RubblerubbleBack to Home

Privacy Policy

RUBBLE – PRIVACY POLICY

Effective Date: September 25, 2025

Operator/Entity: Zoot, LLC d/b/a "Rubble" ("Rubble", "we", "us", "our").

Primary Contact Email (all notices & support): matthew@userubble.com

Office Address (all notices): 5379 Terence Ct, Bloomfield Hills, MI 48302

Governing Law & Arbitration Seat (default): Michigan law; binding arbitration seated in Oakland County, Michigan, AAA Commercial Rules; jury-trial waiver; class-action/collective waiver.

Marketplace Status (conspicuous): Rubble is a marketplace/intermediary only; Rubble is not a carrier, broker of freight, contractor, material supplier, professional engineer, or waste transporter. Users contract directly with independent Sellers and Haulers. Rubble does not dispatch, route, supervise, or control third-party services and never assumes possession or custody of Materials.

0. Purpose; Order of Precedence; Incorporation

0.1. Purpose

This Privacy Policy explains how Rubble collects, uses, shares, secures, and retains information about Users (as defined below) of the Rubble Platform and Services, and describes choices and rights available to Users under applicable law.

0.2. Order of Precedence

If a conflict arises between this Privacy Policy and any other Rubble document: (1) Terms of Service control; (2) the subject-matter policy (e.g., Cookie Policy for cookies; DPA for processor services); (3) this Privacy Policy; (4) the policy most directly on point; (5) order confirmation; (6) Help Center articles.

0.3. Incorporation

This Privacy Policy is incorporated by reference into the Terms of Service ("Terms") and is part of the unified Rubble Policy Stack listed therein (including the Cookie Policy, Data Processing Addendum ("DPA"), Law Enforcement & Subpoena Guidelines, Security Incident Response Notice, DSR/Privacy Request SOP, and other policies referenced in §25).

1. Definitions (Privacy Context; supplements Master Glossary)

1.1. User: Any individual or entity accessing or using the Platform (including Buyers, Sellers, Haulers, Owners, Contractors, site representatives, visitors).

1.2. Personal Information ("PI"): Information that identifies or is reasonably capable of being associated with a particular individual or household (e.g., identifiers, commercial data, geolocation, in-app communications), as defined by applicable law.

1.3. Sensitive PI: Certain PI subject to heightened protection (e.g., precise geolocation, government IDs, financial account numbers with access codes, biometric templates used for identity verification).

1.4. Processing: Any operation performed on PI (collection, use, storage, disclosure, deletion, etc.).

1.5. Controller / Business: When Rubble determines the purposes and means of Processing (e.g., account management, fraud prevention).

1.6. Processor / Service Provider: When Rubble processes PI on behalf of an enterprise client under a DPA.

1.7. Sell / Share: As defined by applicable U.S. state privacy laws (e.g., "share" for cross-context behavioral advertising).

1.8. Targeted Advertising: Displaying ads based on PI obtained from activity across non-affiliated services.

1.9. Platform: The Rubble apps, websites, APIs, and related services, features, and technology, including in-app messaging, photos, GPS/telematics, and evidence tools.

1.10. GPC: Global Privacy Control signal used to express certain opt-out preferences for "sale/share" or targeted advertising.

2. Who We Are; One Marketplace, Many Independent Parties

2.1. Marketplace Role

Rubble operates a marketplace that connects independent Buyers, Sellers, and Haulers. Rubble does not provide carrier or contracting services and is not responsible for third-party conduct.

2.2. Independent Parties

Counterparties you interact with via Rubble (e.g., Sellers, Haulers, labs, facilities) are independent controllers for their own Processing of your PI. Their privacy practices are not governed by this Privacy Policy.

3. Categories of Information We Collect

3.1. Identifiers & Contact: Name, username, email, phone numbers (including SMS-capable), mailing/billing/shipping addresses, government ID segments where lawful and necessary for KYC/AML.

3.2. Commercial & Transactional: Orders, quotes, prices, payments and payouts, taxes/withholding, refunds/chargebacks, dispute outcomes.

3.3. Financial: Last 4 digits of payment cards, masked bank account details and tokens via payment processors; payout account information for Sellers/Haulers (kept by vetted processors).

3.4. Device/Network: IP address, device IDs, app version, OS, browser, language, network info, crash logs, diagnostic data.

3.5. Geolocation & Telematics: GPS coordinates and breadcrumbs (opt-in for certain roles), speed, heading, timestamps to support delivery verification, Proof Packages, and safety.

3.6. Photos/Video/Audio: Time-stamped site photos/video, optional audio notes, recordings for safety and dispute resolution, subject to redaction standards.

3.7. In-App Content: Messages, instructions, special placement consents, signatures, e-sign acknowledgments, review/ratings content, listing photos/descriptions.

