REUSEAPP PRIVACY POLICY

Last updated: January 8, 2025

1. INTRODUCTION

Welcome to ReuseApp ("we," "our," or "us"). We are committed to protecting the privacy and security of personal information collected through our medical equipment reuse management platform (the "Service").

This Privacy Policy explains:

  • What information we collect
  • How we use that information
  • With whom we share information
  • How we protect information
  • Your rights and choices regarding your information

By using the Service, you agree to the practices described in this Privacy Policy.

1.1 Our Commitment to Privacy

ReuseApp was built specifically for nonprofit organizations serving individuals with disabilities and chronic illness. We understand the sensitive nature of the data you manage and take our responsibility to protect it seriously.

1.2 HIPAA Compliance

For organizations that require HIPAA compliance, ReuseApp offers Business Associate Agreement (BAA) options. Contact compliance@reuseapp.com to discuss HIPAA-compliant implementations.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

Account Information:

  • Organization name and type
  • Contact information (name, email, phone number)
  • Billing information (credit card details, billing address)
  • Job title and role within your organization
  • User account credentials (username, password)

Client Data You Store:

When you use the Service to manage your medical equipment reuse program, you may store:

  • Client names and contact information
  • Demographic information
  • Equipment needs and preferences
  • Service history and dates
  • Distribution records
  • Notes and communications

You are the data controller for this client information. We process it on your behalf as a data processor/service provider.

Equipment Inventory Data:

  • Equipment descriptions, types, and specifications
  • Donation and refurbishment information
  • Equipment condition and availability status
  • Distribution history

Support and Communication:

  • Information you provide when contacting customer support
  • Feedback, survey responses, and testimonials
  • Comments, questions, and suggestions

2.2 Information We Collect Automatically

Usage Information:

  • Pages viewed and features used
  • Time spent on the Service
  • Actions taken (creating records, generating reports, etc.)
  • Click-through rates and navigation patterns
  • Access times and frequency of use

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Referring URLs

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze how you use the Service
  • Improve Service performance and user experience
  • Prevent fraud and enhance security

Types of Cookies:

  • Essential Cookies: Required for the Service to function (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use the Service
  • Advertising Cookies: We do not use advertising cookies

You can control cookies through your browser settings, but disabling certain cookies may affect Service functionality.

2.3 Information from Third Parties

Payment Processors:

We receive confirmation of successful payments from our payment processors but do not store your full credit card information on our servers.

Single Sign-On Providers:

If you sign in using Google, Apple, or other SSO providers, we receive basic profile information (name, email) from those providers according to your authorization.

Integration Partners:

If you connect the Service with third-party tools (e.g., accounting software, email systems), we may receive information from those systems necessary to provide the integration.

3. HOW WE USE YOUR INFORMATION

3.1 To Provide and Improve the Service

  • Create and manage your account
  • Process payments and subscriptions
  • Provide customer support and respond to inquiries
  • Store and retrieve your client and equipment data
  • Generate reports and analytics for your organization
  • Monitor and improve Service performance
  • Develop new features and functionality
  • Debug errors and fix technical issues

3.2 For Security and Compliance

  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Comply with legal obligations and respond to legal requests
  • Protect the rights, property, and safety of ReuseApp, users, and the public
  • Verify your identity and authorization

3.3 For Communication

  • Send transactional emails (account notifications, password resets, billing confirmations)
  • Provide product updates and Service announcements
  • Send newsletters and promotional communications (with your consent)
  • Request feedback and survey participation
  • Respond to your questions and requests

You can opt out of promotional communications at any time using the unsubscribe link in emails.

3.4 For Aggregated and Anonymized Analytics

We may aggregate and anonymize data to:

  • Analyze Service usage trends and patterns
  • Improve our platform and develop industry insights
  • Conduct research on medical equipment reuse operations
  • Create benchmarks and best practice recommendations

Aggregated, anonymized data contains no personally identifiable information and cannot be linked back to individual users or clients.

