Privacy Policy

Last Updated: July 4, 2026

1. Introduction

Welcome to Dylzapp ("we," "our," or "us"). Dylzapp is a location-based deals and promotions discovery platform that connects consumers with local businesses offering discounts, events, and special offers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (collectively, the "Service").

By accessing or using Dylzapp, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register for an account, we collect your name, email address, and password. If you register as a business owner, we may also collect your business name, business phone number, and business address. We verify your email address by sending a confirmation link to it; you must confirm ownership of the address before you can sign in, and you must re-verify any new email address if you change it.
  • Profile Photo Uploads: You may optionally upload a profile photo from your device's camera or photo library. Uploaded photos are resized to 400×400 pixels and stored on our servers (filesystem, MongoDB, and embedded inline on your user document for fast retrieval). Your profile photo is visible to other users wherever your name appears on the platform — for example, on the public Cheap Gas leaderboard if you submit gas reports. You may replace or remove your profile photo at any time from your profile settings.
  • Google Sign-In Data: If you choose to sign in with Google, we receive your name, email address, and profile picture from Google.
  • Apple Sign-In Data: If you choose to sign in with Apple, we receive your name and email address (which may be a private relay address if you choose to hide your email) from Apple.
  • Deal Content: If you are a business owner creating deals, we collect the information you provide including deal titles, descriptions, discount amounts, expiration dates, business contact information, images, videos, and QR codes.
  • Gas Price Reports (Crowdsourced "Cheap Gas"): If you choose to submit a gas-station price report through the Cheap Gas feature, we collect: the gas station you report against (identified by Google Place ID), the fuel grades and prices you enter (Regular, Mid, Premium, Diesel), the timestamp of submission, and your authenticated user ID. Each accepted report awards points to your account ledger. Your first name and profile photo are publicly displayed on the per-station "Last reported by …" credit and on the rolling 7-day Top Reporters leaderboard. Your email and full name are never displayed on these public surfaces.
  • Payment Information: When you make payments for premium deal promotion features (Featured Deals, Extended Reach) or for Driver / Fleet subscriptions, your payment information is processed by our third-party payment processor, Stripe. We do not store your full credit card numbers.
  • Driver & Fleet Subscription Information: If you subscribe as a driver or create/operate a Fleet (business) account, we store your subscription status and renewal date, whether you are on a free trial or have been granted comped (no-charge) access by a Dylzapp administrator, and a record of each subscription transaction (amount, currency, Stripe session ID, status) in our internal payment ledger. For Fleet accounts we additionally store the company name you provide, a generated join code, and the list of driver accounts that have joined your fleet's seats. Drivers join a fleet voluntarily by entering a join code shared by the fleet owner.
  • Driver Verification Information (Driver Directory): If you apply to be listed in the Dylzapp Driver Directory, we collect: your display name, short bio, service categories (rides / deliveries / custom), vehicle information (make, model, year, color, last 3 characters of license plate), pricing (rate per mile, base fare, optional rate per minute, prepay requirement), public payment handles (Venmo username and/or Cash App $cashtag — used only to generate deep links to those third-party apps; Dylzapp never sees, transmits, or processes payments), a photo of your government-issued ID (driver's license or state ID), and a selfie taken at application time for identity verification. Both your government-issued ID photo and selfie are required up front and must be uploaded before your driver application can be submitted — an application cannot be created without them. Your government-issued ID photo is reviewed by Dylzapp administrators solely to verify you are the person depicted on the ID, is stored on our servers, and is never shown to other users. Your verification selfie is also used as your rider-facing driver photo: it is shown to a rider once they request a service from you (i.e. start a chat with you), and — only if you turn on the optional "Show my photo on the map pin" setting — on your public live map pin so riders can recognize you. You may delete your driver profile at any time, which removes you from the public directory and revokes your verified status.
  • Multi-Stop Delivery Routes & Proof-of-Delivery Photos: When you create a multi-stop delivery run, we collect the pickup location plus each destination address, an optional recipient name and notes per stop, and the latitude/longitude coordinates of every point. These coordinates are sent to Google's Directions API to calculate the optimized route and total driving distance for pricing (see "Third-Party Services" below); we also cache the resulting distance for up to 30 days to reduce repeat lookups. As the assigned driver completes each stop, they are required to capture a proof-of-delivery (POD) photo. POD photos are stored on our object-storage servers and are visible only to the person who created the run, the assigned driver, and Dylzapp administrators (for dispute and abuse review) — they are accessed through short-lived signed links and are never made public. By using this feature, drivers agree to capture POD photos that depict only the delivered package and its drop location and not to photograph people, building interiors, or anything beyond what is needed to confirm delivery.
  • Business / Client Tagging & Driver Documentation: When creating a delivery run, the creator may optionally tag it with a business or client name and contact (e.g. a phone number or email) so the work can be grouped for the driver. Dylzapp generates two informational documents for drivers from their own completed activity: a Weekly Invoice (per business, listing the runs performed, miles, and amounts owed, plus the driver's own public payment handles) that the driver can print and give to the business, and an Earnings Summary (the driver's completed trips and totals). These are records of the driver's own activity, are visible only to the driver (and, where applicable, the business the driver chooses to share a printed invoice with), and are not official tax or accounting documents.
