Privacy Policy

1. Introduction

WalletVoucher ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have in relation to it.

By using WalletVoucher (the "Service"), you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information in the following ways:

Information you provide directly

• Account registration details: first name, last name, and email address
• Authentication credentials (password, or OAuth tokens via Google or Apple sign-in)
• Billing information: name, billing address, and payment card details (processed and stored by Stripe — we never store raw card data)
• Content you create: pass designs, images, text fields, organization names, and team invite codes
• Marketing preferences: whether you opt in to receive product updates and promotional emails

Information collected automatically

• Usage data: pages visited, actions performed in the dashboard, and feature interactions
• Log data: IP address, browser type, operating system, referring URLs, and timestamps
• Device registration data from Apple Wallet and Google Wallet when a customer adds a pass to their wallet
• Pass interaction data: when a pass is downloaded, stamped, redeemed, or removed from a wallet

Information about your customers

When your customers download and use passes you create, we process limited data on their behalf — including device push tokens, wallet platform (Apple or Google), pass interaction events (stamps, redemptions), and approximate location for geofencing triggers. You, as the organization owner, are responsible for informing your own customers about how their data is used in connection with your passes.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process subscription payments and manage billing through Stripe
• Create and deliver wallet passes to your customers on your behalf
• Send push notifications and location-based alerts to pass holders as configured by you
• Generate pass statistics and history visible in your dashboard
• Send transactional emails (account confirmation, password reset, billing receipts)
• Send marketing emails if you have opted in — you can unsubscribe at any time
• Improve and develop the Service based on usage patterns
• Respond to support requests and communicate with you about your account
• Enforce our Terms of Service and comply with legal obligations

4. Legal Basis for Processing

Where applicable under data protection law (including the GDPR), we rely on the following legal bases to process your personal data:

• Contract performance — processing necessary to provide the Service you have signed up for, including account management, pass creation, and billing
• Legitimate interests — improving the Service, preventing fraud and abuse, and communicating service-related updates
• Consent — sending marketing emails, which you can withdraw at any time from your account settings
• Legal obligation — retaining certain records as required by applicable law

5. Sharing of Information

We do not sell your personal data. We share data only in the following circumstances:

• Stripe — for payment processing. Stripe handles all card data and is PCI-DSS compliant. View Stripe's privacy policy at stripe.com/privacy.
• Apple and Google — pass files and update notifications are delivered through Apple's PassKit infrastructure and the Google Wallet API respectively. Device registration tokens are exchanged with these platforms as required to deliver real-time pass updates.
• Email service providers — used to send transactional and marketing emails on our behalf, with access limited to what is necessary to deliver messages.
• Hosting and infrastructure providers — our servers and databases are hosted by third-party cloud providers who process data on our behalf under data processing agreements.
• Legal requirements — we may disclose your information if required to do so by law or in response to valid requests by public authorities.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (such as billing records, which may be retained for up to 7 years).

Pass instance data (stamp history, redemption records) is tied to your account and organization. Deleting an organization permanently removes all associated passes, pass instances, and history immediately.

7. Cookies and Tracking

We use cookies and similar technologies to operate the Service, maintain your session, and understand how the Service is used. These include:

• Session cookies — necessary to keep you logged in while you navigate the dashboard
• Preference cookies — to remember settings such as theme preferences
• Analytics cookies — to collect aggregate, anonymized information about how users interact with the Service so we can improve it

You can control or disable cookies through your browser settings. Disabling strictly necessary cookies may affect the functionality of the Service.

8. Data Security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. All data transmitted between your browser and our servers is encrypted in transit via HTTPS/TLS.

Passwords are stored using strong one-way hashing. Payment card data is never stored on our servers — it is tokenized and managed entirely by Stripe.

While we implement industry-standard safeguards, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data, subject to legal retention obligations
• Restriction — request that we limit how we process your data in certain circumstances
• Portability — request a machine-readable copy of your personal data
• Objection — object to processing based on legitimate interests, including direct marketing
• Withdraw consent — where processing is based on your consent (e.g. marketing emails), you can withdraw it at any time from your account settings without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@walletvoucher.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.

11. International Data Transfers

Your data may be processed in countries outside of your own, including countries where data protection laws may differ. Where we transfer personal data internationally, we ensure appropriate safeguards are in place — such as standard contractual clauses approved by relevant data protection authorities — to protect your data to the same standard required in your home jurisdiction.

12. Third-Party Links

The Service may contain links to third-party websites or services (for example, Stripe's billing portal). We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any external services you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or by posting a prominent notice within the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at: