← Back to Loyalshy

Privacy Policy

Last updated: March 2026

Company Information

HEX CONCEPTS STUDIO, S.L.

VAT: B27646645

Av. Convent 11, 25123 Torrefarrera (Lleida), Spain

1. Who We Are

Loyalshy ("we", "us", "our") operates a digital loyalty platform at loyalshy.com. We help small businesses create and manage Apple Wallet and Google Wallet passes for stamp-card and coupon loyalty programs.

For privacy inquiries, contact us at hello@loyalshy.com.

2. Data We Collect

Account data: When you register, we collect your name, email address, and password (hashed). If you create an organization, we store business name and branding assets.

Contact data: Businesses using our platform may add contacts (their customers) with names, email addresses, and phone numbers to issue digital passes.

Usage data: We collect anonymized page views via Plausible Analytics, which does not use cookies and does not track personal data.

Payment data: Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never store card numbers or bank details.

Technical data: Error reports are collected via Sentry for debugging purposes and may include IP addresses, browser type, and request details. These are retained for 30 days.

3. How We Use Your Data

  • To provide and maintain the Loyalshy platform
  • To generate and deliver digital wallet passes (Apple Wallet, Google Wallet)
  • To send transactional emails (pass delivery, account notifications) via Resend
  • To process payments and manage subscriptions via Stripe
  • To monitor and fix errors via Sentry
  • To improve our product based on anonymized usage patterns

4. Third-Party Services

We share data with the following services, each operating under their own privacy policies:

  • Stripe — Payment processing (PCI DSS compliant)
  • Resend — Transactional email delivery
  • Cloudflare R2 — File storage (logos, images) via S3-compatible API
  • Sentry — Error tracking and monitoring
  • Plausible Analytics — Privacy-first website analytics (no cookies, no personal data)
  • Apple Wallet / Google Wallet — Digital pass generation and delivery
  • Neon — PostgreSQL database hosting
  • Vercel — Application hosting

5. Data Retention

We retain your account data for as long as your account is active. Contact data is retained as long as the organization account exists. You may request deletion at any time.

Error logs (Sentry) are retained for 30 days. Analytics data (Plausible) is aggregated and contains no personal information.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Ask us to correct inaccurate data
  • Erasure — Ask us to delete your personal data
  • Portability — Request your data in a machine-readable format
  • Restriction — Ask us to limit how we use your data
  • Objection — Object to our processing of your data

To exercise any of these rights, email hello@loyalshy.com. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, secure session management, and role-based access controls. API keys are stored as SHA-256 hashes.

8. Children

Loyalshy is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email.

10. Contact

For any questions about this privacy policy, contact us at hello@loyalshy.com.

Privacy Policy — Loyalshy — Loyalshy