Privacy Policy

Loyaltify(“we”, “us”, or “our”) operates the loyalty management platform at https://loyaltify.com.mx. We are committed to protecting the personal information of our customers, their end-users, and visitors to our platform.

Account information: When you register, we collect your first and last name, work email address, phone number, company name, and a hashed password.

Business data: Information you provide about your business, including branding assets, loyalty program settings, and customer records you import or generate through the platform.

Payment information: Billing details are processed by Stripe. We do not store full card numbers — only the last four digits and billing address for invoicing purposes.

Usage data: Log files, IP addresses, browser/device type, pages visited, and interactions with the platform (clicks, scans, redemptions) to improve our service.

Wallet pass data: When your customers add Apple or Google Wallet cards, we store the device identifiers required to push card updates.

We use the data we collect to:

• Provide, operate, and improve the Loyaltify platform
• Process transactions and send billing notifications
• Send transactional emails (OTP verification, password resets, invoices)
• Send product updates and marketing emails (you can opt out at any time)
• Detect and prevent fraud and abuse
• Comply with legal obligations

For users in the European Economic Area, we process personal data on the following bases:

• Contract performance — to deliver the services you signed up for
• Legitimate interests — for platform security, fraud prevention, and product analytics
• Consent — for marketing communications (revocable at any time)
• Legal obligation — to comply with applicable laws

We do not sell your personal data. We share data only with:

• Service providers — Stripe (payments), Zoho (email delivery), AWS / cloud infrastructure, analytics tools — all under data processing agreements
• Apple & Google — pass update tokens required for Wallet functionality
• Legal authorities — when required by law or court order

We retain account data for as long as your account is active, plus 90 days after closure to allow for data export. Anonymized, aggregated analytics data may be retained indefinitely. You may request deletion at any time (see Section 9).

We use AES-256 encryption at rest, TLS 1.2+ in transit, JWT + OTP authentication, role-based access controls, and audit logging. No method of transmission over the Internet is 100% secure — we cannot guarantee absolute security, but we follow industry best practices.

We use strictly necessary cookies for authentication sessions. We use analytics cookies (e.g., PostHog, Google Analytics) to understand usage patterns. You can opt out of analytics cookies via your browser settings or our cookie banner.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (“right to be forgotten”)
• Object to or restrict processing
• Data portability (receive your data in a machine-readable format)
• Withdraw consent for marketing at any time

To exercise any of these rights, email us at privacy@loyaltify.com.mx. We will respond within 30 days.

Loyaltify is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this policy periodically. We will notify registered users by email and update the “Last updated” date above. Continued use of the platform after notification constitutes acceptance of the revised policy.

For privacy-related questions or requests, contact our Data Protection team at: privacy@loyaltify.com.mx