  • In-App Chat Messages: The "Messages" feature lets you exchange direct messages with another Dylzapp user (most commonly a rider ↔ driver during a ride or delivery). We store: the text of each message, location pins you choose to share, trip quotes you generate, payment-status confirmations you record, "Pickup Pass" handoff codes you generate, peer-reward gift cards you send, and the timestamps of each message. Messages are visible to you, to the other participant in the conversation, and to Dylzapp administrators for safety, abuse, and dispute-review purposes. Do not share information in chat you would not want a Dylzapp administrator or the other party to see. Automatic message clearing: when a driver marks a trip complete, the conversation is automatically cleared from both participants' inboxes and its messages are hidden from both of you — only a short "Trip completed" note and the corresponding Trip History entry remain. Hidden (archived) messages are retained on our servers for up to 30 days for safety, abuse, and dispute review, after which they are permanently and automatically deleted. You may also manually delete any conversation from your inbox at any time (this removes it from your inbox only; the other participant keeps their copy until they delete it or it is cleared by a completed trip). A conversation reappears for you only if a new message is sent in it. Deleting your account removes you as a participant and obscures your display name in the conversation for the other party.
  • Driver Live Status & Continuous Location (Driver Directory only): When you (as an approved driver) toggle "Go Live" from the Driver Dashboard, Dylzapp begins continuously collecting your device's precise location so we can place your pin on the map for nearby riders and refresh it roughly every 8–12 seconds. On native iOS/Android we use the @capacitor-community/background-geolocation plugin so this tracking continues while the app is backgrounded or the screen is locked — that is the entire purpose of going live. Tracking stops automatically when you tap "Go Offline," uninstall the app, or revoke location permission at the OS level. We never collect background location from non-driver consumer accounts. See Section 6 ("Your Rights and Choices") for how to disable this at any time.
  • Pickup Pass Codes (Deliveries): When a rider in a deliveries chat taps "Generate Pickup Pass," Dylzapp generates a short alphanumeric code (we drop visually-ambiguous characters like 0, 1, I, O for store-cashier readability) and bundles it with the rider's stated name, an optional order note, and the driver's name / vehicle summary. The code is shared inside the chat thread only, used once at the store, then marked "used." It is not sold, transmitted to third parties, or used for any purpose beyond facilitating that single delivery handoff.
  • Peer-to-Peer Rewards & Affiliate-Business Claims: The Peer Rewards feature lets one user send another user a one-time-redeemable code (a "reward") inside chat — for example, a friend forwarding a coupon code. We collect the reward's title, optional description, code value, optional business name, optional business URL, optional expiration in days, and the sender/recipient user IDs. Sent rewards appear in the recipient's /my-rewards inbox and (when sent inside a conversation) as a chat bubble. If you also claim a business as an "affiliate," we collect the business name you claim, an optional verification URL, and your user ID; an administrator reviews each claim, and approved claims flag any reward you've ever sent under that business name with a "Verified Affiliate" badge. Dylzapp does not handle or hold any monetary value associated with rewards — redemption happens directly with the issuing business.
  • Trip Ratings & Comments (Driver Rating System): After a settled trip (a chat thread in which a driver has confirmed "payment received"), both parties may rate each other 1–5 stars with an optional 280-character comment. We store the star rating, the optional comment text, both user IDs, the conversation ID, the timestamp, and a flag indicating whether the rated user is a verified driver. Aggregate statistics (average rating, total rating count, low-rating flag) are computed from these ratings and cached for fast lookup. Ratings and comments are public: they appear on the rated user's driver mini-sheet on the map, in the chat thread header, and on the rated user's driver dashboard. Comments are displayed using an anonymised attribution (first name + last initial of the rater) — your full name, email, and user ID are never displayed publicly alongside a comment. If your average rating drops below 3.5 stars after 5 or more ratings, your account is surfaced to a Dylzapp owner-only triage queue for review (this is a flag for human review — it is NOT an automatic suspension).
  • Reservations ("Reserve with Dylzapp"): When you request a reservation at a restaurant — in Individual Mode or Crew Mode — we collect the reservation date, time, party size, the name and phone number you enter, an optional special-request note, the restaurant identity (and any originating deal), and your user ID. If the restaurant has been claimed on Dylzapp, we share these reservation details with that verified business owner so they can Confirm or Decline the booking, and we notify both parties in-app of status changes. If the restaurant is not claimed, Dylzapp records the reservation and shows you the venue's public phone number so you can call to confirm — we do not transmit your details to unclaimed venues. In Crew Mode, the reservation summary (venue, date, time, party size, status) is posted to your crew's chat and is visible to crew members. Dylzapp facilitates the request only and does not guarantee a table.
  • Delivery, Pickup Pass & Proof of Delivery: When you create or receive a delivery run (single or multi-stop) we collect pickup and drop-off addresses and coordinates, recipient names/notes you enter, optional Pickup Pass details (store name, order reference, item description, and the customer the order is for), the generated pass code, and route mileage. To complete a stop, the assigned driver uploads a proof-of-delivery photo, which we store in object storage and make viewable (via short-lived signed links) to the run's creator and the assigned driver only.
  • Courier Payout Handles & Contact Phone: Drivers may add payout handles (e.g., Venmo, Cash App) and an optional contact phone number to their driver profile. These are private: a driver's payout handles and phone are disclosed only to a business/user that has actually dispatched or accepted that driver for a run (shown on the quote and active-run screens), and are never listed in the public driver directory.
  • Fleet & Roster Membership: If you operate or join a fleet, we collect the fleet name, join code, owner and member user IDs, and (for business-managed rosters) the drivers you add — including drivers you select from another fleet's roster. Only the driver themselves can see the full list of every fleet/roster they belong to; a business owner sees only their own roster.

