DRAFT v1.0 — pending legal review. The English version is the binding one; translations will follow once the text is final.

LoyaFlow Platform Privacy Notice

This notice explains how Abdelfattah el Alouani, sole proprietor, Wülflingerstrasse 165, 8408 Winterthur, Switzerland ("LoyaFlow", "we") processes personal data as controller. Contact: privacy@loyaflow.com.

Are you a customer of a shop that uses LoyaFlow? Then, for your loyalty card data, the shop (merchant) is the controller and LoyaFlow only processes your data on the shop's behalf (as processor). Please read the shop's own privacy policy, shown when you joined its program, and see Section 9 below for the shortcuts we give you ( unsubscribe, export, deletion). This notice covers everything else: merchant accounts and website visitors.

1. Who this notice covers

  • Merchants — the businesses that register and use the LoyaFlow dashboard (their owners and staff users).
  • Website visitors — people browsing our public pages.
  • End customers — only for the narrow items described in Section 9 (where we act on our own responsibility); everything else about end customers is processed for the merchant under the DPA.

2. Representatives

  • EU representative (Art. 27 GDPR): [EU REPRESENTATIVE — pending appointment].
  • UK representative (Art. 27 UK GDPR): [UK REPRESENTATIVE — pending appointment].

We are established in Switzerland; no Swiss representative is required.

3. What we process, why, and on what legal basis

DataPurposeLegal basis
Account data (name, email, password hash, preferred language, company details, role)Providing the dashboard, authentication, staff managementContract (Art. 6(1)(b))
Email verification & auth events (verification links, login timestamps)Account security, abuse preventionContract; legitimate interest (security)
Billing & subscription data (plan, subscription status, invoices metadata, billing country, tax status)Subscription management, entitlements, tax complianceContract; legal obligation
Checkout & payment data — processed by Paddle as Merchant of Record (independent controller): payment method, card data, billing addressPayment processing, tax calculation and remittance, fraud preventionSee Paddle's privacy policy (paddle.com/legal/privacy); we receive only the outcome (subscription/invoice status), never card numbers
Support data (tickets, messages, related account context)Handling your requestsContract; legitimate interest
Transactional emails (verification, billing notices, service notices)Operating the ServiceContract
Technical logs (IP address, user agent, request metadata)Security, debugging, abuse and rate limitingLegitimate interest (security & operation)
Legal acceptances (which document version you accepted, when)Evidence of contract and consentLegal obligation; legitimate interest

We do not sell personal data, do not use it for third-party advertising, and do not take automated decisions with legal effect on you.

4. Cookies

The platform uses only essential cookies (session/authentication, security, preferences such as language). We use no advertising or third-party analytics cookies; any usage analytics are cookieless and aggregate. Because of this, no cookie consent banner is shown. Details: see the Cookie Notice.

5. Recipients (processors and providers)

We use these providers to run the Service (data localised in the EU where noted):

ProviderRoleLocation
Supabase, Inc.Database, authentication, storageEU — AWS eu-central-1 (Frankfurt)
Google CloudApplication hosting, secrets, loggingEU — europe-west1 (Belgium)
Cloudflare, Inc.DNS, CDN, security edgeGlobal edge
Resend, Inc.Transactional email deliveryUSA
PaddleMerchant of Record for subscriptions (independent controller)UK/USA

Public authorities only where legally required.

6. International transfers

Our primary infrastructure is in Switzerland/EEA. Switzerland, the EEA and the UK recognise each other as adequate — no additional safeguards needed. Providers in the USA (e.g. Resend, Cloudflare, Paddle entities) are covered by the EU–U.S. Data Privacy Framework (with Swiss and UK extensions) and/or Standard Contractual Clauses.

7. Retention

  • Account data: for the life of the account; on closure, deleted after a 30-day wind-down window (security/reactivation), except data we must keep longer.
  • Billing records: kept as required by commercial and tax law (Swiss law: up to 10 years).
  • Support tickets: life of the account + 30 days.
  • Technical logs: short rotation (weeks, not years).
  • Legal acceptances: as long as needed to evidence the contract.

8. Your rights

Under the GDPR/FADP/UK GDPR you can request access, rectification, erasure, portability, restriction and object to legitimate-interest processing; where processing is based on consent, you may withdraw it at any time. Write to privacy@loyaflow.com. You may complain to a supervisory authority — in Switzerland the FDPIC, in the EU your national authority, in the UK the ICO.

9. End customers — what LoyaFlow does on its own responsibility

For loyalty-card data the controller is your merchant (see the note at the top). On our own responsibility we only:

  • operate the public request shortcuts on the pass page: unsubscribe from marketing (immediate), export and deletion requests (queued to your merchant for fulfilment);
  • keep minimal technical logs of public pass pages for security (short retention);
  • forward wallet push tokens to Apple with an empty payload (no personal content leaves the platform through push notifications).

Everything else — what data your program stores, for how long, marketing — is your merchant's decision, described in their privacy policy.

10. Security

Security measures are summarised in the DPA's TOM annex and include encryption in transit and at rest, strict tenant isolation at database level, managed secret storage, least-privilege access, monitoring, and a breach-response procedure. If a breach is likely to result in a high risk to you, we will inform you and the competent authority as required by law.

11. Changes

We may update this notice; material changes are announced in the dashboard with a versioned acceptance (you will see which version you accepted and when). The current version is always available at the platform's legal pages.


Version 1.0-draft · Effective date: [DATE] · Binding language: English · Contact: privacy@loyaflow.com