1. Introduction
StampClub ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our digital loyalty platform.
2. Information We Collect
For Business Users
- Account information (name, email, phone number)
- Business details (business name, type, description, address)
- Branding assets (logo, cover image, brand colors)
- Contact information (business email, phone, website)
- Operating hours and location data
- Payment information (processed securely via Stripe)
- Team member information (staff accounts)
For Customers
- Account information (name, email address)
- Phone number (optional)
- Date of birth (optional, for birthday rewards)
- Profile image (optional)
- Language preference
- Loyalty card activity (stamps earned, rewards redeemed)
- Transaction history with businesses
Automatically Collected Information
- Device information (device ID, browser type)
- IP address
- Location data (when scanning QR codes, for fraud prevention)
- Usage data (pages visited, features used)
3. How We Use Your Data
- To provide and maintain our loyalty platform service
- To process stamp collection and reward redemption
- To send transactional notifications (stamps earned, rewards available)
- To send promotional communications (with your consent)
- To prevent fraud and ensure platform security
- To improve our services and develop new features
- To provide analytics to businesses about their loyalty programs
- To comply with legal obligations
4. Data Storage and Security
We use industry-leading service providers with robust security certifications:
Convex — Database & Backend
- Location: United States (AWS infrastructure)
- SOC 2 Type II, HIPAA Compliant, GDPR Verified
- Data encrypted at rest and in transit
Clerk — Authentication
- Location: European Union (Germany, Ireland)
- SOC 2, GDPR Compliant, CCPA Compliant
- Data Privacy Framework (DPF) certified
Stripe — Payment Processing
- PCI DSS Level 1 certified
- We do not store credit card numbers
5. Data Sharing
We do not sell your personal data.
We may share data with:
- Service providers: Convex (database), Clerk (authentication), Stripe (payments), Resend (email)
- Business partners: When you join a business's loyalty program, that business can access your activity within their program
- Legal authorities: When required by law or to protect our rights
6. Data Retention
We retain your personal data for as long as:
| Data Type | Retention Period |
|---|
| Account data | Until you delete your account |
| Transaction history | 7 years (tax/legal compliance) |
| Fraud prevention data | 90 days |
| Analytics data | Anonymized after 24 months |
7. Your Rights (GDPR — EU Users)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion ("right to be forgotten")
- Objection: Object to data processing
- Portability: Receive data in portable format
- Withdraw Consent: Withdraw consent at any time
8. Your Rights (CCPA/CPRA — California Residents)
California Consumer Privacy Act
If you are a California resident, you have additional rights under the CCPA as amended by the CPRA.
- Right to Know: Request information about data collected, used, and shared
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: Equal service regardless of privacy choices
- Right to Limit Use: Limit use of sensitive personal information
Do Not Sell or Share My Personal Information
StampClub does not sell your personal information. To opt out of any sharing for analytics purposes, contact us.
Submit Opt-Out RequestTo exercise your CCPA rights, email support@stampclub.appwith "CCPA Rights Request" in the subject line. We will respond within 45 days.
9. Notice of Financial Incentive (CCPA)
StampClub offers a loyalty rewards program that may be considered a "financial incentive" under the CCPA because it collects personal information in exchange for benefits.
Material Terms
- Earn digital stamps for qualifying purchases at participating businesses
- Redeem completed stamp cards for free items, discounts, or other rewards
- Receive birthday and signup rewards (where offered by businesses)
- Access to exclusive promotions and offers
Personal Information Collected
- Contact information (name, email)
- Transaction and loyalty activity history
- Birthday (optional, for birthday rewards)
Value Calculation
We estimate the value of the personal information collected is reasonably related to the value of the rewards provided. The program operates on a sustainable model where rewards value equals approximately 5-10% of annual customer spend at participating businesses.
Participation
Participation is voluntary. You may join at stampclub.app or at participating businesses. You may withdraw at any time by deleting your account or contacting support@stampclub.app.
10. Other US State Privacy Rights
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and Oregon (OCPA) may have similar rights to California residents. Contact us to exercise your rights.
11. Cookies
We use essential cookies to make our platform work. For more details, see our Cookie Policy.
12. Children's Privacy
StampClub is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.
13. International Data Transfers
Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification (Clerk)
- Standard Contractual Clauses where applicable
- SOC 2 Type II certified infrastructure (Convex)
14. Contact Us
For privacy-related inquiries or to exercise your rights, contact us:
15. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and where appropriate, notifying you by email.