1. Introduction

Loyalteey ("we," "our," or "us") operates the Loyalteey platform, accessible via the mobile application on Google Play and the web application at loyalteey.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Loyalteey, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Mobile phone number, first name, last name, date of birth, and city/municipality when you register.
Handle/Username: An optional public username you choose for display on reviews and leaderboards.
Business Information: If you register as a business owner — business name, address, category, business type, branch details, and business PIN.
KYC Documents: Government-issued ID photo, selfie, and business documents submitted for identity verification (Negosyo and Negosyo Plus plans).
Payment Information: Payment details are processed directly by Stripe. Loyalteey never stores credit card numbers, bank account details, or other financial account information on our servers.
Reviews and Feedback: Content you post as reviews for businesses on the platform.

2.2 Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers, and mobile network information.
Usage Data: Pages visited, features used, time spent, and interaction patterns within the app.
Location Data: Approximate location (with your permission) for the Discover feature to show nearby businesses. We do not track your location in the background.
Log Data: IP address, browser type, access times, and referring URLs.

2.3 Information from QR Scans

Transaction Records: When a business scans your Loyalteey QR code, we record the business ID, timestamp, price bracket selected, and points awarded.
Points and Rewards: Your per-store point balances, tier status, reward claims, and redemption history.

3. How We Use Your Information

We use the information we collect to:

Create and manage your Loyalteey account and Loyalteey QR ID
Process point awards, track per-store balances, and manage reward claims
Determine and display your VIP tier status (Bronze, Silver, Gold, Diamond) at each business
Send you push notifications about reward eligibility, promo blasts, and bonus events (with your consent)
Display nearby participating businesses on the Discover map
Process subscription payments and manage business owner billing
Verify business owner identity through KYC document review
Generate and deliver your physical Loyalteey ID card (PDF)
Detect fraud, abuse, and enforce our Terms of Service
Improve and optimize the Service
Respond to your inquiries and provide customer support

4. Information Sharing and Disclosure

4.1 With Business Owners

When you visit a participating business, the business owner can see:

Your first name (for the scan/award screen)
Your handle or first name with last initial (on reviews and leaderboards)
Your visit count, tier status, and point balance at their specific store
Whether it is your birthday (if birthday bonus is active)

Business owners cannot see your full name, mobile number, date of birth, home address, or any information about your activity at other businesses.

4.2 With Service Providers

Stripe: Payment processing for business subscriptions (Google Pay, Apple Pay, and card payments)
Firebase Cloud Messaging (FCM): Push notification delivery
Google Cloud Platform: Cloud infrastructure, file storage for KYC documents
SMS Provider: OTP delivery for account verification

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Loyalteey, our users, or others.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL. Sensitive data at rest (PINs, OTPs) is hashed using bcrypt.
Token Security: Authentication tokens are stored in encrypted device storage — never in plain text or standard app storage.
Mobile Number Masking: Mobile numbers are masked in all internal logs and admin views (e.g., 09*****4567).
KYC Document Storage: Identity documents are stored in private cloud storage with signed URLs that expire after 15 minutes. Documents are never stored in our database.
Screenshot Protection: Sensitive screens (QR display, reward claim codes) are protected against screenshots.
Certificate Pinning: The mobile app uses SSL certificate pinning to prevent man-in-the-middle attacks.
Audit Trail: All state-changing actions are logged to an immutable audit trail.

6. Data Retention

Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
Transaction History: Point award and redemption records are retained for 3 years for business reporting purposes.
KYC Documents: Retained for up to 2 years after verification, then securely deleted.
Audit Logs: Retained for 5 years as required for compliance and dispute resolution.
Expired Tokens: Refresh tokens are automatically purged upon expiration by our background cleanup process.

7. Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate personal information through your Profile settings.
Deletion: Request deletion of your account and associated personal data.
Notification Preferences: Manage which push notifications you receive, or mute notifications from specific businesses.
Location: Revoke location permissions at any time through your device settings.
Data Portability: Request your data in a machine-readable format.

To exercise any of these rights, contact us at [email protected].

8. Birthday Information

Your date of birth is collected to enable the birthday bonus feature, which gives you extra point multipliers around your birthday. Your birthday is locked after first save and cannot be changed unless an admin override is requested. This prevents abuse of the birthday bonus system. Only the month and day are shared with business owners — never your birth year.

9. Physical Loyalteey ID Card

You may generate a physical Loyalteey ID card (PDF) from the app. This card displays your handle (or first name if no handle is set) and your Loyalteey QR code. It does not display your full name, mobile number, or any other personal information. Card regeneration is limited to 3 times per year with a 30-day cooldown between regenerations. Previous QR codes are invalidated immediately upon regeneration.

10. Children's Privacy

Loyalteey is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via push notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Loyalteey
Email: [email protected]
Website: loyalteey.com