3.8. KYC/AML & Compliance: Sanctions screening matches, identity checks, driver's license images where permitted, insurance COIs and endorsements, DOT numbers, vehicle plates.

3.9. Environmental/Regulatory: Chain-of-custody documents, manifests, lab results, scale tickets, facility approvals (uploaded by Users).

3.10. Analytics & Cookies: Site/app usage, events, referral URLs, session replay in limited areas (excluding payment fields), as detailed in the Cookie Policy.

3.11. Sensitive PI (limited): (a) precise geolocation for telematics features, (b) government ID images for KYC where lawful, (c) biometric templates only if expressly enabled for verification. We do not use Sensitive PI for targeted advertising or to infer protected characteristics.

4. Sources of Information

4.1. Direct from You. Account setup, orders, messages, uploads, forms, support tickets, consents, signatures.

4.2. Automatically. Device/usage data, cookies/SDKs, telemetry when features are enabled.

4.3. From Others. Counterparties (Sellers/Haulers/Buyers), identity verification vendors, payment/payout processors, mapping/telematics providers, labs/facilities, public records, sanctions/PEP screening partners.

5. Purposes for Use (and Representative Legal Bases)

5.1. Operating the Platform. Account creation, authentication, routing of messages, listings, search/matchmaking, orders, dispatch coordination. (Contract; Legitimate Interests)

5.2. Delivery & Evidence. GPS/telematics, photos/video, scale tickets, lab/COC to prove pickup/delivery, Constructive Delivery, quantity, and timing. (Contract; Legitimate Interests; Legal Obligations)

5.3. Payments & Payouts. Processing charges, calculating fees/taxes, anti-fraud screening, chargeback handling, reserves/withholds. (Contract; Legitimate Interests; Legal Obligations)

5.4. Safety, Security & Integrity. Fraud/abuse detection, sanctions/AML screening, login/transaction risk scoring, content moderation, incident response, auditing. (Legitimate Interests; Legal Obligations; Public Interest where applicable)

5.5. Customer Support & Communications. In-app messages, email/SMS/phone outreach for transactions, receipts, dispute status, policy updates. (Contract; Legitimate Interests; Consent where required)

5.6. Compliance & Enforcement. Responding to legal process; enforcing the Policy Stack; collections; protecting rights, users, property, or safety. (Legal Obligations; Legitimate Interests)

5.7. Product Improvement & Analytics. Diagnostics, A/B testing, crash reports, feature analytics, de-identified/aggregated insights. (Legitimate Interests; Consent where required by local law)

5.8. Marketing (Conservative). Limited first-party marketing about Rubble features and programs; no sale of PI for money. We may "share" identifiers with ad/analytics partners to measure reach—subject to opt-out. (Legitimate Interests; Consent where required)

5.9. Enterprise/API Programs. If you integrate with Rubble as a business, we process business contact details and audit logs. (Contract; Legitimate Interests)

6. Disclosures of Information (Categories of Recipients)

6.1. Transaction Counterparties. Sellers ↔ Buyers ↔ Haulers receive necessary PI (names, business contacts, addresses, order details, evidence) to fulfill an order and handle disputes.

6.2. Service Providers/Processors. Payments/payouts, KYC/sanctions, mapping/telematics, hosting/CDN, analytics, communications, document storage, customer support. Contractual restrictions apply.

6.3. Affiliates & Successors. For corporate operations, compliance, and lawful transfer events (mergers, acquisitions).

6.4. Authorities & Lawful Requests. Law enforcement, regulators, courts, or arbitrators per Law Enforcement & Subpoena Guidelines and Dispute Resolution Policy.

6.5. Third-Party Partners (Limited). For safety, fraud prevention, or to honor opt-in programs.

6.6. Legal & Safety. When necessary to protect our Users, rights, property, or the public, or to investigate violations of the Policy Stack.

7. Sale/Share; Targeted Advertising; Opt-Out

7.1. Monetary Sale. Rubble does not sell your PI for money.

7.2. Share/Targeted Ads. Rubble may "share" limited identifiers and usage data with analytics/ad partners for measurement or targeted advertising about Rubble only. You may opt out at any time via in-app privacy settings, the Cookie banner, or by sending a GPC signal.

7.3. GPC is honored. If we detect a valid GPC, we treat it as a "Do Not Sell/Share" opt-out for that browser/app profile.

7.4. Sensitive PI. We do not use Sensitive PI for targeted advertising or sell/share Sensitive PI.

8. Cookies, SDKs, and Similar Technologies

8.1. Categories. Strictly necessary; performance/analytics; functionality; advertising/measurement.

8.2. Controls. Manage preferences in the Cookie banner or in-app settings and device OS settings for mobile identifiers. See Cookie Policy for details and durations.

