Privacy Policy

Last updated: May 8, 2026

This privacy policy explains what information Pelican Lockers, a service of Pelican Beach Resort Owners Association, Inc. (“we,” “us”), collects when you use the Pelican Lockers mobile application or rent a locker through our service (the “Service”), how we use that information, and your rights.

1. Information we collect

• Phone number. Required to log in. We send a six-digit one-time code (OTP) via SMS so we can verify it’s you.
• Email address (optional). Provided at the payment step if you want a receipt or rental-confirmation email.
• Payment information. Card number, expiry, and CVC are entered into Stripe’s payment sheet inside the app. We never see or store these directly. We retain only Stripe’s payment-intent identifier and the amount charged.
• Rental data. Which locker you rented, when, for how long, whether you paid an overage, and any unlock attempts (success or failure) tied to your account. Used to operate and bill the Service.
• Bluetooth. The app scans for nearby locker hardware to confirm you’re close enough to unlock. We do not retain Bluetooth scan results.

What we do not collect: precise location, advertising identifiers, contacts, photos, microphone, or any data from third-party trackers. The app contains no analytics SDK or advertising network.

2. How we use your information

• Authenticate you (phone OTP) and let you rent / unlock lockers.
• Process payments through Stripe.
• Send transactional messages: rental confirmation email (if you opt in) and a 15-minute expiry-warning SMS.
• Operate the locker hardware, log unlock events, and resolve disputes.
• Notify our administrators when a rental is significantly past its expiry so the locker can be cleared.

3. Who we share it with

We share data only with vendors that help us run the Service:

• Stripe — payment processing. Their privacy notice applies to the card data they handle.
• ClickSend — outbound SMS delivery (OTP and expiry reminders).
• SMTP2GO — outbound email delivery (rental confirmations, admin alerts).
• Laravel Cloud — hosting and database storage in the United States.

We do not sell your data, and we do not share it for advertising purposes.

4. Retention

Rental records, payment records, and unlock logs are retained for a minimum of 12 months for billing, audit, and chargeback-defense purposes, and indefinitely thereafter unless you request deletion.

5. Your rights

• Delete your account. Visit our Delete Account page for instructions, or email [email protected] directly.
• You can request a copy of the data we hold about you by emailing [email protected].
• You can stop using the Service and uninstall the app at any time. Active rentals continue until ended; unfinished payments are not refunded automatically.

6. Security

All connections to our servers use HTTPS. Database storage is encrypted at rest by our hosting provider. Stripe handles all payment-card data under PCI-DSS Level 1 standards.

7. Children

The Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has used the Service, contact us and we will remove the account.

8. Changes

We may update this policy. The “last updated” date above will change, and continued use of the Service after the update constitutes acceptance of the revised policy.

9. Contact

Questions about this policy: [email protected].