Legal
Privacy Policy
Last updated July 13, 2026
This Privacy Policy explains what information Swabzy ("we", "us") collects when businesses and their customers use the Swabzy digital loyalty platform, how we use it, and the choices you have. This page is maintained by Swabzy to answer common privacy questions about the service.
1. Information we collect
From business accounts. When you sign up as a business we collect the account owner's email address, display name, and authentication identifiers from your chosen sign-in method (email/password or Google). To publish your shop page we also collect business name, business type, public handle (slug), phone number, address, short tagline, and an optional logo image. Subscription and billing information (plan, status, billing email, and Paddle customer/subscription identifiers) is collected when you upgrade to a paid plan.
From customer accounts. When someone signs up as a customer we collect their email, display name, chosen username, and authentication identifiers. During onboarding or profile edits customers may optionally provide date of birth, gender, mobile number, and a profile picture. As customers use their wallet we record which loyalty cards they saved, stamps issued, completed cards, and rewards redeemed.
Automatically collected. We record basic device category (mobile/tablet/desktop) for analytics on stamp events, along with standard server logs (IP address, user agent, timestamps) needed to operate the service securely.
2. How we use information
- Provide the core loyalty features: create cards, issue stamps, unlock rewards.
- Authenticate accounts and keep them secure.
- Send transactional emails (welcome messages, stamp receipts, reward alerts).
- Show businesses aggregated analytics about their own customers and visits.
- Process subscription payments and manage plan entitlements.
- Investigate abuse, prevent fraud, and comply with legal obligations.
3. Sharing between businesses and customers
A business only sees information about customers who have saved one of that business's cards. Businesses can see the customer's display name, username, stamp progress, redemption history, and — where the customer has provided it — date of birth and gender for birthday and demographic insights. Businesses do not receive customer email addresses or passwords.
4. Service providers (subprocessors)
- Supabase — database, authentication, and file storage.
- Paddle — subscription billing and payment processing for businesses on paid plans.
- Resend — transactional email delivery.
- Cloudflare — hosting and content delivery.
These providers only process data on our behalf to deliver the service.
5. Retention and deletion
We keep account and loyalty data for as long as the account is active. You can request deletion of your account and associated personal data by contacting us at the address below; we will remove data within a reasonable period, except where we must retain records to comply with legal, tax, or fraud-prevention obligations.
6. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Customers can edit their profile directly in the wallet; businesses can update their details in Dashboard → Settings. For anything else, email us and we will respond within a reasonable time.
7. Security
Data is transmitted over HTTPS and stored with row-level access controls so that each account only sees its own data. No system is perfectly secure — if you notice a vulnerability, please report it to the contact address below.
8. Children
Swabzy is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page.
10. Contact
Questions or requests about your data? Email privacy@swabzy.com.