8.3. Do Not Track. We respond to GPC but not legacy "DNT" signals.

9. Your Choices & Communications

9.1. Transactional Texts/Emails. By providing your contact information, you consent to receive transactional communications (including order updates and security alerts). You can opt out of marketing emails/SMS while still receiving transactional messages.

9.2. TCPA/CTIA. By opting in to SMS, you consent to receive autodialed texts for transactional purposes; message/data rates may apply; reply STOP to opt out of marketing texts. Quiet-hours compliance is respected where applicable.

9.3. Permissions. You may disable location, camera, microphone, or notifications in device settings; certain features require these permissions to function.

10. U.S. State Privacy Rights (CPRA/CPA/CTDPA/UCPA/VDPA and Similar)

10.1. Right to Know/Access. You may request confirmation and a copy of PI we maintain about you.

10.2. Right to Delete. You may request deletion of PI, subject to lawful exceptions (e.g., transaction records, security, legal holds).

10.3. Right to Correct. You may request correction of inaccurate PI.

10.4. Right to Opt-Out of Sale/Share/Targeted Advertising. Use in-app settings, Cookie banner, or send GPC.

10.5. Right to Restrict Sensitive PI (where applicable).

10.6. Non-Discrimination. We will not discriminate for exercising rights (subject to permitted differences tied to service level or promotions).

10.7. Appeals. If we deny a request, you may appeal via our DSR process.

10.8. Authorized Agents. Where permitted, agents may submit DSRs with verified authorization.

10.9. Verification. We will verify your identity before fulfilling requests (e.g., email/SMS verification, account checks).

10.10. How to Submit. See Schedule D (DSR Procedures) or email matthew@userubble.com with "Privacy Request" in the subject line.

11. Children; Age Restrictions

11.1. 18+ Only. The Platform is for individuals 18 years or older. We do not knowingly collect PI from children. If you believe a minor has provided PI, contact us to delete it.

12. International Transfers

12.1. U.S. Processing. Rubble and many providers process PI in the United States.

12.2. SCCs/IDTA. For cross-border transfers in enterprise contexts, we may execute Standard Contractual Clauses (or equivalent) via the DPA.

12.3. Data Localization. Where laws require local storage/processing, we will assess and implement compliant solutions or decline service in that region.

13. Security

13.1. Safeguards. We maintain administrative, technical, and physical measures designed to protect PI (e.g., encryption in transit, access controls, logging, vulnerability management).

13.2. No Absolute Security. No system is perfectly secure; you are responsible for maintaining the confidentiality of your credentials and promptly reporting suspected compromise.

13.3. Incident Response. Security events are handled per the Security Incident Response Notice; we may notify you and authorities as required by law, without admitting liability.

14. Data Retention

14.1. Principle. We retain PI for as long as needed for the purposes described, to comply with law, resolve disputes, enforce agreements, and support our operations.

14.2. Windows (Harmonized):

  • (a) Core order/account/evidence records: 3–7 years.
  • (b) Environmental/financial/COC records: 5+ years (or longer if required).
  • (c) Telemetry/logs: typical ranges 12–36 months (see Cookie Policy).
  • (d) User-generated content (listings/reviews): retained while published and thereafter per legal/operational needs.

14.3. Anonymization/De-identification. We may retain de-identified/aggregated data for analytics, research, and product improvement. We take reasonable steps to prevent re-identification and maintain it in de-identified form.

15. Your Responsibilities (Critical to the Platform)

15.1. Truthful Submissions. You must not upload others' PI without authority or unlawfully share sensitive data in messages/photos (e.g., medical info).

15.2. Evidence Protocol. If you upload site photos/video/GPS/tickets, you represent you have authority to capture/share them for safety/proof purposes; follow redaction guidance for faces/license plates where not necessary.

15.3. Off-App Risks. If you transact off-platform, Rubble cannot honor protections; off-app communications are ineligible for Buyer Protection/Refund processes.

16. Role Disclosures (Controller vs. Processor)

16.1. Rubble as Controller/Business. For consumer accounts and most marketplace activity, Rubble is a Business/Controller.

16.2. Rubble as Processor/Service Provider. For certain enterprise/API programs, Rubble may act as Processor/Service Provider under a DPA. In that case, we only process PI subject to the client's documented instructions, and the DPA controls in case of conflict.

17. Third-Party Services; Mapping/Telematics; Outages

17.1. Third-Party Terms. Mapping, telematics, KYC, payments, labs, and analytics are provided by third parties with their own terms and privacy practices.

17.2. Accuracy & Availability. Rubble is not liable for outages, inaccuracies, or data errors by third-party services (see Terms and Dispute Resolution Policy).

