Privacy Policy
Last updated: July 13, 2026
This Privacy Policy explains what information LoyaPin ("we", "us", "our") collects when you use the LoyaPin mobile application and related services (the "Service"), how we use it, and the choices you have. We built LoyaPin to be private by default: we collect the minimum needed to run the app, we don't show ads, and we never sell your data.
The short version: your live location never leaves your device — store matching happens on the phone. If you enable sync, we store your email address, your loyalty cards, and the store pins you create, so we can restore them on your devices. That's it.
1. Information We Collect
Information you provide
- Email address — used to sign you in with a one-time code and to identify your account for sync.
- Loyalty card data — card name, barcode value and format, card color, and how it was added (scanned or imported). Stored on your device, and on our servers only if you sign in and enable sync.
- Store pins — the coordinates, trigger radius, and optional address label of store locations you pin to a card. Synced with the same rules as cards.
- Promo codes — if you redeem one, we record the code and redemption to prevent reuse.
Information collected automatically
- Device identifiers — a per-install identifier used for sync bookkeeping, free-trial eligibility, and abuse prevention (e.g. rate limiting).
- Subscription status — whether your subscription or trial is active, received from our subscription provider (RevenueCat) and the app stores. We never see or store your payment card details; payments are processed entirely by Apple or Google.
- Basic technical logs — standard server logs (IP address, timestamps, request status) kept briefly for security and debugging.
Information processed only on your device
- Location — LoyaPin compares your device's location against your saved pins to surface the right card when you arrive at a store. This matching happens entirely on your device. Your live location, movement history, and visit history are never transmitted to our servers. Only the pin coordinates you deliberately save are synced. You can deny location permission and use the app fully — cards just won't appear automatically.
- Camera and photos — used to read a barcode from a physical card or a screenshot you choose. Barcode recognition happens on-device; the images themselves are never uploaded and are not stored by the app.
2. How We Use Your Information
- To provide the Service: sign-in, cross-device sync, backup and restore of your cards and pins.
- To manage subscriptions, free trials, and promo codes.
- To send transactional emails (one-time sign-in codes). We do not send marketing emails without your consent.
- To secure the Service: preventing abuse, rate limiting, and debugging.
We do not sell or rent your personal data, use it for third-party advertising, or build advertising profiles.
3. Service Providers
We share data with a small number of processors, only to the extent needed to run the Service:
- Fly.io — hosts our servers and database (your account, cards, and pins if you sync).
- Resend — delivers one-time sign-in code emails to your email address.
- RevenueCat — manages subscription status across the App Store and Google Play using anonymous app-scoped identifiers.
- Apple App Store / Google Play — process payments under their own privacy policies.
Each provider processes data on our behalf under contractual confidentiality and data-protection obligations. We may also disclose information if required by law, or to protect the rights, safety, or security of LoyaPin, our users, or the public.
4. Data Retention and Deletion
We keep your synced data for as long as your account is active. If you use the app without signing in, your data lives only on your device and is removed when you delete the app.
To delete your account and all synced data, email us at support@loyapin.xyz from the address associated with your account. We will delete your data within 30 days, except for minimal records we must keep for legal, security, or fraud-prevention purposes (e.g. promo code redemptions).
5. Security
All traffic between the app and our servers is encrypted in transit using TLS. Sign-in uses short-lived one-time codes instead of passwords, so there is no password to leak. Access to production systems is restricted. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard measures.
6. International Transfers
Our servers may be located in a different country than you. Where data is transferred internationally, we rely on our providers' compliance frameworks and appropriate safeguards, such as standard contractual clauses.
7. Children
The Service is not directed at children under 13 (or the applicable minimum age in your country), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
8. Your Rights
Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, export, restrict the processing of, or delete your personal data, and the right to object to processing or withdraw consent. You can exercise these rights by emailing support@loyapin.xyz. You also have the right to lodge a complaint with your local data protection authority.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before they take effect. The "Last updated" date at the top shows the latest revision.
10. Contact
Questions or requests about your data? Email support@loyapin.xyz.