Privacy Policy

Last Updated: June 8, 2026

1. Our Privacy Commitment

At StampBuddy, we respect your privacy. This Privacy Policy describes how we collect, use, and protect your personal information when you use our digital loyalty platform. We aim to collect only the minimum amount of data required to link customer loyalty cards, issue stamps, and manage merchant subscriptions.

2. Information We Collect

Depending on whether you use StampBuddy as a customer or a merchant, we collect the following data:

  • Authentication Data: When you sign in with Google or email, we receive your email address, name, and profile photo/avatar from the authentication provider. We do not store passwords.
  • Merchant Profiles: If you set up a business, we store your store name, description, voucher rewards, logo URL, shop banner URL, card design preferences (bg/accent colors, stamp shape), and PIN codes.
  • Scan & Transaction Logs: We store metadata about stamp collections (which cards hold stamps, stamp counts, timestamp of stamp scans, location of scans, voucher redemptions, and active active duration).
  • Device & Usage Data: We collect local storage details to maintain active user sessions, screen sizes, browser versions, and standard server logs.

3. How We Use Your Information

We use your information strictly for the following purposes:

  • To initialize and host your digital loyalty wallet.
  • To allow merchants to issue stamps via secure one-time QR codes.
  • To prevent fraud, multiple scans of expired QR keys, or duplicate card exploits.
  • To manage paid merchant subscription billing, renewals, and cancellations.
  • To contact you regarding critical service updates, billing alerts, or security reports.

4. Third-Party Service Providers (Subprocessors)

We do not sell your personal data. We share data with reliable third-party infrastructure providers to run our system:

  • Supabase: We use Supabase for hosting our database, user table management, storage buckets (for logo/banner images), and account authentication. Your data is stored securely in their data centers.
  • Stripe: We use Stripe to process paid subscriptions and transaction billing for merchants. Stripe is the sole handler of merchant credit card and bank numbers; we do not store full financial payment numbers on our servers.

5. Cookies & Local Storage

We use standard browser Local Storage instead of third-party tracking cookies. This data is used solely to maintain user authentication sessions (so customers do not have to sign in every single time they scan a cafe QR code) and to preserve theme settings. We do not use tracking or advertising cookies.

6. Your Privacy Rights

We provide complete control over your loyalty profiles:

  • Access: Customers can view all active loyalty cards in their wallet, and merchants can view all shop branding settings in their dashboard.
  • Branding Control: Merchants can edit, change, or delete their logo, banner, shop name, and description at any time.
  • Data Deletion: If you wish to delete your customer profile, database scan logs, or merchant account entirely from our Supabase servers, please contact us. Upon request, we will purge all identifiable records within 30 days.

7. Security Measures

We use secure Hypertext Transfer Protocol (HTTPS) encryption for all database connections and application requests. Supabase databases employ Row-Level Security (RLS) policies, ensuring customers can only query cards belonging to their account ID and merchants can only update configurations for their own store owner ID.

8. Changes to this Policy

We may update our Privacy Policy from time to time to align with legal updates or changes in database architecture. Any revisions will be published on this page with an updated modification date.

9. Contact for Privacy Inquiries

If you have any questions about this Privacy Policy, your rights under GDPR/CCPA, or if you wish to request a data deletion, please email us at: privacy@stampbuddy.app.