3.5 Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal bases for processing include:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for our legitimate business interests (service improvement, security, fraud prevention)
  • Consent: Processing based on your explicit consent (marketing communications)
  • Legal Obligation: Processing required by law (tax reporting, legal compliance)

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information or client data to third parties for their marketing purposes.

4.2 Service Providers and Subprocessors

We share information with trusted third-party service providers who assist us in operating the Service:

  • Cloud Hosting: Amazon Web Services (AWS) for data storage and infrastructure
  • Payment Processing: Stripe for payment processing and subscription billing
  • Email Services: SendGrid for transactional and marketing emails
  • Analytics: Google Analytics for usage analytics (anonymized data only)
  • Customer Support: Zendesk for support ticket management
  • Security Monitoring: Third-party security tools for threat detection

All service providers:

  • Are contractually obligated to protect your data
  • May only use data to perform services for us
  • Must comply with applicable privacy laws
  • Are vetted for security and privacy practices

4.3 Legal Requirements and Protection

We may disclose information when we believe it is necessary to:

  • Comply with legal obligations (subpoenas, court orders, legal processes)
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of ReuseApp, users, or the public
  • Investigate fraud, security threats, or illegal activity
  • Respond to government or regulatory inquiries

4.4 Business Transfers

If ReuseApp is involved in a merger, acquisition, sale of assets, or bankruptcy:

  • Your information may be transferred to the acquiring entity
  • You will be notified via email and Service notification
  • The acquiring entity must honor the commitments made in this Privacy Policy

4.5 With Your Consent

We may share information for purposes not described in this Policy with your explicit consent.

4.6 Public Information

If you provide testimonials, feedback, or participate in public forums or case studies, that information may be publicly visible with your permission.

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • Encryption of data in transit (TLS 1.2+)
  • Encryption of data at rest (AES-256)
  • Secure authentication and authorization protocols
  • Multi-factor authentication options
  • Regular security vulnerability assessments
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery procedures

Organizational Safeguards:

  • Employee background checks and confidentiality agreements
  • Access controls based on role and need-to-know basis
  • Security awareness training for all employees
  • Incident response procedures
  • Third-party security audits
  • Compliance with industry standards (SOC 2, ISO 27001 in progress)

5.2 Your Responsibility

You are responsible for:

  • Maintaining the confidentiality of your login credentials
  • Using strong, unique passwords
  • Enabling two-factor authentication when available
  • Logging out after use on shared devices
  • Promptly reporting suspected security incidents

5.3 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee:

  • Absolute security of information transmitted over the internet
  • That unauthorized access, loss, or disclosure will never occur

In the event of a data breach that affects your information, we will notify you promptly as required by law.

6. DATA RETENTION

6.1 Active Account Data

We retain your account information and data you store in the Service for as long as your account is active or as needed to provide the Service.

6.2 After Account Termination

When you terminate your account:

  • Your data remains accessible for 90 days for potential account reactivation
  • After 90 days, data is permanently deleted from active systems
  • Backup copies are deleted according to our standard retention schedule (180 days maximum)
  • You may request immediate deletion by contacting support@reuseapp.com

6.3 Legal and Compliance Retention

We may retain certain information for longer periods when:

  • Required by law or regulation (tax records, financial transactions)
  • Necessary to resolve disputes or enforce agreements
  • Needed for legitimate business purposes (fraud prevention, security)

6.4 Anonymized Data

Aggregated, anonymized data may be retained indefinitely for analytics, research, and service improvement purposes.

6.5 Your Client Data

As the data controller for your client information, you determine the retention period for client records stored in the Service. We recommend you establish data retention policies in compliance with:

  • Applicable privacy laws (HIPAA, state privacy laws)
  • Your organization's policies
  • Grant and funder requirements

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

  • Access information we hold about you
  • Export your data in machine-readable format (CSV, Excel, JSON)
  • Receive a copy of your data for transfer to another service

How to exercise: Log into your account and use the export features, or contact support@reuseapp.com

7.2 Correction and Update

You have the right to:

  • Correct inaccurate information
  • Update outdated information
  • Complete incomplete information

How to exercise: Log into your account and update your information directly, or contact support@reuseapp.com

7.3 Deletion

You have the right to:

  • Delete your account and associated data
  • Request deletion of specific information

How to exercise: Cancel your subscription through account settings or contact support@reuseapp.com

Note: Deletion may be subject to legal retention requirements or legitimate business needs.

