Privacy Policy

This Privacy Policy describes how LoyQo, LLC ("Company," "we," "us," or "our") collects, uses, shares, and protects information in connection with the LoyQo platform and any associated websites, mobile features, or services (collectively, the "Services"). This Policy applies to:

• Merchants — business owners who register on the platform; and
• End-Customers — individuals who enroll in a Merchant's loyalty program through the Services.

By using the Services, you agree to the collection and use of information as described in this Policy.

1. Information We Collect

1.1 Information Collected from Merchants

• Account Information: Name, email address, password (hashed), business name, business type, business phone number, and business address.
• Payment Information: Billing name and payment method details processed by our third-party payment processor. We do not store full credit card numbers.
• Business Content: Brand colors, taglines, rewards configuration, campaign content, and other content you upload or create on the Platform.
• Usage Data: Log files, IP addresses, browser type, pages visited, features used, timestamps, and error reports.
• Communications: Records of support requests and correspondence with us.

1.2 Information Collected from End-Customers

End-Customers interact with the Platform through a Merchant's loyalty program. Information we collect about End-Customers includes:

• Contact Information: First and last name, mobile phone number, and optional email address provided when joining a loyalty program.
• Birthday: Month and day (not year) if voluntarily provided for birthday rewards.
• Loyalty Program Data: Points balance, transaction history, rewards redeemed, visit count, tier status (e.g., VIP), and enrollment date.
• Device Data: When you view a digital loyalty card, we may collect IP address and device type for security and fraud prevention.
• SMS Consent Records: The date, time, and method by which you provided consent to receive text messages, as required by the TCPA.

1.3 Automatically Collected Information

We use cookies, web beacons, and similar tracking technologies to collect information about how users interact with our Services. You can control cookies through your browser settings; however, disabling cookies may affect functionality.

2. How We Use Information

2.1 Merchant Data

• Create and manage your account and subscription.
• Process payments and send billing communications.
• Provide, maintain, and improve the Platform.
• Send service announcements, security alerts, and support messages.
• Send marketing communications about new features (you may opt out at any time).
• Comply with legal obligations and enforce our Terms of Service.
• Analyze aggregate usage patterns to improve the Platform.

2.2 End-Customer Data

• Operate the loyalty program on behalf of the Merchant (track points, process transactions, send rewards).
• Send transactional SMS and email messages related to the loyalty program (e.g., points earned, reward available, birthday offer).
• Send promotional SMS campaigns only with your prior express written consent, as required by the TCPA.
• Prevent fraud and ensure the security of the Services.
• Comply with applicable law and legal process.

3. Information Sharing and Disclosure

We do not sell personal information. We may share information as follows:

• With Merchants (for End-Customers): End-Customers' loyalty data is shared with the Merchant whose program they enrolled in. The Merchant is the data controller for this data.
• Service Providers: We share information with trusted third-party vendors (e.g., cloud infrastructure, SMS gateway, payment processor, email delivery) solely to provide the Services under confidentiality obligations.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
• Legal Compliance: We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of LoyQo, LLC, its users, or the public.
• With Your Consent: We may share information for any other purpose with your explicit consent.

4. SMS Communications and TCPA Compliance

We send SMS messages through third-party carriers on behalf of Merchants. All marketing text messages require your prior express written consent as required by the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.

• Opt-In: When you join a loyalty program, you provide your phone number and affirmatively agree to receive marketing messages from that Merchant via automated systems.
• Opt-Out: You may opt out of marketing messages at any time by replying STOP to any message. You will receive a single confirmation message and no further marketing messages will be sent.
• Help: Reply HELP for assistance.
• Message Frequency: Message frequency varies by Merchant. Standard message and data rates may apply.
• Transactional Messages: Even after opting out of marketing, you may still receive transactional messages necessary to operate the loyalty program (e.g., reward redemption confirmations).

5. Email Communications and CAN-SPAM

Commercial email messages sent through the Platform comply with the CAN-SPAM Act of 2003, 15 U.S.C. § 7701. Each commercial email will include:

• A clear identification of the message as an advertisement (where applicable).
• The sender's physical postal address.
• A functional opt-out mechanism honored within 10 business days.

6. Data Retention

We retain Merchant account data for the duration of the subscription and for up to 90 days after account termination (to allow for account recovery), after which it is securely deleted. We retain End-Customer data for as long as the Merchant's account is active. Merchants may delete individual customer records from the Platform at any time. We retain records as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

7. Data Security

We implement industry-standard administrative, technical, and physical security measures, including encryption in transit (TLS), hashed passwords, and role-based access controls, to protect personal information from unauthorized access, disclosure, alteration, or destruction. However, no internet transmission or electronic storage is 100% secure. We encourage you to use a strong, unique password and to notify us immediately of any suspected security breach at privacy@loyqo.com.

8. Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.100 et seq.grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, and the purposes for collection.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information as defined by the CCPA. You may still submit a "Do Not Sell or Share My Personal Information" request at the email below.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA right.
• Authorized Agent: You may designate an authorized agent to make requests on your behalf.

To exercise these rights, contact us at privacy@loyqo.com. We will respond within 45 days (extendable by an additional 45 days with notice). We may request verification of your identity before fulfilling requests.

9. Additional State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising. Contact us to exercise these rights.

10. Children's Privacy (COPPA)

The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@loyqo.com.

11. Third-Party Links

The Services may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. International Data Transfers

The Services are operated in the United States. If you are located outside the U.S., please be aware that information we collect may be transferred to, and processed in, the United States, where privacy laws may differ from those of your country.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will provide notice of material changes via email or a prominent notice on the Platform at least 14 days before the effective date of changes. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

For privacy questions, requests, or complaints, contact our Privacy Team:
LoyQo, LLC
Email: privacy@loyqo.com