Privacy Policy

Last updated: 1 June 2026

Note. LoyeeCards is currently operated by Matej Valtr as an individual sole trader, based in the Czech Republic. These policies will be reviewed by qualified legal counsel and updated when the operating entity is formally incorporated.

1. Who we are

LoyeeCards (“we”, “us”) is operated by Matej Valtr, an individual sole trader based in the Czech Republic. We provide a digital loyalty card platform that lets small businesses (“vendors”) issue loyalty cards to their customers via Apple Wallet and Google Wallet.

2. What we collect

From vendors who sign up: name, email address, password (stored as a one-way hash), venue details (name, logo, design colors), and billing information processed by Stripe (card numbers never reach our servers).
From customers who enroll at a venue: email address and optionally name, loyalty progress at the venue they enrolled with, and pass device identifiers used by Apple Wallet / Google Wallet to deliver updates.
From everyone who visits: IP address and basic browser metadata, used only for rate limiting, security, and to deliver pass updates to mobile devices.

3. Why we collect it

To operate the loyalty card service and deliver passes.
To send transactional emails — staff invitations, billing receipts (via Stripe), and service notifications.
To prevent abuse, fraud, and over-quota service usage.
To comply with legal and tax obligations.

We do not sell personal information, and we do not use it for advertising.

4. Who we share it with

We share information with service providers (“data processors”) strictly to operate the service:

Stripe — payment processing for vendor subscriptions.
Cloudinary — image hosting for venue logos.
Resend — transactional email delivery.
Apple — Apple Wallet pass delivery via Apple Push Notification service.
Google — Google Wallet pass delivery.
Neon — managed Postgres database hosting.
Vercel — application hosting and serverless execution.
Upstash — rate limiting via Redis.
Cloudflare — DNS and inbound email routing.

Each processor operates under its own privacy practices and a data processing agreement with us.

5. Cookies and local storage

Essential: authentication session cookie set by NextAuth so you can stay signed in; Stripe checkout cookies during payment (only on Stripe-hosted pages).
Functional: your cookie-consent choice is stored in your browser’s local storage so we don’t ask again.
We do not use analytics, marketing, or advertising cookies.

6. Your rights

If you are in the European Economic Area, United Kingdom, or California, you have the following rights regarding your personal information:

Request a copy of the data we hold about you.
Request deletion of your account and the data associated with it.
Request your data in a portable format.
Object to or restrict certain processing.
Withdraw consent at any time.

To exercise any of these rights, email support@loyeecards.com. We will respond within 30 days.

7. How long we keep your data

Account data: kept while your account is active and deleted within 30 days of account closure.
Payment records: retained by Stripe and by us as required for accounting and tax compliance.
Server logs: kept for up to 30 days for security and debugging.

8. International data transfers

Some of our processors operate servers outside the European Economic Area. Where this is the case, we rely on adequacy decisions or standard contractual clauses approved by the European Commission.

9. Children

LoyeeCards is not directed at children under 16. We do not knowingly collect personal information from children. If you become aware that a child has provided personal information, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to vendors and posted on this page with a new “Last updated” date.

11. Contact

Questions, requests, or complaints: support@loyeecards.com.