7.4 Restriction and Objection

You have the right to:

  • Restrict or object to certain processing of your information
  • Opt out of marketing communications
  • Disable certain cookies through browser settings

How to exercise: Contact privacy@reuseapp.com or use unsubscribe links in emails

7.5 Withdraw Consent

If we process your information based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

7.6 Lodge a Complaint

If you believe we have violated your privacy rights, you may:

  • Contact us at privacy@reuseapp.com to resolve the issue
  • File a complaint with your local data protection authority (for EU residents)
  • File a complaint with the appropriate U.S. regulatory agency

8. CHILDREN'S PRIVACY

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child:

  • Contact us immediately at privacy@reuseapp.com
  • We will promptly delete the information

Note: Client records in the Service may include information about minors receiving equipment. You are responsible for obtaining appropriate parental consent and complying with applicable laws when collecting such information.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

Our servers are located in the United States. By using the Service, you consent to the transfer of your information to the United States.

9.2 European Economic Area (EEA) Users

If you are located in the EEA:

  • We comply with GDPR requirements for international data transfers
  • We use Standard Contractual Clauses approved by the European Commission
  • We implement appropriate safeguards to protect your data

9.3 UK Users

Following Brexit, we comply with UK GDPR and UK data protection laws using:

  • UK Standard Contractual Clauses
  • Appropriate safeguards equivalent to those required by UK law

10. CALIFORNIA PRIVACY RIGHTS

10.1 CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we hold about you

Right to Delete:

Request deletion of personal information we collected from you (subject to legal exceptions)

Right to Opt-Out:

We do not sell personal information, so there is no opt-out required

Right to Non-Discrimination:

You will not be discriminated against for exercising your CCPA rights

How to Exercise Rights:

  • Email: privacy@reuseapp.com
  • Phone: [Phone Number]
  • Online form: [Website URL]/privacy-request

Verification: We will verify your identity before processing requests by matching information you provide to information in our records.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization.

10.2 California Shine the Light Law

California residents may request information about disclosures of personal information for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

10.3 Do Not Track

We do not currently respond to "Do Not Track" browser signals. We do not track users across third-party websites.

11. NEVADA PRIVACY RIGHTS

Nevada residents have the right to opt out of the sale of personal information. We do not sell personal information as defined by Nevada law. If our practices change, we will update this Privacy Policy and provide Nevada residents with an opt-out mechanism.

12. VIRGINIA, COLORADO, CONNECTICUT, AND UTAH PRIVACY RIGHTS

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights under state privacy laws, including:

  • Right to confirm whether we process your personal information
  • Right to access your personal information
  • Right to correct inaccuracies in your personal information
  • Right to delete personal information
  • Right to obtain a copy of personal information in a portable format
  • Right to opt out of targeted advertising (we do not engage in targeted advertising)
  • Right to opt out of the sale of personal information (we do not sell personal information)

How to Exercise Rights: Contact privacy@reuseapp.com

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Changes in applicable laws
  • New features or services
  • Feedback from users and regulators

13.2 Notification

When we make material changes:

  • We will update the "Last Updated" date at the top of this Policy
  • We will notify you via email or Service notification
  • We may require you to acknowledge and accept changes for continued use

13.3 Your Continued Use

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@reuseapp.com
Support: support@reuseapp.com
Phone: [Phone Number]
Mail:
ReuseApp - Privacy Department
[Street Address]
[City, State ZIP]

Data Protection Officer (for GDPR inquiries): dpo@reuseapp.com

15. ACKNOWLEDGMENT

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

Copyright © 2026 ReuseApp. All rights reserved.