7stamp Privacy Policy

• Account and identity data: name, email address, phone number if provided, login identifier, business name, staff roles, and account permissions.
• Business and billing data: company details, tax identifiers where provided, plan, invoices, Access Codes, payment metadata, partner billing metadata, and support history.
• Loyalty data: card ID, merchant or program ID, stamps, vouchers, rewards, redemptions, expiry reminders, card status, and loyalty-event history.
• Communication and consent data: marketing consent status, consent text and version, communication preferences, unsubscribe records, timestamp, source, channel, and related audit logs.
• Technical and security data: IP address, browser/device data, operating system, logs, crash reports, authentication events, session records, fraud and abuse signals, and security audit data.
• Location data: only where enabled by the customer and the wallet/card environment, such as location-based wallet reminders. We do not need a continuous history of precise coordinates to operate normal loyalty cards.
• Camera data: the scanner app uses the device camera to scan QR codes or barcodes. We do not record, store, or transmit video or images from the camera unless a separate feature expressly requires and discloses it.

7stamp currently uses only two End User communication channels: wallet/card notifications through Apple Wallet or Google Wallet, and email messages. 7stamp does not currently use SMS, WhatsApp, Telegram, Viber, or other messenger channels for 7stamp customer communications.

Marketing communications are promotional or commercial messages, including special offers, discounts, win-back campaigns, birthday offers, personalized offers, and merchant or partner campaigns. Transactional loyalty communications are service-related messages such as stamp updates, issued rewards, issued vouchers, voucher status updates, voucher expiry reminders, and important card or loyalty-program notices.

Marketing consent is optional and separate from accepting Terms or Privacy Policy. Refusing or withdrawing marketing consent does not prevent an End User from receiving and using a loyalty card, stamps, vouchers, or rewards. End Users may manage email preferences through unsubscribe and communication-preference links in emails. Wallet/card notifications are managed in Apple Wallet or Google Wallet settings. Important account, security, legal, billing, or service notices may still be sent where necessary.

When a customer uses a partner-branded card page or admin domain, the visible brand may be a White Label Partner, Merchant, Managed Business, or other Program Operator. The point-of-collection page should identify the Program Operator and the entity responsible for the loyalty program. 7stamp may appear only as the technology provider, or may not appear to End Users, depending on the White Label configuration.

Where a White Label Partner or Managed Business controls the loyalty program, that entity is responsible for its own privacy notices, marketing consent wording, loyalty rules, refund/cancellation statements, support contacts, and customer-facing communications. 7stamp stores consent records and provides technical tools, but does not guarantee that partner-provided legal texts are correct for the partner's jurisdiction or business model.

By default, White Label Service Domains use only cookies and similar technologies that are strictly necessary to provide the Service, authenticate users, maintain sessions, prevent fraud, secure the platform, remember essential preferences, and operate the loyalty card and admin/scanner workflows, unless optional analytics, advertising, or similar tracking is separately enabled through a supported configuration.

If a White Label Partner enables optional analytics, advertising, pixels, tags, SDKs, or similar tools on partner-branded domains, the partner is responsible for determining whether those tools are lawful, obtaining any required consent before they operate, honoring opt-outs, and maintaining accurate cookie/pixel disclosures. 7stamp may disable tracking configurations that create material legal, security, platform, or reputational risk.

7stamp may use strictly necessary technical logs, security cookies, session identifiers, operational diagnostics, and fraud-prevention tools for its own platform security and service operation. Optional non-essential tracking should not be enabled by default on White Label Service Domains unless a compliant consent mechanism is in place.

• With Merchants, White Label Partners, or Managed Businesses to operate the relevant loyalty program and support the customer relationship.
• With service providers and sub-processors such as hosting, authentication, database, email delivery, payments, support, analytics necessary for operation, and security providers.
• With Apple Wallet, Google Wallet, payment processors, integration providers, or other third parties chosen or enabled by the user, Merchant, Partner, or Managed Business.
• With authorities, courts, regulators, or advisors where required by law or necessary to protect rights, safety, and security.
• In connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate safeguards.

We may process data in countries outside the country where the data was collected. Where required, we use lawful safeguards such as adequacy decisions, EU Standard Contractual Clauses, UK transfer mechanisms, Data Privacy Framework certification where applicable, or other lawful transfer mechanisms.

We retain personal data for as long as necessary for the purposes described in this Policy, including to provide the Service, maintain loyalty records, keep consent and preference evidence, support security and fraud prevention, comply with tax/accounting/legal obligations, resolve disputes, enforce agreements, and maintain backups. Retention periods depend on the type of data, account status, legal requirements, security needs, limitation periods, and whether the data is needed for an active loyalty program or dispute.

When data is no longer needed, we delete, anonymize, or aggregate it where reasonably practicable. Backup copies may persist for a limited period until overwritten or securely deleted according to our backup cycles.

Depending on your location and the processing context, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent, receive a copy of your data, opt out of certain processing, or lodge a complaint with a supervisory authority. If your loyalty program is operated by a Merchant, White Label Partner, or Managed Business, we may forward your request to the relevant controller or assist that controller in responding.

Where U.S. state privacy laws apply, additional rights and disclosures may apply. 7stamp does not sell personal information as commonly understood. Where 7stamp processes personal information on behalf of a covered business as a service provider or contractor, it processes that data for limited and specified business purposes and subject to the applicable data processing terms. White Label Partners and Managed Businesses are responsible for assessing whether they are covered by California or other U.S. state privacy laws and for publishing any required partner-specific notices.

We may update this Privacy Policy from time to time. Material changes will be notified through the Service, website, email, or other reasonable means where required.

PayForSay s.r.o.

Dolezalova 3424/15C, 821 04 Bratislava - Ruzinov, Slovakia

Email: info@7stamp.com