Privacy Policy

Introduction

Rush OnDemand, Inc. ("Rush OnDemand," "The Company" "we," "us," or "our") respects your privacy and is committed to protecting your Personal Information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, download or use our mobile applications, or otherwise interact with the platform we operate (the "Platform"). This Policy applies to all Personal Information we collect, whether online or offline, including through our website, mobile applications, and services. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in our master glossary (e.g., "Platform," "Consumer," "Service Provider," "Personal Information," "Third-Party Processor"). We operate in and make our services available to residents across the United States and have drafted this Policy to address requirements in California (CCPA/CPRA), Colorado, Connecticut, Virginia, Utah, Texas (TDPSA), Florida (Digital Bill of Rights), Oregon, Delaware, New Jersey, Tennessee, Montana, Iowa, and similar state privacy laws that are in force or become effective.

Data Processing and AI Features

The Company uses secure cloud-based systems to operate and improve our Platform. Your information is stored on trusted U.S. infrastructure and protected with industry-standard encryption. Some Platform features use artificial intelligence ("AI") tools to help understand your service requests and connect you with the most suitable providers. These tools analyze the text you enter (and, if you choose to enable it, your voice input) to identify the type of service you need. The AI does not currently use your information for advertising purposes. Regarding model training, please see Section 5(c) for details on how your information may be used. You can turn off voice input at any time in your device settings. We use automated systems to detect fraud, manage account authentication, and deliver real-time updates about your service requests. These systems assist our team but do not replace human judgment. If an automated system ever makes a decision that affects your account or access to services, you may request a human review by contacting us at privacy@rushod.com. We may use service providers to deliver notifications, verify accounts, and securely store or process information. These service providers are required by contract to protect your data and use it only for the purposes we specify. The Company is not responsible for data collected by external apps, devices, or assistants (for example, Siri, Google Assistant, or other third-party tools) that you choose to use alongside our Platform.

Information We Collect

We collect only the data necessary to provide, operate, secure, and improve the Platform. This includes:

Required Information

We may collect the following categories of information:

Identifiers: Name, email address, phone number, postal address, unique personal identifier, online identifier, IP address, account name, or other similar identifiers.

Customer Records: Contact information, billing address, payment information, and records of services purchased.

Commercial Information: Records of services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies.

Internet Activity: Browsing history, search history, and information regarding your interaction with our website, applications, or advertisements.

Geolocation Data: Physical location or movements (with your consent where required). This is used to match Consumers with nearby Service Providers and to help enforce non-circumvention, where permitted

Professional Information: Current or past job history, professional references, and work-related contact information (for contractor relationships).

Service Request Descriptions: Text that describes what work the Consumer needs, which is used for AI-based categorization and matching.

Optional Information

If you elect to provide this information, we may collect:

Email Address: For communications, confirmations, and account recovery.

Profile Photo: To personalize accounts and help identify users.

Contact/Notification Preferences: To let you choose how we contact you.

Data We Do Not Collect

We do not currently collect or access:

Google Advertising IDs

Contact lists

Photo library contents

Microphone/audio

Camera/image data

Future Opt-In Information

In the future, we may collect additional data of various types, which will be collected only after an express opt-in if and when the functionality is released. We may request access to data or device features solely on an express, opt-in basis to enable specific functions (for example: letting a user upload a photo of the repair issue from the app, using voice input to describe a service request, scanning a space, or for enhanced account verification). When we introduce any such feature:

We will clearly describe the data being collected;

We will tell you why we need it;

We will ask for your explicit consent before activation; and,

You will always be able to deny or withdraw such access in settings.

Broader Categories Required by State Laws

To comply with CA, CO, CT, VA, TX, FL, OR, DE, NJ, TN, MT, IA, and similar laws, we also disclose that we may collect the following categories of Personal Information (some of these will be "not currently collected" in practice, but we disclose them because state privacy laws organize data this way):

Identifiers: See above.

Customer Records: Contact information and, where applicable, billing address or limited payment-related information (if/when payments are handled through the Platform or a payment processor).

Commercial Information: Records of services requested, accepted, or completed through the Platform; history of interactions with Service Providers.

Internet or Network Activity: Log data, device data, pages viewed, time stamps, and interaction with the Platform (used for security and performance; we do NOT use it for advertising).

Geolocation Data: Approximate or precise location when you use the Platform to find Service Providers or to validate your project location.