2.2 Information Collected Automatically

  • Location Data: With your permission, we collect precise geolocation data from your device to show you nearby deals and calculate distances. For consumer accounts this collection is foreground-only (active while you have the app open). Approved drivers who toggle "Go Live" consent to continuous location collection while their live session is active — see the "Driver Live Status & Continuous Location" entry in Section 2.1 for the full scope. You can disable location services in your device settings or revoke the always-on permission at the OS level at any time; doing so will hide the relevant features but will not delete prior data.
  • Usage Data: We collect information about how you interact with the Service, including deals viewed, deals saved/bookmarked, deals shared, search queries, survey responses, and features used.
  • Device Information: We collect information about your device, including device type, operating system, browser type, and unique device identifiers.
  • Push Notification Tokens: With your permission, we collect device push notification tokens (Apple Push Notification service tokens on iOS, Firebase Cloud Messaging tokens on Android) to send you deal alerts and updates.
  • QR Poster Scan Analytics: When you visit a business's public page via a QR-code poster link (URLs containing ?ref=poster), we log an anonymized scan event to help business owners understand how their posters are performing. The scan event stores a timestamp, the user-agent string (device type/browser), and a one-way SHA-256 hash of your IP address (salted with the business ID) so that unique visitor counts can be computed without retaining your actual IP. These scan events are visible only to the claimed business owner and Dylzapp administrators.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns.
  • Local Preferences: Non-sensitive user preferences — such as your selected search radius (in miles) for discovering deals and businesses, saved map location, Deal Radar enable/disable state, and last viewed filters — are stored locally on your device (browser localStorage or native app storage) and are not transmitted to our servers.

