Privacy Policy

Effective Date: January 1, 2025
Last Updated: December 16, 2025

This policy applies to the LoyalBean Cafe Owner App

← Back to LoyalBean

1. Information We Collect

1.1 Account Information

  • Email address (from Apple Sign-In, Google Sign-In)
  • Display name and profile information
  • Account creation and last login dates
  • User preferences and settings

1.2 Usage Information

  • QR code scans and point allocations
  • Customer visit records and loyalty redemptions
  • App usage patterns and feature interactions
  • Device information (iOS/Android version, app version)

1.3 Location Information

  • Cafe location and address
  • Geographic data for customer discovery features

1.4 Business and Subscription Information

  • Subscription status and billing history through Google Play
  • Business name and cafe operational details
  • Staff accounts and role assignments
  • Customer analytics data and transaction summaries
  • Peak hours, visit frequency, and retention metrics
  • Loyalty program configuration and reward structures

2. How We Use Information

  • Managing your cafe's loyalty program
  • Processing customer check-ins and reward redemptions
  • Providing business analytics and reporting
  • Processing subscription payments through Google Play
  • Supporting multi-staff access and permissions management
  • Enabling customer discovery of your cafe location
  • Service-related notifications and support
  • Analytics and service improvement

3. Information Sharing

3.1 Customer Data

As a cafe operator, you have access to:

  • Customer names and email addresses
  • Loyalty point balances at your establishment
  • Visit history and transaction records at your cafe
  • Redemption patterns and preferences

Important: You are responsible for handling customer data in compliance with applicable privacy laws. Do not use customer data for purposes beyond operating your loyalty program.

3.2 Third-Party Services

We use third-party services that may access your information:

  • Firebase (Google): Database, authentication, analytics
  • Apple Sign-In: Authentication and profile information
  • Google Sign-In: Authentication and profile information
  • Google Play Billing: Subscription payment processing
  • Cloud service providers: Data hosting and backup

4. Data Security

We take the security of your information seriously and apply due diligence through the following measures:

  • Data is stored on Google Firebase, which provides enterprise-grade infrastructure with encryption at rest and in transit
  • Firebase App Check is enforced to verify that only legitimate app builds can access our backend
  • Firestore security rules restrict data access so cafe owners can only access their own data
  • We conduct regular security reviews and apply patches as vulnerabilities are identified
  • Sensitive credentials are not stored in our apps — all payment processing is handled by Google Play Billing

Despite these measures, no system is completely immune to security risks. We cannot guarantee absolute prevention of unauthorized access or data breaches. We will notify affected users as required by applicable law in the event of a security incident.

5. Your Rights and Choices

You may:

  • View your account information in the app
  • Update your cafe profile and preferences
  • Manage staff access and permissions
  • Request a copy of your data
  • Delete your account through app settings or by visiting our account deletion page
  • Cancel your subscription through Google Play Store

6. Data Retention

  • Account information: Until account deletion
  • Transaction history: 7 years or as required by law
  • Business analytics: 2 years from collection
  • Subscription records: 7 years or as required by law
  • Technical logs: 1 year from creation

You may request deletion of your information, but we cannot guarantee complete removal from all systems, deletion from backup systems, or removal from third-party services.

7. International Data Transfers

Your information may be processed in countries other than your residence, including the United States and European Union. We make no guarantees about the privacy laws or protections in other jurisdictions.

8. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Legal Limitations

To the maximum extent permitted by law, our liability for privacy incidents is limited to direct damages where we have failed to meet our stated security commitments. We are not liable for third-party data misuse, events outside our reasonable control, or consequential damages beyond what is required by applicable law.

10. Contact Information

For privacy-related questions:

Email: [email protected]

Response Time: We aim to respond within 30 days but make no guarantees about response times or resolution of privacy concerns.

By using the LoyalBean Cafe Owner Service, you acknowledge the data practices described in this policy and consent to the collection and use of your information as described. We are committed to protecting your data and will handle it responsibly in accordance with this Privacy Policy.