Privacy Policy

Last updated: March 6, 2026

TrashGeek (trashgeek.app) is operated by REINERS.IO ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the TrashGeek platform ("Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• Name and email address
• Company name and business details
• Phone number
• Password (stored as a bcrypt hash - we never store plaintext passwords)
• User role within your organization

1.2 Business Data

As you use the Service, you and your team may input:

• Dumpster inventory and fleet details
• Rental records, invoices, and payment information
• Customer names, addresses, phone numbers, and email addresses
• Scheduling, dispatch, and route data
• GPS location data from driver trip tracking
• Internal notes, tags, and custom fields

1.3 Customer Data Processed on Your Behalf

When you use TrashGeek to manage your dumpster rental business, you may enter your customers' personal information (names, addresses, phone numbers, email addresses). In this context, you are the data controller and TrashGeek acts as a data processor. You are responsible for obtaining appropriate consent from your customers for the collection and processing of their data.

1.4 Usage Data

We automatically collect certain information when you access the Service, including:

• IP address and browser type
• Pages visited and features used
• Date, time, and duration of visits
• Referring URL
• Device type and operating system

1.5 Cookies and Local Storage

We use cookies and browser local storage for:

• Authentication tokens - JWT tokens stored in sessionStorage to maintain your login session
• Theme preference - your light/dark mode selection stored in localStorage

We do not use third-party tracking cookies or advertising cookies.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related billing information
• Send SMS notifications via Twilio on your behalf (delivery confirmations, pickup reminders, driver alerts)
• Authenticate users and enforce role-based access control
• Provide customer support and respond to inquiries
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues and security threats
• Enforce our Terms of Service
• Comply with legal obligations

3. Data Sharing and Third-Party Services

We do not sell your personal information. We share data only with the third-party services that you connect or that are necessary to operate the platform:

• Stripe - payment processing via Stripe Connect. When you enable payment collection, transaction data is shared with Stripe per their Privacy Policy.
• Twilio - SMS delivery notifications and dispatcher alerts. Phone numbers and message content are shared with Twilio per their Privacy Policy.
• QuickBooks / Xero / Invoice Ninja - accounting synchronization, when you connect your account. Invoice and financial data is shared per their respective privacy policies. Invoice Ninja connections stay on your self-hosted instance.
• Nominatim (OpenStreetMap) - geocoding of addresses for map display and route optimization. Addresses are sent to the Nominatim API; no personal identifiers are included beyond the address itself.

We may also disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of REINERS.IO, our users, or the public.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination:

• You may request a data export within 30 days of termination
• After the 30-day window, your data may be permanently deleted from our active systems
• Backup copies may persist for up to 90 days before being purged
• We may retain certain data as required by law (e.g., billing records, audit logs)

5. Multi-Tenant Data Isolation

TrashGeek is a multi-tenant platform. Your company's data is fully isolated from other companies on the platform. All API requests are scoped to your company via JWT-authenticated tokens. This means:

• Other companies cannot view, access, or modify your data
• Your users can only access data within your company account
• Role-based permissions further restrict access within your organization

6. Security Measures

We implement industry-standard security measures to protect your data:

• Password hashing - all passwords are hashed using bcrypt before storage
• Authentication - JWT (JSON Web Token) based authentication with expiring tokens
• Transport encryption - all data in transit is encrypted via HTTPS/TLS
• Access controls - role-based access control (owner, admin, dispatcher, driver) limits data visibility
• Audit logging - administrative actions are logged for security review

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. SMS Communications

TrashGeek uses Twilio to power SMS communications, including:

• Customer delivery and pickup confirmation messages
• Dispatcher and driver alerts
• Quote request notifications

You are responsible for obtaining appropriate consent from recipients before sending SMS messages through the platform and for complying with all applicable telecommunications laws, including the Telephone Consumer Protection Act (TCPA).

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at sales@trashgeek.app.

9. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have the following rights under the CCPA:

• Right to Know - You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete - You may request that we delete your personal information, subject to certain exceptions (e.g., legal compliance, completing transactions).
• Right to Opt-Out of Sale - We do not sell personal information. There is no need to opt out.
• Right to Non-Discrimination - We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at sales@trashgeek.app. We will respond to verifiable consumer requests within 45 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• sales@trashgeek.app
• 605-336-7063
• REINERS.IO