18. Accessibility & Language

18.1. WCAG Intent. We strive to align with WCAG expectations. If you need an accommodation, email matthew@userubble.com.

18.2. English Controls. We may provide translations for convenience, but the English version controls.

19. E-Sign; Electronic Records; Notices

19.1. E-Sign Consent. You consent to receive electronic communications and to e-sign agreements (ESIGN/UETA).

19.2. Notices. Formal notices to Rubble must be sent to matthew@userubble.com and 5379 Terence Ct, Bloomfield Hills, MI 48302 (see §26).

20. KYC/AML; Sanctions; Anti-Corruption

20.1. Screening. We may screen Users against sanctions/PEP lists; collect and verify information to comply with AML/CTF obligations; and decline service where required.

20.2. Anti-Corruption. Users must not offer bribes or illegal inducements; violations may result in termination and reporting.

21. Acceptable Use; Reviews; IP/DMCA

21.1. AUP. No scraping, reverse engineering, harassment, doxxing, or platform interference.

21.2. Reviews/Content. We may moderate, edit for clarity, or remove reviews that violate policies.

21.3. DMCA. We honor DMCA takedowns and maintain a repeat-infringer policy (see IP & DMCA Policy).

22. Geography & Availability

22.1. U.S. Focus; Geo-Restrictions. The app launches in Oakland County, Michigan and may expand to additional counties over time. Certain features may be geo-fenced. Users are responsible for local compliance.

23. Changes to this Privacy Policy

23.1. Versioning. We will post updates with a new "Effective Date" and provide in-app notice for material changes.

23.2. Continued Use = Acceptance. Continued use after the effective date constitutes acceptance unless prohibited by law.

24. Dispute Resolution; Arbitration; Class Waiver; Limitations

24.1. In-App First. You must complete in-app dispute steps before arbitration.

24.2. Arbitration. All disputes relating to this Privacy Policy or data practices are subject to binding AAA arbitration in Oakland County, Michigan, on an individual basis with jury-trial and class-action waivers, per the Dispute Resolution Policy and Terms.

24.3. Limitation Period. Any claim must be filed within 12 months from accrual (or shortest period allowed by law).

24.4. Liability Cap. To the maximum extent permitted by law, Rubble's liability is capped at the lesser of Platform fees Rubble actually received for the transaction at issue or USD $100, and no indirect/special/consequential/exemplary/punitive damages or lost profits are recoverable.

24.5. No Insurance / No Third-Party Beneficiaries. Rubble is not an insurer; no third-party beneficiaries exist except as expressly named.

25. Cross-References (Interlocks)

25.1. Cookie Policy: categories, durations, opt-outs, GPC, and banner configuration.

25.2. DPA (with SCCs/IDTA where applicable): governs Processor role.

25.3. Law Enforcement & Subpoena Guidelines: process for lawful demands; user notice unless prohibited.

25.4. Security Incident Response Notice: incident communications without admitting liability.

25.5. DSR/Privacy Request SOP: instructions, verification, and appeals.

25.6. Delivery Policy; Refund & Cancellation; Buyer Protection; Seller Rules; Trucker/Hauler Rules; Environmental Compliance; Prohibited & Restricted Materials; Dispute Resolution; Payouts & Chargebacks; IP & DMCA; Acceptable Use / Community Standards; Insurance Requirements; Property Damage & Site Access Addendum; Photo/Recording Consent; SOPs (Testing & Chain-of-Custody; Spill/Incident).

26. Contact; Notices; Data Protection Queries

26.1. Contact Rubble: matthew@userubble.com

26.2. Mailing Address: Zoot, LLC d/b/a "Rubble," 5379 Terence Ct, Bloomfield Hills, MI 48302.

26.3. Data Protection Inquiries & Appeals: Submit via in-app privacy center or email with subject "Privacy Request" or "Privacy Appeal."

27. Catch-All Clause (Verbatim; Universal)

"By using Rubble, you acknowledge and agree that Rubble has no liability for any act, omission, or occurrence relating to transportation, delivery, material quality, environmental condition, or property condition. All such liability rests solely with the independent buyer, seller, or service provider you contract with."

28. Survival; Interpretation; Severability; Assignment

28.1. Survival. §§3–7, 9–16, 18–24, 27–29 and all evidence, retention, arbitration, caps, indemnity (where applicable), and enforcement provisions survive termination.

28.2. Interpretation. Headings are for convenience; contra proferentem is waived.

28.3. Severability. If any provision is unenforceable, it is severed and the remainder continues in effect.

28.4. Assignment. Rubble may assign this Privacy Policy with the Terms to affiliates/acquirers; Users need consent to assign their rights.

By accessing or using the Rubble Platform, you acknowledge and agree to this Privacy Policy and the entire Policy Stack.