Privacy Policy

1. Introduction

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Email address and authentication credentials
• Profile information (name, preferences)
• Location data (GPS coordinates when you grant permission for nearby merchant discovery)
• Name, nationality, and phone number (required for premium membership)
• Communication data when you contact us

2.2 Usage Information

We automatically collect certain information about your use of our Service:

• Device information (IP address, browser type, operating system)
• Usage patterns and preferences
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes, based on the legal grounds specified under GDPR:

• Provide, maintain, and improve our Service

  Legal basis: Performance of contract (GDPR Art. 6(1)(b))
• Process transactions and manage your account

  Legal basis: Performance of contract (GDPR Art. 6(1)(b))
• Display nearby merchants and personalize recommendations based on your location

  Legal basis: Consent (GDPR Art. 6(1)(a)) and Legitimate interest (GDPR Art. 6(1)(f))
• Send you relevant discount offers and notifications

  Legal basis: Legitimate interest and consent (GDPR Art. 6(1)(f) and 6(1)(a))
• Respond to your inquiries and provide customer support

  Legal basis: Performance of contract (GDPR Art. 6(1)(b))
• Ensure security and prevent fraud

  Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
• Analyze usage patterns to enhance user experience

  Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
• Comply with legal obligations

  Legal basis: Legal obligation (GDPR Art. 6(1)(c))

Location Services: You can deny location permission and still use our Service with limited functionality. You may grant or revoke location access at any time through your device settings or browser preferences. Denying location access will not affect your ability to browse discounts, but nearby merchant recommendations will not be available.

4. Information Sharing and Disclosure

We do not sell, trade, or share your personal information to third parties. Your personal information remains confidential, and we do not disclose it to anyone, including our partner merchants. Partner merchants can only verify your membership status through a secure verification system without accessing your personal information.

We may share your information only in the following limited circumstances:

• Service Providers:

  • Google Firebase Services:
    • Firebase Authentication (user authentication, including Google sign-in)
    • Firebase Firestore (database service)
    • Firebase Storage (file storage service)
    • Firebase Cloud Functions (backend cloud functions service)
    • Firebase Analytics (usage analytics service, requires user consent)
    • Firebase App Check (uses reCAPTCHA Enterprise to protect APIs)
  • Google Identity Services:
    • Google One Tap (sign-in service)
  • Stripe:
    • Payment processing and subscription management services
• Consent:

  When you explicitly consent to sharing
• Legal Requirements:

  When required by law or to protect our rights and safety
• Business Transfers:

  In connection with mergers, acquisitions, or asset sales

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

• Right of Access (Art. 15):

  You have the right to access and obtain a copy of your personal data
• Right to Rectification (Art. 16):

  You have the right to correct inaccurate or incomplete personal information
• Right to Withdraw Consent (Art. 7):

  Where processing is based on consent, you have the right to withdraw your consent at any time
• Right to Object (Art. 21):

  You have the right to object to the processing of your personal data, including for marketing purposes
• Right to Erasure (Art. 17):

  You have the right to request deletion of your account and associated data (“right to be forgotten”)
• Right to Data Portability (Art. 20):

  You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller
• Right to Restriction of Processing (Art. 18):

  You have the right to request that we limit the processing of your personal data
• Right to Lodge a Complaint (Art. 77):

  You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred

6.1 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data:

  Retained until you delete your account or request deletion
• Location data:

  Stored in your user profile and retained until you delete your account or request deletion. Historical location records may be retained for behavior analysis purposes, subject to your consent
• Marketing communications:

  Retained until you opt-out or unsubscribe
• Usage data:

  Retained for up to 2 years for service improvement purposes
• Transaction records:

  Retained for 10 years to comply with EU tax and accounting regulations

6.2 How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the contact information provided in Section 11. We will respond to your request within one month, as required by GDPR. In some cases, we may need to verify your identity before processing your request.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You can control cookie settings through your browser, but disabling cookies may affect Service functionality.

8. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review their privacy policies.

9. International Data Transfers

We store your data exclusively in Google's European service regions, specifically in the europe-west1 region (Belgium), and do not transfer it to other countries. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Children's Privacy

Our Service does not target children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your GDPR rights, or have concerns about how we handle your personal data, please contact us:

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority in the EU member state where you reside.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.