Tap Loyalty - Automatic Rewards for Your Favorite Places

Tap Loyalty ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services, including the Tap Loyalty mobile application, the Tap Loyalty merchant portal, and our website (www.taployalty.com.au).

By using our platform, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect the following types of information:

A. Information You Provide:

Personal Information: Name, email address, mobile number, password.
Merchant Information: Business name, ABN, contact details, selected payment provider, merchant ID, and loyalty program setup details.
Customer Profile Data: Loyalty preferences, demographic info (e.g. age range, gender), profile image, and settings.
Communication Data: Messages, customer service inquiries, and any feedback you provide.

B. Information We Automatically Collect:

Transaction Data: Through open banking APIs (e.g., Basiq), with explicit consent, we collect transaction metadata including merchant name, transaction amount, date/time, and card scheme.
Device Data: Device type, OS version, IP address, browser type, screen resolution, language settings, and unique device identifiers.
Usage Analytics: Feature usage, session length, page views, and clickstream data.
Authentication Logs: Login timestamps, failed attempts, token status, Firebase auth metadata.

C. Information from Third Parties:

Open Banking Providers: When users link a bank account, we receive permitted data such as transaction history via Basiq. Consent is obtained explicitly.
Firebase Services: Firebase Authentication, Firestore Database, Cloud Functions, and Hosting may collect and process personal and technical data.

2. Legal Basis for Processing Data

We rely on the following legal bases to process your personal data:

Consent: For linking bank accounts, marketing communications, and storing preferences.
Contractual Necessity: To provide services outlined in our Terms of Use.
Legitimate Interests: To improve our services, prevent fraud, analyze user behavior, and secure our systems.
Legal Compliance: To comply with tax, accounting, and regulatory obligations.

3. How We Use Your Information

We use the collected information to:

Facilitate transactions and allocate loyalty points
Match users with relevant offers from participating merchants
Personalize user experiences across the app
Analyze app and merchant portal performance
Maintain system security and monitor suspicious activity
Provide support, respond to inquiries, and communicate updates
Conduct internal audits and research to enhance services
Meet legal and compliance obligations

4. Sharing and Disclosure

We never sell your data. We may share your data in the following scenarios:

With Service Providers: Firebase (Google), analytics tools, support platforms, cloud storage, and email services.
With Merchants: Only anonymized or explicitly consented user data to help merchants measure loyalty engagement.
With Payment and Banking APIs: When needed to confirm and process transactions.
Legal Requests: To comply with law enforcement, court orders, or applicable regulations.
Business Transfers: In the event of a merger, acquisition, or sale of assets, we may transfer data to involved parties.

5. Cross-Border Data Transfers

As Tap Loyalty uses Firebase and other third-party services hosted globally, your data may be transferred and stored outside Australia, including in the United States. We take steps to ensure your data is protected in accordance with Australian Privacy Principles and international best practices.

6. Data Retention

We retain personal information for as long as necessary to provide services, comply with our legal obligations, resolve disputes, and enforce our agreements. Transactional data and user history may be retained in de-identified form for analytics purposes after account deletion.

7. Security of Your Information

We implement a variety of security measures, including:

Encrypted data storage using Firebase Firestore and Cloud Functions
HTTPS encryption for all data in transit
Role-based access controls for internal team members
Secure authentication via Firebase Auth

However, no system is completely secure. Users are responsible for safeguarding account credentials and reporting any suspicious activity.

8. User Rights and Choices

You have the right to:

Access and update your personal data
Request deletion of your account
Withdraw consent to data processing at any time
Request a copy of data we hold on you
Object to profiling or automated decision-making
Opt out of marketing communications via app settings or unsubscribe links

To exercise your rights, contact us at privacy@taployalty.com.au.

9. Data Breach Notification Protocol

In the event of a data breach, we will:

Notify affected users within 72 hours (where feasible)
Inform the Office of the Australian Information Commissioner (OAIC) if required
Take immediate steps to contain and assess the breach

10. Children's Privacy

Tap Loyalty is not intended for use by individuals under the age of 13. We do not knowingly collect data from minors. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify users through app notifications, email, or updates posted to our website. Please review the policy regularly.

12. Contact Us

If you have questions or concerns about this Privacy Policy or your personal data, please contact us:

Email: privacy@taployalty.com.au

Mailing Address: Tap Loyalty Pty Ltd, Sydney NSW 2000, Australia

We are committed to safeguarding your information and providing you with full transparency on how your data is used.