Privacy Policy

1. Who We Are

Keeper Loyalty Ltd ("we", "us", "our") is the data controller for personal data collected through our merchant platform. We are based in London, United Kingdom.

2. Data We Collect

Account data (merchants):

• Business name, email address, password (hashed)
• Business address, phone number, industry
• Logo and branding assets
• Billing information (processed by Stripe — we do not store card details)

Usage data:

• Dashboard activity and feature usage (anonymised)
• IP address, browser type, device type
• Session duration and page views

3. How We Use Your Data

We use your data to:

• Provide and maintain the Keeper Loyalty platform
• Process payments and manage your subscription
• Send transactional emails (receipts, account alerts)
• Improve the platform through aggregated, anonymised analytics
• Respond to support requests
• Comply with legal obligations

We will only send marketing emails if you have explicitly opted in, and you can unsubscribe at any time.

4. Member Data (Your Customers)

When your customers join your loyalty program, they provide data (name, phone number, email) directly to you through your join page. You are the data controller for this data. We process it only as your data processor.

As a merchant using our platform, you are responsible for:

• Obtaining your customers' consent to collect and process their data
• Providing your customers with a privacy notice that covers your loyalty program
• Complying with applicable data protection laws (e.g., GDPR, CCPA)
• Handling any subject access requests from your customers

We provide you with tools to export and delete member data at any time from your dashboard.

5. Third Parties

We do not sell, rent, or share your data or your members' data with third parties for their marketing purposes.

We work with a limited number of trusted service providers:

• Stripe — payment processing (their privacy policy applies to payment data)
• Cloud hosting provider — secure server infrastructure in the UK/EU
• Email provider — transactional email delivery only

All processors are bound by data processing agreements and may only use your data to provide their service to us.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel, your data is retained for 30 days during which you can reactivate or export, then permanently deleted.

Member data (your customers) is retained until you delete it or close your account. You can delete individual members or all member data at any time from your dashboard.

7. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and access controls. Passwords are hashed using a strong one-way algorithm.

However, no method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at security@businessloyaltycards.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the data we hold about you
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data
• Portability — Receive your data in a machine-readable format
• Objection — Object to certain types of processing
• Restriction — Request we limit processing of your data

To exercise any of these rights, email us at privacy@businessloyaltycards.com. We will respond within 30 days.

9. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies.

You can disable cookies in your browser settings, but this may affect the functionality of the dashboard.

10. Children's Privacy

Our Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice in your dashboard at least 14 days before the changes take effect.

12. Contact Us

For privacy-related questions or to exercise your rights:

• Email: privacy@businessloyaltycards.com
• Address: Keeper Loyalty Ltd, London, United Kingdom

If you are in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your supervisory authority (in the UK: the ICO at ico.org.uk).