2.3 Information from Third Parties

  • Google Maps: We use Google Maps API to display maps and calculate distances. Google may collect information according to their privacy policy.
  • Google Places: We use the Google Places API (New) to automatically discover and display local business information, including business names, addresses, phone numbers, websites, operating hours, ratings, and photos. This data is cached in our database to provide faster service. Business photos are downloaded and stored permanently on our servers.
  • Payment Processors: Stripe provides us with limited transaction information to confirm payments and prevent fraud.
  • Social Media Imports: When business owners use our social media import tool, we scrape publicly available deal information from social media URLs (such as Instagram and Facebook posts) to create deal listings. We do not access private social media accounts or messages.
  • Google Business Profile: With explicit authorization via OAuth, business owners may connect their Google Business Profile to import business information and promotions.
  • Uber and Lyft: We provide deep links to Uber and Lyft ride-hailing services so you can easily get a ride to a business. When you tap these links, you leave Dylzapp and are redirected to the respective ride app. We do not collect any data from these ride services, and your use of Uber or Lyft is governed by their respective terms and privacy policies.
  • Ticketmaster and Live Nation: For event-type deals (concerts, shows), we provide deep links to Ticketmaster and Live Nation event pages so you can purchase tickets directly. When you tap these links, you leave Dylzapp. Dylzapp may earn affiliate revenue when a ticket is purchased through these links. Your interaction with Ticketmaster or Live Nation is governed by their respective terms and privacy policies.
  • AI-Powered Deal Discovery (Tavily Search + Anthropic Claude): Dylzapp administrators may use AI tooling to automatically discover and summarize publicly-available deal information about businesses on the platform. We send the business name and address to Tavily (a web-search API), retrieve public web-page snippets and image URLs, and pass those to Anthropic's Claude language model to extract structured deal data (title, description, discount, event date, ticket URLs, deal-specific image URL). Only the business identity is sent — no consumer personal data — and the extracted data is reviewed and approved by an administrator before becoming visible. For claimed entertainment and sports venues, Dylzapp also runs this discovery automatically on a daily schedule and auto-publishes the highest-confidence event deals so concerts, shows, and games stay current without manual work. Source URLs are stored alongside each auto-imported deal so any item can be audited back to its original source.
  • Crash & Error Reporting (Sentry): When the app encounters an unexpected error or crash, Dylzapp sends an anonymized diagnostic event to Sentry (a third-party error-monitoring service) so we can fix bugs quickly. Each event contains: the error message and stack trace, the device type / operating system / browser, a coarse code path (e.g. which screen was active), and a Sentry-generated event ID. We strip out personal data before transmission — email addresses, IP addresses, authentication tokens, request bodies, and other sensitive headers are removed or replaced with `[REDACTED]` by both the client and server SDKs before the event leaves your device or our server. Sentry retains crash data for up to 90 days. You can opt out by disabling the app or contacting us; for native iOS/Android crashes, this monitoring activates only after the app is launched.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Show you deals and promotions near your location
  • Process your account registration and authentication
  • Enable business owners to create and manage deals
  • Process payments for premium features (extended deal reach)
  • Send native push notifications about new deals via Apple Push Notification service (iOS) and Firebase Cloud Messaging (Android), with your consent
  • Send transactional emails (email-address verification at sign-up, new-email confirmation when you change your email, payment receipts, and other account confirmations)
  • Track deal views, shares, saves, and engagement for analytics
  • Power AI-assisted features such as deal description generation and social media content import using third-party AI services (OpenAI), and AI-powered automatic deal discovery using Tavily Search and Anthropic Claude (administrator-initiated and daily-scheduled for claimed entertainment / sports venues — see Section 2.3 for details on auto-published event deals)
  • Enable QR code scanning for deal redemption and verification
  • Conduct user surveys to improve the Service
  • Generate printable marketing posters with unique QR codes for claimed businesses, and provide those business owners with aggregated scan counts and daily scan trends so they can measure poster performance
  • Deep-link users (via iOS Universal Links and Android App Links) from physical QR scans, website visits, or shared links directly into the Dylzapp app when it is installed on the device
  • Display public business pages (at /business/[business-id]) that show the business's name, address, operating hours, photos, ratings, and currently-active deals. These pages are accessible without a Dylzapp account and may be indexed by search engines
  • Store and process deal reminders you set, including the scheduled date/time, and send push notifications at the scheduled time and 15 minutes before
  • Facilitate business claiming through ownership verification: we compare the email domain on your account against the business's official website domain and send a verification code to that matching business email address
  • Display real-time business status (open/closed) based on operating hours data from Google Places
  • Allow users to suggest updates or corrections to business information via email
  • Operate the crowdsourced "Cheap Gas" feature: accept gas-price reports from authenticated users, attribute each report to the reporting user, award points for accepted reports, compute rolling leaderboards, and display the most-recent reporter's first name (a "Last reported by …" credit) on each station card. Points have no cash value and are forfeited if the account is deleted or found to be submitting fraudulent reports
  • Maintain a "Payment Allowlist" — an admin-controlled list of partner email addresses that receive Featured Deals and Extended Reach for free. The allowlist stores only the boolean flag against your existing account; no extra personal data is collected. Allowlisted status may be granted or revoked by Dylzapp administrators at any time and is recorded in our internal payment ledger as a comped transaction whenever a comped feature is activated, so we can audit and reconcile partner usage
  • Operate the Driver Directory: review applicant ID + selfie photos to verify identity, place approved drivers' live pins on the map, surface their public profile (display name, vehicle, rate, payment handles), and deliver in-app messages between riders and drivers
  • Deliver in-app chat messages between Dylzapp users, including specialized chat payloads (location pins, trip quotes, payment-status confirmations, pickup-pass handoff codes, and peer-reward gifts) and send push notifications to the recipient when a new message arrives
  • Compute and surface trip ratings: aggregate 1–5 star ratings into average and count statistics, display public anonymised comments on the rated user's profile, and flag users whose average drops below 3.5★ after 5+ ratings to an owner-only review queue (no automatic suspension)
  • Deliver and track peer-to-peer reward gifts (one-time redeemable codes sent between users in chat), expire them lazily based on the sender-selected TTL, and back-fill a "Verified Affiliate" badge on previously-sent rewards when an administrator approves the sender's business claim
  • Detect, prevent, and address fraud and security issues
  • Comply with legal obligations

