Loyalty Chips acts as a processor for customer data a merchant collects through its chips, cards, stands, wristbands, stickers, and reward pages. Merchants remain the controller of their customer relationship and decide which rewards, campaigns, and exports they use.
Processing summary
- Subject matter: NFC/QR loyalty capture, reward redemption, customer list management, campaign tooling, attribution, and support.
- Duration: For the merchant account term, plus the retention period described in the Terms and Privacy Policy.
- Data subjects: Merchant account users and customers who interact with merchant-owned loyalty surfaces.
- Data categories: Name, email, phone, consent flags, reward terms acceptance, scan timestamps, chip ID, redemption state, campaign metadata, and hashed request metadata.
- Security: TLS, managed encrypted database storage, signed cookies, hashed one-time tokens, rate limits, CORS allowlists, audit logs, and raw-IP minimization as described on the Security page.
Requesting a signed DPA
Merchants that need a signed DPA can request one from legal@loyaltychips.com. Include the merchant legal name, billing email, jurisdiction, and any required procurement language.