Privacy Policy

Last Updated: December 28, 2025

1. Introduction

Waffi Rewards ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer loyalty platform ("Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Name, email address, phone number, business name, store address
  • Payment Information: Credit card details (processed securely via Stripe)
  • Customer Data: Customer names, phone numbers, purchase history, reward points
  • Communications: Messages you send through the platform, support requests

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on pages
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and preferences

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (Stripe) - transaction status and payment confirmation
  • Authentication providers (Firebase) - authentication tokens
  • SMS service providers (Twilio) - message delivery status

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Operation

  • Create and manage your account
  • Process transactions and subscriptions
  • Provide customer loyalty program features
  • Enable communication between merchants and customers
  • Display relevant advertisements

3.2 Communication

  • Send service-related notifications
  • Respond to inquiries and support requests
  • Send promotional communications (with consent)
  • Notify about changes to our Service or policies

3.3 Improvement and Analytics

  • Analyze usage patterns to improve the Service
  • Develop new features and functionality
  • Monitor and prevent fraudulent activity
  • Ensure Service security and reliability

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly consent to the sharing.

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Stripe: Payment processing
  • Firebase: Authentication and database services
  • Twilio: SMS messaging services
  • Hosting providers: Cloud infrastructure

4.3 Business Purposes

  • Merchants receive access to their customers' loyalty data
  • Aggregated, anonymized analytics may be shared

4.4 Legal Requirements

We may disclose information if required by law or in response to valid requests by public authorities.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing (bcrypt)
  • PCI-DSS compliant payment processing via Stripe
  • Regular security audits and monitoring
  • Access controls and authentication
  • Secure data storage practices

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records

When you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you.

7.2 Correction

You may update or correct your account information at any time through your account settings.

7.3 Deletion

You may request deletion of your account and associated personal data by contacting us.

7.4 Marketing Opt-Out

You may opt out of promotional communications by:

  • Clicking the "unsubscribe" link in emails
  • Replying "STOP" to SMS messages
  • Updating your communication preferences

7.5 Cookie Preferences

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: You will not be discriminated against for exercising your rights

To exercise these rights, contact us at privacy@waffirewards.com.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Obtain copies of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing

We process personal data based on:

  • Contract: Processing necessary to perform our contract with you
  • Consent: Where you have given consent for specific purposes
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required by law

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@waffirewards.com

General Support: support@waffirewards.com

Data Protection Officer: dpo@waffirewards.com

For GDPR-related inquiries, you may also contact your local data protection authority.

15. Cookie Policy

We use the following types of cookies:

Essential Cookies

Required for the Service to function. These cannot be disabled.

  • Session authentication tokens
  • Security tokens

Functional Cookies

Remember your preferences and settings.

  • Language preferences
  • Display settings

Analytics Cookies

Help us understand how the Service is used.

  • Page views and navigation paths
  • Feature usage statistics