Privacy Policy

Last Updated: March 22, 2026 | Effective: March 22, 2026 | Versión en español

1. Introduction

NextUp! ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the NextUp! mobile application and associated web services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Merchant Account Data

When you create a Merchant account, we collect:

Business name — to identify your business within the Service
Device timezone — to display accurate timestamps and manage daily usage resets
Merchant identifier — a unique ID generated by our system to manage your account
Language preference — to display the Service in your preferred language

2.2 Subscription and Purchase Data

When you subscribe or make in-app purchases, the following data is processed:

Subscription status and entitlements — which features you have access to
Purchase history — managed by RevenueCat (our subscription management provider) and the applicable app store (Apple App Store or Google Play Store)
Customer ID — a RevenueCat-assigned identifier linking your subscription state

We do not directly collect, process, or store your payment card details, billing address, or other financial account information. All payment processing is handled by Apple, Google, and RevenueCat.

2.3 Customer Queue Data

When Customers join a queue through the Service, they may provide:

Name — to identify the Customer in the queue
Phone number — if requested by the Merchant (optional)
Email address — if requested by the Merchant (optional)
Custom field responses — additional information defined by the Merchant (e.g., party size, seating preference)

The specific data collected from Customers varies based on what each Merchant configures for their queue. Merchants are responsible for ensuring their data collection practices comply with applicable laws.

2.4 Device and Technical Data

We automatically collect certain technical information:

Device push notification token — to send real-time notifications about queue updates
Device platform — iOS or Android, to deliver platform-appropriate notifications
Browser language/locale — for Customer web app language detection
Web push subscription data — endpoint URL and encryption keys for browser push notifications

2.5 Usage Data

We collect aggregate usage information:

Daily queue entry counts — to enforce usage limits and provide usage analytics
Queue activity timestamps — when entries are created, called, and completed

3. How We Use Your Information

Data	Purpose
Business name	Display to Customers when they scan your QR code or access your queue
Device timezone	Accurate timestamps and daily usage limit resets
Subscription data	Determine feature access and entitlements
Customer queue data	Manage queue positions, notify Customers, display information to Merchants
Push notification tokens	Deliver real-time queue status updates
Usage data	Enforce usage limits, provide analytics, improve the Service
Language preference	Display the Service in your preferred language

4. Third-Party Services

We use the following third-party services that may collect and process your data in accordance with their own privacy policies:

Service	Purpose	Data Processed
RevenueCat	Subscription and purchase management	Customer ID, purchase history, subscription status, entitlements
Firebase Cloud Messaging	Push notifications for Merchants	Device token, platform identifier
Apple App Store	App distribution and payment processing (iOS)	Purchase and subscription data per Apple's privacy policy
Google Play Store	App distribution and payment processing (Android)	Purchase and subscription data per Google's privacy policy
Amazon Web Services (AWS)	Backend infrastructure and data storage	All Service data is stored on AWS servers

We use the information collected by these services solely for the purposes described above and do not share your personal data with any other third parties for marketing or advertising purposes.

5. Data Security

We implement reasonable technical and organizational security measures to protect your personal information, including:

Encrypted storage of authentication tokens on your device (platform-level secure storage)
Secure HTTPS connections for all data transmission
Access tokens with expiration and refresh mechanisms

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your information only as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

Merchant account data — retained while your account is active and for a reasonable period after account deletion
Customer queue data — retained while the queue entry is active; Merchants may delete individual entries at any time
Push notification tokens — removed when you log out or uninstall the application
Usage data — retained for analytics and service improvement purposes

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your personal data
Portability — Request a copy of your data in a structured, machine-readable format
Objection — Object to certain processing of your personal data

To exercise any of these rights, please contact us at info@stea.cr. We will respond to your request within 30 days.

For California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have the right to know what personal information is collected, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us at the email above.

For European Economic Area Residents (GDPR)

If you are in the EEA, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is your consent (provided when you use the Service) and our legitimate interest in operating and improving the Service.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us at info@stea.cr.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States (where our cloud infrastructure provider operates) and Costa Rica (where we are based). These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to these countries.

10. Do Not Track

The Service does not respond to Do Not Track signals. We do not use third-party advertising tracking. We do not track users across third-party websites.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after we post changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

info@stea.cr

NextUp!
Costa Rica