Privacy Policy

This Privacy Policy explains how information about you is collected, used, and disclosed by Loyaltify OÜ (collectively, "Loyaltify", "we", or "us") when you use our website https://loyaltify.io ("Website") and our customer loyalty program services ("Platform") (collectively, "Services"), or when you otherwise interact with us.

This Website is owned and operated by Loyaltify OÜ, an Estonian private limited company. We are established in Estonia (European Union) and act as the data controller for personal data processed in connection with the Services, unless stated otherwise in this Privacy Policy.

By accessing and using the Services, you acknowledge that you have read and understood this Privacy Policy. We may update this Privacy Policy from time to time. If we make material changes, we will notify you by revising the date of this policy and, where appropriate, by providing additional notice.

Information You Provide to Us

We collect personal data that you provide directly to us through the Services. This may include your name, email address, company name, billing details, postal address, phone number, and any other information you choose to provide when creating an account, making purchases, contacting support, or otherwise interacting with us.

Payment information is processed by our third-party payment provider, Stripe. We do not store full payment card details. Stripe’s privacy policy is available at https://stripe.com/privacy.

Information We Collect Automatically

• Log Data: Browser type, IP address, access times, pages viewed, referring URLs, and similar technical information used for security and diagnostics.
• Cookies and Similar Technologies: Used to operate the Services, remember preferences, and analyze usage. Details are available in our Cookie Policy.

Information We Collect From Other Sources

If you register or log in using a third-party identity provider (such as Google or Apple), we may receive limited profile information (for example, your name and email address) in accordance with your settings on that service.

Use of Information

• Provide and operate the Services;
• Create and manage user accounts;
• Process transactions and send confirmations;
• Provide customer support;
• Improve, secure, and monitor the Services;
• Comply with legal obligations;
• Send service-related and administrative communications;
• Send marketing communications where permitted by law.

Legal Basis for Processing (GDPR)

For individuals in the EEA and UK, we process personal data based on one or more of the following legal grounds: performance of a contract, compliance with legal obligations, legitimate interests, and consent (where required).

Information Processed on Behalf of Customers

When our customers use the Platform to manage their own loyalty programs, Loyaltify OÜ acts as a data processor, while the customer acts as the data controller. We process such data only in accordance with our agreements and applicable data protection laws.

Sub-processors (Service Providers)

We use trusted third-party service providers (sub-processors) to help us operate, provide, secure, and improve the Services. These providers process personal data only on our instructions and as necessary to provide their services to us. Depending on your use of the Services, our sub-processors may include:

• Cloud infrastructure & hosting: Amazon Web Services (AWS), with primary data storage located in the European Union (Frankfurt, Germany – eu-central-1).
• Payment processing: Stripe (payments, invoicing, fraud prevention).
• Email delivery: SendGrid, used to deliver transactional emails such as verification codes, receipts, and service notifications.
• Customer support: Intercom, used to manage and respond to customer support inquiries and communications.
• Analytics & monitoring: Services used to measure performance, reliability, and usage of the Services.

For cookie-based analytics/advertising partners, please see our Cookie Policy: https://loyaltify.io/cookie-policy.

Customer-Integrated Third-Party Services

The Services allow our customers (business clients) to integrate certain third-party services of their choice, such as email marketing, messaging, analytics, or CRM platforms (for example, Mailchimp, Brevo, or similar services).

When a customer enables such an integration, personal data may be transmitted directly to the selected third-party service in accordance with the customer’s configuration. In these cases:

• The customer acts as the data controller for the data processed through the integrated service.
• Loyaltify OÜ acts as a data processor, processing the data solely on the customer’s instructions.
• The third-party service processes personal data under its own terms and privacy policies.

Customers are responsible for ensuring that their use of third-party integrations complies with applicable data protection laws and for providing appropriate notices to their end users.

Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, including legal, accounting, and security requirements. Retention periods vary depending on the nature of the data.

Automated Decision-Making

The Services use automated processing to calculate loyalty points, rewards, campaign eligibility, and fraud prevention. These processes do not produce legal or similarly significant effects without appropriate safeguards.

Security

We implement appropriate technical and organizational measures to protect personal data. However, no system is completely secure, and we cannot guarantee absolute security.

International Transfers

Personal data is primarily stored and processed within the European Union, including on infrastructure hosted by Amazon Web Services (AWS) in Frankfurt, Germany. Certain service providers, such as email delivery or customer support tools, may process personal data outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions, in accordance with the GDPR.

Your Rights

You have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to lodge a complaint with a supervisory authority.

Requests can be sent to dpo@loyaltify.io.

Contact Us

Loyaltify OÜ
Registry code: 17223129
VAT status: Not registered for VAT
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314
Email: support@loyaltify.io