Privacy Policy

Falco, Inc. ("Falco," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information when you use the Falco mobile application and website (collectively, the "App") to order food, groceries, and other goods for delivery or pickup.

Who We Are:

Scope: This Privacy Policy applies to end users of the Falco consumer app. If you are a vendor or restaurant partner, a separate privacy policy applies to your signup and account information.

By using the Falco App, you agree to the collection and use of information as described in this policy.

Information You Provide Directly

• Account Information: Name, email address, phone number, and password when you create an account
• Delivery Addresses: Home, work, and saved delivery locations
• Payment Information: Credit and debit card details, processed securely through our payment processor (Stripe). We do not store full card numbers on our servers
• Order Details: Items ordered, special instructions, preferences, and dietary restrictions you provide
• Communications: Messages you send to customer support and reviews you submit

Information Collected Automatically

• Location Data: Precise GPS location to show nearby restaurants, calculate delivery times, and route drivers. Location is collected when the App is in use and, with your permission, in the background to track delivery progress
• Device Information: Device type, operating system, unique device identifiers, and mobile network information
• Usage Data: Features you use, pages viewed, searches performed, time spent in the App, and order history
• Log Data: IP address, browser type, access times, and referring URLs

SMS and One-Time Passcode (OTP) Data

When you register or log in, we send OTP verification codes to your phone number via SMS. We collect:

• Your phone number (to send the OTP)
• Delivery confirmation and verification status (to confirm you received the OTP)
• Timestamp of OTP request (for security and fraud prevention)

We do not use your phone number for marketing SMS without your explicit consent.

Information from Third Parties

• Social Sign-In: If you sign in with Google or Apple, we receive your name and email from those providers
• Payment Processors: Transaction status and partial payment information from Stripe
• Analytics Providers: Aggregated usage analytics from providers such as Google Analytics

Service Delivery

• Process and fulfill your food and grocery orders
• Calculate delivery fees and estimated delivery times
• Connect you with nearby restaurants, grocery stores, and retail vendors
• Track your delivery in real-time and notify you of order status updates
• Facilitate payment processing and issue refunds

Authentication and Security

• Send one-time passcodes (OTP) via SMS to verify your phone number and authenticate logins
• Detect and prevent fraudulent activity and unauthorized account access
• Monitor for suspicious transactions
• Enforce our Terms of Service

Personalization

• Personalize restaurant and menu recommendations based on your order history and preferences
• Power the Nomi AI assistant to understand your dietary preferences and suggest relevant options
• Remember your saved addresses and payment methods

Communications

• Send transactional SMS messages: order confirmations, delivery status updates, and OTP codes
• Send push notifications about your order status (you may disable these in device settings)
• Respond to your customer support inquiries
• Send service announcements and important account notifications

Improvement and Analytics

• Analyze usage patterns to improve the App and user experience
• Identify and fix bugs and performance issues
• Conduct research to develop new features

Marketing (with consent only)

We will only send promotional SMS or email communications if you have explicitly opted in. You may opt out at any time.

Falco sends SMS text messages for the following purposes:

Transactional SMS (no consent required)

• One-time passcodes (OTP) for account verification and login
• Order confirmation and receipt notifications
• Delivery status updates (order picked up, on the way, delivered)
• Driver arrival notifications
• Account security alerts

Message and Data Rates

Message and data rates may apply. Your carrier's standard messaging and data rates apply to all SMS messages sent by or to Falco.

Message Frequency

Message frequency varies. OTP messages are sent only when you initiate a login or verification action. Order update messages are sent based on the status of your active orders.

Opt-Out

To stop receiving SMS messages from Falco, reply STOP to any Falco SMS. After opting out, you will receive a single confirmation message. Note that opting out of OTP messages will prevent you from verifying your account via SMS.

Help

To receive assistance, reply HELP to any Falco SMS or contact us at support@thefalco.com.

Privacy of SMS Data

Your phone number and SMS data are not shared with third parties for their marketing purposes. SMS data is used solely to deliver the messages described above and to detect fraud or abuse.

We share your information only in the following circumstances. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Vendors and Restaurants

We share your first name, delivery address, order details, and special instructions with the restaurant or vendor fulfilling your order. We do not share your phone number or payment details with vendors.

Delivery Drivers

We share your delivery address and first name with the driver assigned to your order. Your full contact information is shared only as necessary to complete the delivery.

Service Providers

• Payment Processing: Stripe processes payments on our behalf
• SMS Provider: Twilio sends OTP and order notification SMS messages on our behalf. Twilio is contractually prohibited from using your data for any purpose other than sending messages we authorize
• Cloud Hosting: AWS hosts our platform and data
• Analytics: Google Analytics helps us understand app usage in aggregated form
• Customer Support: Support ticketing systems used to respond to your inquiries

All service providers are contractually bound to use your information only for the services they provide to Falco and to protect your data.

Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect the safety and rights of Falco, our users, or the public.

Business Transfers

If Falco is acquired or merges with another company, your information may be transferred as part of that transaction. You will be notified via email or in-app notice before such a transfer occurs.

We retain your personal information for as long as your account is active and as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

• Active Accounts: All account and order data retained while your account is active
• Order History: Retained for 3 years after the order date to support refund claims and customer service
• Financial Records: Retained for 7 years to comply with tax and accounting laws
• OTP Logs: Retained for 90 days for fraud detection and security audit purposes
• Deleted Accounts: Personal information anonymized or deleted within 90 days of account deletion request, unless retention is required by law

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256
• Secure Infrastructure: Hosted on AWS with SOC 2 certified infrastructure
• Payment Security: Payments processed via PCI DSS-compliant Stripe. We never store your full card number
• Access Controls: Internal access to user data is restricted on a need-to-know basis
• OTP Expiration: One-time passcodes expire within 10 minutes of issuance

Despite these measures, no system is 100% secure. If you suspect unauthorized access to your account, contact support@thefalco.com immediately.

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and personal data
• Opt-Out of Marketing: Unsubscribe from marketing emails and SMS at any time
• Data Portability: Request a machine-readable export of your data

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete that information, and the right to opt out of the sale of personal information. We do not sell personal information.

European Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have rights under the GDPR including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.

How to Exercise Your Rights

Contact us at support@thefalco.com with the subject line "Privacy Rights Request." Include your name, email address, and description of your request. We will respond within 30 days (GDPR) or 45 days (CCPA).

The Falco App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it promptly.

If you believe we may have collected information from a minor, please contact us immediately at support@thefalco.com.

Our website (www.thefalco.com) uses cookies and similar technologies:

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics). You may opt out via the Google Analytics opt-out browser add-on

You can control cookies through your browser settings. Blocking essential cookies may affect website functionality.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the date at the top of this policy and sending an in-app or email notification. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

If you do not agree to the updated policy, you should discontinue use of the App and request account deletion.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

We will respond to general privacy inquiries within 5–7 business days.