Professional/Business Information (Service Providers): Business name, licenses you upload, insurance status you upload, work-related contact information.

Inferences: High-level inferences drawn from your service requests to help the Platform route and match more accurately (e.g., "plumbing-related issue," "electrical," "urgent," "repeat job"). We do not build psychological or advertising profiles.

Sources of Information

We collect Personal Information from:

You, directly, when you create an Account, enter text, or submit a service request, as well as automatically, when you use the Platform (e.g., device, log, and location data);

Service Providers or Contractors (for example, where they confirm job completion or upload documentation);

Third-Party Processors that support the Platform, specifically:

Firebase (authentication, database, notifications, analytics);

Google Gemini AI (text-only processing of service-request descriptions); and,

Google Maps (location and mapping services).

Publicly available sources (e.g., to validate addresses or business information);

Cookies and similar technologies (see our Cookie Policy for more details).

How We Use Your Information

We use your Personal Information for the following business purposes. Those include:

Service Delivery: To provide, maintain, and improve our services; to match Consumers with Service Providers; to process and track service requests; and to display information you or a Service Provider upload (such as insurance status).

Authentication and Account Management: To create, verify, and maintain Accounts; to help you recover access.

Communication: To send service confirmations, status updates, security alerts, and responses to your support inquiries.

Security and Fraud Prevention: To monitor, detect, and prevent fraud, abuse, and violations of our Terms of Service or non-circumvention rules.

Business Operations: To operate our business, including accounting, auditing, billing, and collection activities.

Legal Compliance: To comply with applicable laws, regulations, law-enforcement requests, or to exercise or defend legal claims.

Analytics: To understand how users access and use the Platform so we can improve stability, performance, and user experience. We do not use analytics for targeted advertising.

Matching Optimization: to improve how the Platform routes jobs to appropriate Service Providers, including through AI Features.

Marketing (Limited): to send you information about features, updates, or services offered by the Company, only where permitted by law or with your consent. You can opt out at any time.

We do not use your Personal Information for cross-context behavioral advertising, and we do not sell your Personal Information for monetary consideration.

Artificial Intelligence and Automated Decision-Making

Use of AI Technology

We use artificial intelligence ("AI Features") and automated decision-making technology ("ADMT") in narrow, clearly defined ways, primarily to: 1) read and categorize text-based service requests you submit; 2) match your request to an appropriate Service Provider in your area; 3) help fill in missing job details suggested by the Platform; and, 4) detect suspicious or abusive behavior. The AI we use is text-only. It does not access your microphone, camera, photo library, or contacts because those are not collected right now. As indicated above, if additional functionality is added in the future, it will be provided on an express opt-in basis and you will have the ability to grant or terminate access. Where we rely on Google Gemini AI, we do so for text processing only.

Automated Decision-Making Disclosures

If and when we use ADMT that could significantly affect you (for example, if we were to deny access, prioritize jobs, or change pricing in an automated way) we will: 1) provide clear notice that an automated system is being used; 2) explain in general terms the purpose and logic of the automated decision-making; 3) tell you if you have the right to opt out under your state's law (for example, CA, CO, CT, VA, TX, FL, OR all have some version of this); and, 4) provide a way to request human review where required.

AI Training and Development

User Personal Information may be used to train public or third-party AI models. We may also use de-identified or aggregated data derived from service requests to improve our internal matching and fraud-detection systems. Where a state law requires consent to use certain data for AI training, we will obtain that consent first.

Information Sharing and Disclosure

We may share your Personal Information in the following circumstances:

Service Providers and Contractors: With Service Providers you choose or that are matched to you, so they can contact you and deliver services; and with contractors who help us operate the Platform.

Third-Party Processors: With trusted processors (Firebase, Google Gemini AI, Google Maps, hosting, email delivery, customer-support tools) under written agreements that require them to use the data only to provide services to us and to keep it secure.

Business Transfers: In connection with a merger, acquisition, financing, or sale of all or part of our business; we will require the recipient to honor this Policy or provide equivalent protection.

Legal Requirements and Safety: When required by law, subpoena, or government request, or to protect our rights, property, users, or the public.

With Your Consent: For any other purpose disclosed to you and that you consent to at the time.

We do not sell Personal Information to third parties for monetary consideration. We also do not "share" Personal Information for cross-context behavioral advertising as those terms are used in the CPRA and similar laws. If that ever changes, we will provide a "Do Not Sell or Share My Personal Information" link and update this Policy.

