Privacy Policy

1. Who we are

This Privacy Policy applies to the Dandy Hats mobile application (the “App”) and the verifydandy.com website operated by Enovate Consulting (“we,” “us,” “our”) on behalf of Dandy Hats. It explains what information we collect when you tap a Dandy NFC tag or use our App, how we use it, and your choices about that information.

2. Information we collect

We collect only the data needed to authenticate products and operate the App.

• NFC tag data: when you tap a Dandy hat, we read the tag's unique identifier and its physical chip serial number. We use this to confirm the product is authentic. The chip serial is stored only as part of the validation record.
• Account data (optional): if you choose to register a product or join the rewards program, we collect your name, email address, phone number, and shipping address. You may sign in with email, phone, Discord, Google, or Apple. When you use a social sign-in, we receive only the basic profile information that provider returns (display name, email, avatar) — never your password.
• Device and tap metadata: for fraud detection and analytics, we record the IP address, approximate location (country), user-agent, and timestamp of each tag tap.
• App usage: in-app screens you visit and basic crash diagnostics. We do not use third-party advertising trackers.

3. How we use information

• To verify whether a tapped tag is an authentic Dandy product.
• To detect counterfeit tags and protect customers from knockoffs.
• To deliver the rewards, registration, and product transfer features when you opt in.
• To improve App reliability (debug logs, error reporting).
• To respond to support requests you send us.

4. How we share information

We do not sell your personal information. We share data only with:

• Service providers who host or support our infrastructure (Supabase, Cloudflare, Vercel, Branch, Google, Apple). They process data on our behalf under contractual confidentiality and security obligations.
• Dandy Hats, the brand owner, in aggregate or anonymized form for analytics, and at the individual level only for accounts that the user themselves created.
• Legal authorities when required by law or to protect rights, property, or safety.

5. Data retention

We keep tag-tap records and authentication logs for as long as the product is in market plus a reasonable period for fraud analysis. Account data is kept while your account is active; you may request deletion at any time (see contact below).

6. Your rights and choices

• You can request access to, correction of, or deletion of your account data by emailing us.
• You can revoke social sign-in connections from your provider's account settings.
• You can disable NFC on your device at any time. The App will not collect tap data when NFC is off.
• If you are in a jurisdiction with additional rights (e.g., EU/UK GDPR, California CPRA), you may exercise those rights by contacting us.

7. Children

The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it.

8. Security

We use industry-standard security practices including TLS for data in transit, encrypted databases at rest, and access controls. No system is perfectly secure; if we discover a breach affecting your information, we will notify you as required by applicable law.

9. International transfers

Data may be processed in the United States or other countries where our service providers operate. By using the App you consent to such transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated through the App or by email.

11. Contact

If you have questions about this policy or wish to exercise any of the rights above, contact us at info@scanacart.com.