Privacy Policy

1. Introduction

GetDiscount ("we", "our", "the Platform") is a SaaS loyalty ecosystem that connects Users with participating Businesses ("Merchants"). We provide tools for discovering loyalty programs, earning rewards, storing loyalty cards, and managing digital coupons.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our web or mobile applications.

• For Users, we act as a Data Controller for your account and platform-wide features.
• For Merchants, we act as a Data Processor when handling customer loyalty data on your behalf.

By using GetDiscount, you agree to the practices described in this Privacy Policy.

2. Information We Collect

We follow the GDPR principle of data minimization, collecting only what is necessary to deliver our services.

A. Information Provided by Users

• Account Information: Email (required), Name and Surname (optional)
• Verification Data: Phone number (required for Business Owners and certain high-value reward tiers)
• E-Wallet Content: Users may upload photos or screenshots of third-party loyalty cards. Important: These images are stored locally on your device and are not uploaded to our servers unless explicitly stated.
• Saved Coupons & Cards: Metadata such as expiration date, coupon value, and card type

B. Automatically Collected Data

• Geolocation(Foreground Only): We collect your precise location data (GPS/Network-based) only when the GetDiscount app is open and active on your screen. This data is used exclusively to show you nearby Merchants and available loyalty offers in your immediate vicinity. We do not collect geolocation data when the app is in the background or closed, ensuring that your location privacy is maintained at all times.
• Device & Technical Data: IP address, device type, OS version, browser type, and a unique GetDiscount User ID (UUID)
• Interaction Data: QR scans, reward redemptions, visit history, timestamps, and app usage patterns

C. Business Owner Data

• Business Information: Business name, address, Google Business Profile metadata, tax identifiers
• Management Information: Names and emails of store managers or staff assigned to manage loyalty programs
• Program Configuration: Details of offers, reward structures, and campaign performance

3. Legal Bases for Processing (GDPR Art. 6)

We process your data under the following lawful bases:

• Contractual Necessity: To create your account, track rewards, validate QR codes, and deliver loyalty services
• Consent: For precise geolocation, marketing messages, and optional personalization features
• Legitimate Interest: To prevent fraud, improve platform performance, and provide Merchants with aggregated, anonymized insights
• Legal Obligation: For tax, accounting, and regulatory compliance where applicable

4. How We Use Your Information

We use your data to:

• Provide access to loyalty programs and offers
• Display nearby deals based on your location
• Track your visits, rewards, and coupon usage
• Store loyalty cards in your digital wallet
• Improve search results and program recommendations
• Provide Merchants with analytics and performance insights
• Ensure platform security and prevent fraudulent activity
• Communicate important updates, changes, or promotions (with consent)

5. Data Sharing and Recipients

We do not sell your personal data.

We share data only with:

A. Participating Merchants

When you join a program or scan a QR code, we share:

• Your User ID
• Your loyalty status
• Visit or redemption details

Merchants never receive your email, phone number, or personal identity unless you explicitly provide it.

B. Service Providers

We use trusted third parties for:

• Cloud hosting (e.g., AWS, Vercel)
• Map and geolocation services
• Email and notification delivery
• Analytics and security monitoring

All providers comply with GDPR and industry security standards.

C. Legal Authorities

Only when required by a valid legal request.

6. International Data Transfers

If data is transferred outside the EU/EEA/UK, we use:

• Standard Contractual Clauses (SCCs)
• Additional safeguards where required

This ensures your data remains protected regardless of location.

7. Data Retention

We retain data only as long as necessary:

• User account data: retained until account deletion
• Loyalty history: retained for 24 months after last activity
• Business data: retained for the duration of the Merchant contract
• Logs and security data: 12–24 months depending on purpose

You may request deletion at any time.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and associated data
• Export your loyalty history in JSON format
• Withdraw consent for geolocation or marketing
• Object to analytics or profiling
• Restrict processing under certain conditions

To exercise your rights, contact: privacy@getdiscount.app

9. Security Measures

We use industry-leading security practices:

• TLS 1.3 encryption for data in transit
• AES-256 encryption for data at rest
• Role-based access control for internal staff
• Regular penetration testing and vulnerability scanning
• Secure QR validation to prevent fraud

10. Children's Privacy

GetDiscount is not intended for children under 16. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or platform functionality. We will notify you of significant updates.