How we handle your data.
Your data is yours. We collect only what we need to run the service, never sell it, and protect it like our own. Here is exactly what we keep, why we keep it, and the rights you have over it.
Identity & contact: your name, phone number, email, profile photo (if you sign in with Google), and your service addresses.
Vehicle & booking history: make, model, year, color, plate, and the history of bookings you have made on the platform.
Payment details: processed and tokenized by our third-party payment processors (Square). RabbitWash never stores full card numbers — only the last 4 digits and a token.
Device & analytics: device type, browser, and high-level usage analytics so we can keep the platform fast and secure.
Location for dispatching: when you book or share location during a support chat. We do not track your location in the background.
Schedule bookings — dispatch the right Rabbit to the right address with the right vehicle.
Process payments — through our payment processor, with the appropriate authorizations and captures.
Improve dispatch — analyse anonymized routing and timing patterns so jobs land faster.
Prevent fraud — detect duplicate accounts, charge-back abuse, and platform misuse.
Customer support — read your booking and message history so we can resolve issues quickly.
Marketing — send promotional emails about new services or offers, with a clear opt-out in every message and in your profile settings.
RabbitWash does not sell, rent, or trade your personal data to third parties. Period.
We may publish aggregated, anonymized statistics (e.g. "average wash time across the fleet") that cannot be linked back to any individual.
Payment processors — Square processes card transactions and stores tokenized card data on our behalf.
Contractors assigned to your booking — your Rabbit sees your name, vehicle, service address, and any booking notes. They do not see your payment details or unrelated history.
Service providers under contract — Twilio (SMS), Firebase (auth, database, storage), and Google Maps. Each is contractually required to protect your data.
Legal compliance — we may disclose data when required by valid legal process (subpoena, court order) or to protect the safety of our users, Rabbits, or the public.
Depending on where you live (including California under the CCPA/CPRA, and other US states with similar laws), you have the right to:
Access — request a copy of the personal data we hold about you. Deletion — ask us to delete your account and associated data. Correction — fix anything that is inaccurate. Opt-out — decline marketing communications, and where applicable opt out of sharing for cross-context behavioural advertising (we do not engage in that).
To exercise any of these rights, email info@rabbitwash.com or contact support from your account. We honor verified requests within 30 days.
You can opt out of marketing emails from your profile settings or by tapping the unsubscribe link in any marketing message.
Transactional messages (booking confirmations, service updates, receipts) are required for the service to function and cannot be disabled.
All data is encrypted in transit (HTTPS) and at rest (Firebase encryption). Payment details are tokenized by Square and never stored on our servers.
We perform regular security audits and follow industry-standard practices. If we ever experience a data breach, we will notify affected users within 72 hours.