Privacy policy

Last updated: 2026-05-30

Who we are

Loyalty in Pocket (“we”, “us”) operates loyaltyinpocket.com, a universal-QR loyalty platform. Contact: tommy@loyaltyinpocket.com.

What we collect

• Members: a randomly generated member ID, and — only if you choose to provide them for account recovery — your email address and / or phone number. We log timestamps of your visits to participating shops to award stamps and points.
• Merchants: business name, contact email, billing details (handled by Stripe; we do not store card numbers), and your shop's location.
• Everyone: standard request metadata (IP, user-agent) for security and abuse prevention.

How we use it

Member data is used solely to operate your loyalty memberships and, where you consent at first scan, shared with the merchants you have joined so they can award stamps, points, and rewards. We never sell personal data.

Your rights (GDPR / CCPA / Australian Privacy Act)

• Access and export your data
• Correct inaccurate data
• Delete your account and data permanently
• Withdraw consent for merchant data sharing at any time

To exercise any of these rights, email tommy@loyaltyinpocket.com or use the in-app controls on your member card.

Cookies and local storage

We store a randomly generated member ID in your browser's local storage so your card persists across visits. We use a short-lived session cookie for merchants and operators logging in. We do not use third-party tracking cookies.

Data retention

We keep your data while your account is active. On request, deletion is permanent within 30 days.

Changes

We'll post material changes here with a new “last updated” date. Continued use of the service after changes means you accept the new policy.