Privacy Policy

1. Information We Collect

Personal Information

When you create an account, we collect your name, email address, and password. You may optionally provide your date of birth and gender to personalize your experience.

Receipt and Purchase Data

When you submit receipts, we collect receipt photos, purchase amounts, receipt dates, and store information. We use optical character recognition (OCR) technology through Google Cloud Vision API to extract text from receipt images for verification purposes.

Location Data

With your permission, we collect your device's approximate location to show nearby participating businesses. You can disable location access at any time through your device settings.

Device Information

We collect device identifiers, operating system version, and push notification tokens to deliver notifications and prevent fraudulent activity.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the loyalty rewards service
• Process receipt submissions and award points or stamps
• Verify receipt authenticity through OCR processing
• Send push notifications about receipt status, reward availability, and promotions
• Display nearby participating businesses
• Detect and prevent fraud, duplicate submissions, and abuse
• Analyze usage patterns to improve the App
• Communicate with you about your account

3. Data Storage and Security

Your data is stored securely using Supabase, a cloud-hosted platform with enterprise-grade security including encryption at rest and in transit, row-level security policies, and regular security audits. Receipt images are stored in secure cloud storage with access controls.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share limited information with:

• Participating businesses: your name and receipt submission details so they can review and approve your loyalty rewards
• Google Cloud Vision API: receipt images for OCR text extraction (processed and not stored by Google)
• Push notification services (Apple APNs, Firebase Cloud Messaging): device tokens to deliver notifications
• Law enforcement: if required by law or to protect our rights

5. Your Rights and Choices

You have the right to:

• Access and update your personal information through the Edit Profile screen
• Opt out of push notifications through the Notifications settings
• Opt out of marketing communications
• Request deletion of your account and all associated data by contacting us at support@stayloyal.io
• Export your data upon request

6. Data Retention

We retain your personal information for as long as your account is active. Receipt data is retained for a period necessary to support loyalty program operations and fraud prevention (typically 12 months). When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

7. Children's Privacy

StayLoyal is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@stayloyal.io and we will promptly delete such information.

8. Cookies and Tracking

The App does not use cookies. We use minimal analytics to understand App performance and usage patterns. We do not engage in cross-app tracking or sell data to advertising networks.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@stayloyal.io
Subject: Privacy Inquiry