4. How We Share Your Information

We may share your information in the following circumstances:

  • With Business Owners: Aggregated and anonymized analytics about deal performance (views, shares) are shared with business owners who created those deals. For claimed businesses that distribute QR posters generated through Dylzapp, the claimant is shown aggregated scan counts (total, last 7 days, last 30 days), an approximate unique-visitor count for the last 30 days (computed from hashed IP addresses), and a daily scan breakdown for sparkline charts. No personally-identifying information about individual scanners is shared.
  • Public Leaderboard & Reporter Credits (Cheap Gas): If you submit gas-price reports, your first name and profile photo appear publicly on the rolling 7-day Top Reporters leaderboard (visible to all consumers on the /gas page) and as the "Last reported by …" credit on the gas-station card you most recently reported. Your point total and report count are also displayed. Your email address, full name, and IP address are never shown. Removing all of your gas reports (or deleting your account) removes you from these public displays.
  • Internal Platform Reporting (Admin-Only): Dylzapp administrators may view and export aggregated, non-personal reports of business coverage on the platform — including business names, addresses, city/state, business types, claimed/unclaimed status, star ratings, and price levels sourced from Google Places. This "Area Snapshot" report is used solely for internal business development and outreach. It does not contain consumer personal information.
  • With the Other Party in a Chat: When you start or accept a chat conversation, the other participant can see your display name, profile photo, any messages and location pins you send, any trip quotes / payment confirmations / pickup-pass codes / peer rewards you exchange, and (if you are an approved driver) your public driver profile fields including vehicle summary and payment handles. Treat the chat as visible to that user.
  • Public Driver Profile (Driver Directory): Approved drivers' display name, profile photo, short bio, service categories, vehicle summary (year/make/model/color and last 3 of plate), pricing, payment handles, "Paid Verified" badge status, current "Go Live" coordinates (while live), and rating aggregate (average + count) appear publicly on the Dylzapp map for any user nearby. Your government-issued ID photo is never shown publicly — it is admin-review material only. Your verification selfie is used as your rider-facing driver photo: it is shown to a rider once they request a service from you (start a chat), and, only if you enable the optional "Show my photo on the map pin" setting, on your public live map pin.
  • Public Rating Comments (Driver Rating System): If you write an optional comment when rating another user 1–5 stars, that comment is publicly visible on the rated user's profile. Your full name, email, and user ID are not shown alongside the comment — only your first name and last initial (e.g. "Alex S.").
  • Service Providers: We share information with third-party vendors who perform services on our behalf, including:
    • Stripe (payment processing)
    • Google Maps (mapping services)
    • Apple Push Notification service (iOS push notifications)
    • Firebase Cloud Messaging (Android push notifications)
    • SendGrid (email delivery)
    • OpenAI (AI-powered features)
    • Anthropic (Claude — used for AI deal discovery)
    • Tavily (web-search API used for AI deal discovery)
    • Sentry (crash & error monitoring, with PII stripped)
    • MongoDB (database hosting)
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: We may share information with third parties when you explicitly consent to such sharing.