Additional Special Data Provisions

Communications and SMS Consent

We may contact you by phone, email, or text message to verify your account, confirm service requests, provide updates, or respond to inquiries. If you choose to receive marketing or promotional messages, you may opt in separately, and you can withdraw your consent at any time by following the instructions in those messages or by contacting us. Message and data rates may apply. We do not send autodialed or prerecorded marketing messages without your express consent.

User-Generated Content

If you submit reviews, ratings, feedback, or other content through the Platform, that information may be visible to other users and the public. You should not include any Personal Information that you do not wish to be made public. The Company is not responsible for how others use or share any information you voluntarily make available through public features of the Platform. However, we will take reasonable steps to remove such content upon your request where technically feasible.

Supplemental and Aggregate Information

We may receive limited supplemental information about you from third-party data partners to verify your identity, confirm address or location accuracy, prevent fraud, or improve Platform reliability. We may also create or use aggregated or deidentified information for analytics, service improvement, or security purposes. Aggregated and deidentified data is not considered Personal Information.

Cookies, Analytics, and Similar Technologies

We use functional cookies and analytics tools to support essential Platform features and to measure usage. We do not use advertising or marketing cookies, and we do not allow cross-context behavioral advertising. Our analytics providers, such as Firebase and Google Analytics, may use cookies or unique identifiers to understand Platform performance and reliability. Our Platform may also use similar technologies, such as pixels or device identifiers, for fraud prevention and operational efficiency.

Payment Processing

All payments made through the Platform are processed by third-party payment processors certified under PCI DSS standards. The Company does not store full payment card numbers and retains only limited transactional information required for recordkeeping or dispute resolution. When you make or receive a payment, your payment information (such as bank account, credit card, or other financial data) is collected and processed directly by these providers, subject to their own privacy policies and terms of service, which are incorporated herein by reference. The Company is not responsible for the performance, security, or compliance of any third-party payment processor. Service Providers and Consumers acknowledge and agree that:

The Company may withhold or delay payments if required by law, regulation, or investigation of suspected fraud, misconduct, or security concerns.

The Company is not responsible for delays, errors, chargebacks, reversals, or losses caused by third-party payment processors.

Each user remains solely responsible for any taxes, fees, or reporting obligations associated with payments made or received through the Platform.

The Company may receive limited transaction metadata (such as confirmation of payment, date, and amount) for recordkeeping, customer support, and compliance purposes.

Account Management and Preferences

You may update certain account information or communication preferences through your account settings or by contacting our support team. If you request deletion of your account, we will delete or deidentify your Personal Information as required by applicable law, subject to retention needed for legal compliance or dispute resolution.

Your Privacy Rights

Because we serve users in multiple states, we recognize and will honor privacy requests to the extent required by applicable law, including but not limited to: California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah (UCPA), Texas (TDPSA), Florida (Digital Bill of Rights), Oregon (OCPA), Delaware (DPDPA), New Jersey, Tennessee (TIPA), Montana, Iowa, and any substantially similar privacy statute. Depending on your state of residence, you may have some or all of the following rights:

Right to Know / Access: To request confirmation of whether we process your Personal Information and to access that information.

Right to Delete: To request deletion of Personal Information we collected from you, subject to legal/operational exceptions.

Right to Correct: To request correction of inaccurate Personal Information.

Right to Data Portability: To obtain a copy of Personal Information in a portable and, to the extent technically feasible, readily usable format.

Right to Opt Out of:

Sale of Personal Information;

Sharing of Personal Information for targeted or cross-context behavioral advertising;

Profiling or automated decision-making that produces legal or similarly significant effects. (We currently do not engage in sale/share for ads, but we will still honor opt-out requests.)

Right to Limit Use of Sensitive Personal Information: where we process precise geolocation, we will limit our use to service delivery, safety, and enforcement of non-circumvention, and we will offer limiting/opt-out where required.

Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights.

Right to Appeal: in states like CO, CT, VA, OR, DE, if we deny a request of yours under this Policy, you can appeal, and we will tell you how.

How to Exercise Your Rights

You can submit a request by email to privacy@rushod.com, or by mail to Rush OnDemand, Inc., Attn: Privacy Officer, 6512 Maiden Sea Dr., Apollo Beach FL 33572. We will verify your identity before processing your request and respond within 45 days (with a possible 45-day extension, which we will tell you about, if reasonably necessary).

