Flash Grub™ Inc. (“Flash Grub,” “Company,” “we,” “us,” or “our”) is a Delaware corporation. This Privacy Policy describes how we collect, use, and protect personal information across all current versions of our mobile application.
1. Scope
This Privacy Policy covers all current versions of the Flash Grub application, including services currently available in New York State.
We may collect email addresses from individuals who express interest in future Android availability via our website. This information is used solely to notify users of Android launch availability and is not shared with third parties or used for any other purpose.
2. Information We Collect
We collect information only if voluntarily provided:
- Contact Information: Name, email, phone number (for verified users only)
- Platform Usage Information: User type (business or buyer), surplus and pre-order meal preferences
- Technical Information: IP address, device/browser type, limited app usage analytics.
- Device Permissions: The app requests native iOS permissions for the Camera (to scan QR codes) and Face ID (for biometric login verification). This biometric data is processed entirely locally on your device by iOS and is never transmitted to or stored on our servers. Face ID authentication is managed entirely by Apple’s iOS framework. Flash Grub never accesses, processes, or stores biometric facial data. Images captured via the camera are not stored, transmitted, or retained by Flash Grub in any form. The camera is accessed solely in real time for QR code scanning purposes.
- Analytics: Usage patterns, feature interactions, and crash reporting
- Wallet & Transaction Data: When you use the Flash Grub Wallet, we collect records of wallet funds loaded (including Quick Reload transactions), purchase history, transaction records, and wallet balance in U.S. dollars. This data is associated with your account and is retained in accordance with Section 7 of this Policy.
- Payment Method Information: We do not store full payment card details. Payment transactions are processed by Stripe. We retain a record of the payment method type and last four digits solely for the purpose of transaction tracking, accounting, and security verification.
The Service is currently available on iOS. Data is processed and stored using secure third-party cloud providers including AWS and Firebase. Login credentials remain securely stored and protected.
We use analytics tools, including Firebase, to help us understand how the app is used, improve features, and monitor performance. These tools may collect technical information such as device type, IP address, app interactions, and crash reports.
Users are assigned an anonymous ID for analytics and reporting purposes. This ID is separate from login credentials and cannot be used to identify an individual. Login credentials remain securely stored and protected.
Our website is primarily informational. However, business registration submissions made via the For Businesses page are collected and processed through our secure backend infrastructure solely for the purpose of partner onboarding and eligibility verification.
We do not use these tools or data to track personal information for marketing purposes, and we do not sell your personal information. For operational or analytical purposes, we may share aggregated or anonymized behavioral data, which cannot be linked back to individual users.
- Sensitive Data: We do not collect sensitive personal data, real credit card information beyond what is described above, or precise geolocation at this stage.
3. How We Use Information
Collected data is used to:
- Facilitate and improve the user experience
- Verify eligibility (e.g., business EIN verification)
- Communicate updates, gather feedback, and troubleshoot issues
- Ensure safety, integrity, and compliance of our platform
- Support secure login via Face ID or QR/barcode scanning (verified users only)
- Process wallet transactions, Quick Reload requests, and maintain your secure digital wallet balance
- Comply with applicable financial record-keeping and unclaimed property laws
We do not sell your data or use it for advertising purposes.
Consent: By participating in the platform operations, users consent to the collection and use of their information as described in this Privacy Policy.
4. Third-Party Role / Liability
Flash Grub acts solely as a technology platform connecting users and businesses:
We do not prepare, handle, or deliver food, and have no control over the quality, safety, or suitability of products or services.
Users and businesses engage directly. Flash Grub is not liable for any claims, damages, losses, or disputes arising from these transactions.
5. Payment Processing
All payments are processed securely via Stripe. Flash Grub does not store or access your credit card information. All transactions are processed in real time using Stripe’s live payment infrastructure. Users agree to
Stripe’s Terms of Service,
Privacy Policy, and
Security Guidelines. The same security and fraud prevention protections are applied across all transactions on the platform.
Wallet Transactions & Quick Reload: When you load funds to your Flash Grub wallet — including via Quick Reload at checkout — the transaction is processed by Stripe. Flash Grub retains a record of the transaction amount, date, payment method type, and last four digits of the payment method solely for the purposes of account management, transaction verification, and compliance with applicable financial record-keeping requirements.
Wallet Cash & Plans: All monthly plan payments and Quick Reloads are added as Wallet Cash in U.S. dollars to your Flash Grub Wallet. Your balance never expires and remains available for future meal purchases while your account remains active. Wallet Cash is non-refundable once loaded, except where required by applicable law.
Order Cancellation Window: All purchases include a 15-minute cancellation window from the time of order placement. For Wallet users, your balance is debited immediately to reflect your real-time balance and instantly returned if cancelled within this window. For Direct Payment users, no charge is applied to your payment method during this period. After 15 minutes, all sales are final, except in cases of verified duplicate charges or verified order non-fulfillment by the business.
Direct Payment Transactions: For Free Plan users only who choose to pay directly via credit card, debit card, or Apple Pay without using the Flash Grub Wallet, your payment method is placed on hold at the time of order placement. After the 15-minute cancellation window, your payment method is charged and all sales are final. Refund requests are not automatically granted. Any refund request must be submitted in writing to
legal@flashgrub.com within 48 hours of purchase and must include the transaction date, order details, and reason for the request. Flash Grub reserves the right to review, approve, or deny any refund request at its sole discretion. Approved refunds are issued exclusively as Wallet Cash and are not returned to the original payment method. Direct payment transactions are processed securely by Stripe. Flash Grub does not store full card details for direct transactions.
Wallet Terms: All Wallet Cash loaded to the Flash Grub Wallet is non-refundable once added, except as may be required under applicable NY abandoned property law.
6. Sharing of Information
We may share limited data only for operational or legal purposes:
Data is never shared with advertisers or external third parties for promotional purposes.
7. Data Storage & Security
Information is stored in the U.S. using secure third-party infrastructure (e.g., AWS, Firebase). Standard safeguards are implemented, and reasonable administrative, technical, and physical safeguards protect collected information, though no system is completely secure.
Wallet & Financial Record Retention: Records of wallet transactions, Quick Reload activity, wallet load history, and related payment data are retained for a minimum of five (5) years from the date of the transaction, regardless of whether the associated account has been deleted. This retention is required for compliance with applicable financial, tax, and unclaimed property laws. Retained financial records are stored securely and are not used for marketing or shared with third parties except as required by law.
All other personal data associated with a deleted account is removed in accordance with our standard account deletion process as described in Section 8.
8. User Rights
Users may:
- Access & Correct: Request access to or correction of personal data
- Delete: You can permanently initiate account deletion at any time directly inside the app via the Settings menu. Upon requesting deletion, your personal profile and account credentials will be deactivated immediately. Any remaining Wallet Cash balance or related financial transactions will be handled, processed, or safely retained strictly in accordance with the regulatory and financial compliance laws detailed in Section 7 of this Policy.
- Withdraw: Exit the application footprint at any time by deleting the application from your device.
- Contact: Users may submit requests via legal@flashgrub.com
9. Governing Law
This Privacy Policy is governed by New York State law.
10. Age Restriction
The app is intended for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18.
11. Updates to This Policy
We may update this policy as needed. Significant changes will be communicated to users via email or clear in-app notifications.
12. Contact Us
If you have any questions or concerns, contact:
Flash Grub™ Inc.
legal@flashgrub.com
New York, NY 10018, USA
