legally required |
We do not knowingly collect sensitive personal information as defined under the CPRA (for example, government ID numbers, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, or health information). Please do not submit such information through the Service.
3. How we use personal information
We use personal information for the following purposes:
- Service delivery: to create and authenticate accounts, display session listings, process bookings, enable messaging, and deliver push notifications.
- Payments: to facilitate payments and payouts through Stripe, calculate platform fees, remit taxes where required, and process refunds.
- Trust and safety: to detect, prevent, and respond to fraud, abuse, harassment, and violations of our Terms of Service.
- Analytics and product improvement: to understand how the Service is used, identify bugs, and improve features.
- Communications: to respond to your inquiries, send transactional notices, and, where permitted, send service announcements. We do not currently send marketing email; if this changes, we will provide an opt-out.
- Legal compliance: to comply with applicable laws, respond to lawful requests from government authorities, and enforce our rights.
4. Legal bases for processing (EEA/UK users)
If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal information are:
- Performance of a contract (GDPR Art. 6(1)(b)) — to provide the Service you have requested (account, bookings, payments, messaging).
- Legitimate interests (GDPR Art. 6(1)(f)) — to operate, secure, and improve the Service; prevent fraud and abuse; and maintain aggregate analytics. We balance these interests against your rights and freedoms.
- Legal obligation (GDPR Art. 6(1)(c)) — to comply with applicable tax, accounting, anti-money-laundering, and other laws.
- Consent (GDPR Art. 6(1)(a)) — where we ask for consent (for example, to access your camera or photo library). You may withdraw consent at any time.
5. How we disclose personal information
We do not sell personal information, and we have not sold or "shared" (as defined by the CPRA for cross-context behavioral advertising) personal information in the preceding 12 months. We disclose personal information only in the following circumstances:
- To other users as necessary to operate the marketplace (for example, a Client's name and profile photo are visible to the Coach after booking).
- To service providers acting on our behalf under contractual confidentiality and data-protection terms, including: Supabase, Inc. (database, authentication, file storage); Stripe, Inc. (payments, payouts, fraud prevention, tax reporting); Expo (650 Industries, Inc.) (push notifications, build tooling); Vercel Inc. (website hosting); and error-tracking providers. An up-to-date list is available upon request at contact@namas-app.com.
- For legal reasons — when we believe in good faith that disclosure is required by subpoena, court order, or other legal process, or reasonably necessary to protect the rights, property, or safety of Namas, its users, or the public.
- In a corporate transaction — if Namas is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to a confidentiality agreement and a successor's binding commitment to honor this Policy.
- With your consent or at your direction.
6. Device permissions
The App may request:
- Camera and Photo Library. To upload a profile or session image. We only upload the specific file you select.
- Push notifications. To deliver booking, cancellation, and message alerts. Disable at any time in your device settings.
We do not collect precise (GPS-level) device location.
7. Cookies, tracking, and analytics
The Site does not set advertising or analytics cookies. A strictly necessary cookie may be used to remember your theme preference (light/dark). The Site loads fonts from Google Fonts, which may log request metadata under Google's policies. The App does not use web cookies; it uses local device storage (AsyncStorage / Secure Store) to maintain your authenticated session and user preferences. We do not operate behavioral advertising, nor do we use cross-site tracking. Because we do not engage in cross-context behavioral advertising, we honor Global Privacy Control (GPC) signals by default.
8. Your rights
8a. All users
You may, subject to applicable law:
- Access the personal information we hold about you.
- Correct inaccurate personal information.
- Delete your account and personal information — you may self-serve from Profile → Delete Account in the App, or request deletion by email.
- Port your personal information in a commonly used, machine-readable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email contact@namas-app.com. We will respond within the timeframe required by applicable law (typically 45 days under CCPA/CPRA, and 30 days under GDPR). We may ask you to verify your identity before acting on a request. We will not discriminate against you for exercising any of these rights.
8b. California residents (CCPA/CPRA)
In addition to the rights above, you have the right to request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we have disclosed such information. You also have the right to opt out of "sale" or "sharing" of personal information and to limit the use of sensitive personal information. Namas does not sell or share personal information for cross-context behavioral advertising, and does not use or disclose sensitive personal information for purposes that would trigger the right to limit. If this ever changes, we will update this Policy and provide the required disclosures and "Do Not Sell or Share" mechanism.
You may designate an authorized agent to make a request on your behalf. We may require the agent to provide signed permission, and we may require you to verify your identity directly.
8c. EEA/UK residents (GDPR)
You have the right to lodge a complaint with your local data protection authority if you believe our processing violates the GDPR. A list of EU supervisory authorities is available at edpb.europa.eu.
9. Retention
We retain personal information for as long as your account is active and as needed to provide the Service. Following account deletion, we remove personal information from active systems within 30 days, except where retention is required for:
- Financial records (payments, refunds, payouts, tax) — retained for up to 7 years to satisfy tax, accounting, and audit obligations.
- Fraud and abuse records — retained for up to 2 years to prevent repeat abuse and enforce our Terms.
- Dispute records — retained until the dispute is resolved and the applicable limitations period expires.
- Aggregated or anonymized data, which is not personal information, may be retained indefinitely.
10. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including TLS encryption in transit, encrypted storage at rest, row-level security on our database, scoped access control, rate-limiting, and vendor due diligence. No system is perfectly secure. If we become aware of a personal data breach affecting your information, we will notify affected users and applicable regulators within the timeframes required by law (for example, without undue delay and, where feasible, within 72 hours under the GDPR).
11. International data transfers
Namas is operated from the United States, and personal information is processed in the United States and any region where our service providers operate. If you access the Service from outside the United States, you consent to the transfer of personal information to the United States. Where required, we rely on appropriate transfer mechanisms, including the European Commission's Standard Contractual Clauses, for transfers from the EEA/UK.
12. Children under 18
The Service is not directed to children under 18, and we do not knowingly collect personal information from children. Because the Service is restricted to users 18 and older, the Children's Online Privacy Protection Act ("COPPA") does not apply to the Service. If you are a parent or guardian and believe a minor has provided us with personal information, email contact@namas-app.com and we will take steps to delete that information.
13. Third-party services
The Service integrates with third-party services, including Stripe for payments. Their collection and use of information is governed by their own privacy policies (for example, stripe.com/privacy). We are not responsible for the privacy practices of third parties, and we encourage you to review their policies.
14. Do Not Track
The Service does not respond to Do Not Track ("DNT") browser signals because no universal standard has been adopted. As noted above, we do not engage in cross-context behavioral advertising and honor Global Privacy Control (GPC) signals.
15. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email or in-app notice at least 30 days before the changes take effect, except where a shorter period is required by law. The "Last updated" date above will reflect the most recent change. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.
16. Contact
Lorenzo Frascolla, sole proprietor d/b/a Namas — United States.
Email: contact@namas-app.com