Privacy Policy
Last updated: 2026-06-11
Information we collect
Account information (name, email), business details (business name, owner/contact, MIDs), payment-processing volume and settlement data, loyalty points and redemption history, shipping addresses for reward fulfillment, and the content of support requests and disputes (including any files you upload).
Third-party service providers
We share data only as needed to operate the service:
- Supabase — hosting, database, and authentication for the platform (US region by default).
- Sentry — application error monitoring. Enabled only with your consent; we do not send your password or financial details, and error reports are tagged with an opaque user id rather than your email.
- Tango Card — gift-card fulfillment (recipient name/email for delivery of redeemed rewards).
- Anthropic — AI-assisted features (recommendations, statement summaries). Requests are proxied server-side; the API key is never exposed to your browser.
- Google Fonts — web fonts.
Cookies & consent
We use essential storage to keep you signed in. Optional error-monitoring (Sentry) is enabled only after you accept it in our consent banner; you can decline without affecting core functionality.
Data retention
Immutable financial records (points ledger, settlements) are retained as required for reconciliation, tax, and legal obligations. Personal information can be anonymized on request while preserving those non-personal financial records.
Your rights
Subject to applicable law (e.g. GDPR/CCPA), you may request access to, a portable export of, or erasure/anonymization of your personal data. Contact us to exercise these rights; we honor erasure by anonymizing personal fields while retaining legally required financial records.
Contact
Questions about this policy: privacy@your-company.example (update before launch).