Authorized Agents

In states that permit it (e.g., California), you may designate an authorized agent to submit a request for you. We may require proof of authorization and may still require you to verify your identity directly with us.

Sensitive Personal Information/Data

Some state privacy laws define certain information as "sensitive," such as: precise geolocation data; government IDs; account log-in plus password; certain financial data; or, health, biometric, or children's data. What we actually collect that could be considered "sensitive" is primarily precise location data (for matching and, in some cases, non-circumvention enforcement). We do NOT collect biometric identifiers, health data, or children's data in the ordinary course of business. We limit our use of sensitive data to what is necessary to provide the Platform, secure it, and comply with law. Where a state law requires consent for sensitive data, we will obtain it.

Data Security

We implement appropriate technical and organizational measures to protect your Personal Information, including: encryption in transit (TLS 1.3) and at rest (AES-256, or equivalent); access controls and least-privilege permissions in Firebase and other cloud environments; monitoring and logging for suspicious activity; and, limiting access to Personal Information to personnel who have a business need to know. While no system is 100% secure, we maintain industry-standard security measures designed to protect against unauthorized access, disclosure, alteration, or destruction of Personal Information.

Data Retention

We retain Personal Information for as long as necessary to: provide and improve the Platform; enforce our Terms of Service and non-circumvention provisions (typically up to three (3) years from last activity, or longer where necessary for legal compliance or dispute resolution); comply with legal, accounting, or reporting requirements; and, resolve disputes. After that, we will delete or de-identify the data, unless we must keep it longer for legal reasons. You may submit a User Data Deletion Request at any time, and we will respond to your request within the timeframes required by applicable law (typically within 45 days, with the possibility of a 45-day extension where reasonably necessary), subject to legal exceptions.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to: maintain sessions and logins; improve performance and security; and, perform basic analytics. We do NOT use advertising or marketing cookies. You can control or disable cookies in your browser; however, some features of the Platform may not work properly if you do so. If a state requires it, we will present a cookie banner or Notice at Collection at the time of cookie placement. Please review our Cookie Policy for additional information.

International Transfers

Our services are intended for use in the United States, and we currently host data in the United States. If we later transfer Personal Information outside the United States, we will implement appropriate safeguards (such as Standard Contractual Clauses) to protect your information.

Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.

Children's Privacy

Our services are not directed to individuals under 16 years of age (or under 13, where COPPA applies). We do not knowingly collect Personal Information from children under the applicable age threshold. If we learn that we have collected such information without appropriate consent, we will delete it promptly. Persons under the age of 16 are strictly prohibited from using the Platform.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our services. When we do, we will update the "Last Updated" date at the top and, where required, notify you through the Platform or by email.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, or if you want to exercise your privacy rights, contact us at:

State Notices

Notice to California Residents

This Privacy Policy is intended to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). You have the following rights under California law: (1) the right to know what Personal Information we collect, use, disclose, and sell or share; (2) the right to delete Personal Information; (3) the right to correct inaccurate Personal Information; (4) the right to opt out of the sale or sharing of Personal Information; (5) the right to limit the use and disclosure of sensitive Personal Information; and (6) the right to non-discrimination for exercising these rights. To exercise these rights, please contact us using the information provided above. We will respond to verifiable consumer requests within 45 days, with a possible 45-day extension where reasonably necessary.

Notice to Texas Residents

This Privacy Policy is intended to comply with the Texas Data Privacy and Security Act (TDPSA). Under Texas law, you have the right to: (1) confirm whether we are processing your Personal Information and access such data; (2) correct inaccuracies in your Personal Information; (3) delete Personal Information; (4) obtain a copy of your Personal Information in a portable format; and (5) opt out of the processing of Personal Information for targeted advertising, the sale of Personal Information, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, please contact us using the information provided above.

Notice to Florida Residents

This Privacy Policy is intended to comply with the Florida Digital Bill of Rights and Florida Personal Information Protection Act. You have rights under Florida law including the right to access, correct, delete, and port your Personal Information, as well as the right to opt out of targeted advertising and the sale of Personal Information. To exercise these rights, please contact us using the information provided above. For more information about Florida privacy law, visit the Florida Department of Legal Affairs.

Notice to Residents of Other States

We will make reasonable efforts to honor substantially similar rights for residents of Colorado, Connecticut, Virginia, Utah, Oregon, Delaware, New Jersey, Tennessee, Montana, Iowa, and any other U.S. state that adopts a comprehensive privacy law.