We do not sell or share your personal information with third parties for marketing purposes.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We will also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Deal content created by business owners is retained until the deal expires or is deleted by the business owner. Expired deals may be retained for up to 90 days for analytics purposes before being permanently deleted.

Feature-specific retention: Driver verification photos (ID + selfie) are retained for the lifetime of an approved driver profile and are deleted (along with the profile) within 30 days of the driver deleting their profile or being permanently removed from the directory. In-app chat messages (including shared location pins, trip quotes, payment-status confirmations, and Pickup Pass codes) are cleared from both participants' inboxes the moment a trip is marked complete, and the underlying messages are permanently deleted within 30 days of being archived (whether archived by a completed trip or by manual deletion); messages in conversations that never reach a completed trip are retained while either participant's account is active. Peer-reward records are retained for the lifetime of either participant's account. Trip History records (a summary of each completed trip — e.g. pickup/dropoff areas, the agreed quote, completion time, and the other party's display name) are retained for the lifetime of the participant's account so you have a durable log after the chat itself is cleared. Driver "Go Live" location pings are not persisted long-term — only your most recent ping is stored on the live-driver record, and that record is cleared the moment you tap "Go Offline." Ratings and rating comments are retained for the lifetime of the rated user's account.

6. Your Rights and Choices

  • Access and Update: You can access and update your account information through your profile settings. Changing your email address requires confirming the new address via a verification link before the change takes effect.
  • Delete Account: You can permanently delete your account and associated data through the Admin Dashboard settings. This action is irreversible.
  • Location Services: You can disable location services in your device settings. Note that this will affect the functionality of showing nearby deals.
  • Driver "Go Live" Tracking: Approved drivers can stop continuous background location collection at any time by tapping "Go Offline" in the Driver Dashboard, by revoking the "Always" location permission for Dylzapp at the OS level, by signing out, or by uninstalling the app.
  • In-App Chat & Rewards: You can revoke a peer reward you sent before the recipient redeems it via the /sent view in your rewards inbox. You can report any reward you receive that looks fraudulent or abusive. Deleting your account removes you as a chat participant from every conversation you're in.
  • Trip Ratings: Trip ratings cannot be edited or deleted by the rater once submitted (preventing retroactive coercion). If you believe a rating violates these terms — for example, was submitted without an actual trip taking place or contains harassment — contact us at info@dylzapp.com and an administrator will review.
  • Push Notifications: You can opt out of push notifications through your browser or device settings.
  • Cookies: You can manage cookie preferences through your browser settings.

7. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmission
  • Secure password hashing using bcrypt
  • JWT-based authentication — HttpOnly cookies on the web app; bearer tokens in secure device storage on the native mobile app
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

Dylzapp is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to these countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: