Wallet Loyalty is designed for EU small businesses that need a loyalty program without collecting unnecessary customer data. This page summarises how we support GDPR obligations for merchants using the Service.
Roles
Merchant account data — Wallet Loyalty is the controller for account, billing, support, security, and service-operation data.
Customer loyalty data — the merchant is the controller. Wallet Loyalty acts as a processor for customer records, wallet pass identifiers, stamp history, redemption history, and marketing consent flags entered or generated through the Service.
Data Processing Agreement
A Data Processing Agreement is available to merchants on request. Email [email protected] from your account email and include your business name.
Privacy-by-default product choices
Loyalty cards can work without asking customers for email, phone number, or name.
Marketing notifications require explicit opt-in before they are sent.
Wallet pass updates use Apple Wallet and Google Wallet infrastructure instead of selling or sharing customer data with advertising networks.
Account deletion starts a 30-day purge window and cancels active subscriptions where applicable.
Merchant responsibilities
Tell customers who you are, what loyalty data you collect, and why.
Collect valid consent before sending marketing messages.
Only enter customer data you actually need for your loyalty program.
Respond to customer access, correction, deletion, restriction, portability, and objection requests.
Subprocessors
We use service providers only where needed to operate the Service, including payment processing, wallet pass delivery, push delivery, hosting, email, and security. The current categories are listed in the Privacy Policy.
Data subject requests
Merchants can handle customer requests through the app where available. If you need help locating, exporting, correcting, or deleting data, email [email protected].
Security and retention
Traffic is encrypted in transit, payment card details are handled by payment processors, and deleted merchant accounts are permanently purged after the documented retention period except for billing and tax records we are legally required to keep.