Privacy Policy

Last updated: 2026-05-16

Loyalty iCard ("we", "us") is committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We never sell your data.

Data we collect

We collect only what we need to provide the service:

  • Account data: name, business name, email, optional phone, hashed password, billing address, and payment details (stored by Stripe, not by us).
  • Customer data you upload: the names, emails, phone numbers, and loyalty activity of end customers enrolled in programs you operate.
  • Usage data: sign-in timestamp, IP address, user-agent, basic page-view analytics (only if you consent to analytics cookies).
  • Support data: any information you provide when emailing support or filling out our contact form.

Why we collect it

  • To create and operate your account and authenticate sign-ins.
  • To process subscription billing (via Stripe).
  • To deliver loyalty wallet passes, push notifications, and transactional emails.
  • To investigate abuse, fraud, and security incidents.
  • To improve the product through aggregate, anonymized usage signals.

How long we keep it

  • Active account data: for as long as your account is active.
  • After cancellation: retained for 30 days for reactivation, then permanently deleted or anonymized.
  • Billing records: retained for 7 years as required by tax law.
  • Support emails: retained for 2 years after the conversation closes.
  • Backups: rolling 30-day daily backups plus 12 monthly snapshots, encrypted at rest.

Third-party subprocessors

We use a small set of trusted vendors to operate the service. None of them sell your data.

  • Vercel — application hosting and serverless compute (USA / EU regions).
  • Stripe — payment processing and billing portal.
  • Resend — transactional email delivery.
  • Twilio — optional SMS delivery for businesses that enable it.
  • Apple Wallet / Google Wallet — wallet pass distribution to end customers.
  • Sentry — error monitoring (filters out PII before reporting).
  • Plausible Analytics — cookieless, privacy-friendly usage analytics (only loaded if you consent).

Your rights

You have the right to:

  • Request a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Export your data in a portable format.
  • Object to processing or restrict it.
  • Withdraw cookie / analytics consent at any time from the footer banner.

To exercise any of these rights, email support@loyaltyicard.com. We respond within 30 days.

SMS / Text Messaging

When you opt in to SMS messages from a business using Loyalty iCard (for example, by entering your mobile number in a loyalty enrollment form), you consent to receive automated text messages related to that loyalty program — including welcome messages, stamp progress updates, and reward notifications. Message frequency varies based on your activity. Message and data rates may apply.

You can opt out at any time by replying STOP to any message. Reply HELP for help, or contact support@loyaltyicard.com. Your mobile number is used solely to deliver these messages and is not sold or shared with third parties for marketing purposes. Mobile information will not be shared with third parties for marketing or promotional purposes; this exclusion does not apply to subprocessors needed to deliver the SMS service (e.g., our messaging provider).

Contact

Data Protection Contact: support@loyaltyicard.com. Mailing address is listed in the site footer.