How it WorksFor BusinessesPricingFAQGet the App
‹ Back to home

Privacy Policy

How Loopley Ltd collects, uses and protects your personal information.

Last updated: 25 June 2026

This Privacy Notice for Loopley Ltd ("we", "us", or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Download and use our mobile application (Loopley), or any other application of ours that links to this Privacy Notice.
  • Use Loopley — a digital loyalty platform that lets customers collect and use loyalty cards from multiple businesses in one app. Customers hold a single account containing a separate loyalty card for each business they join, earning points on visits and redeeming rewards via a QR code scanned by the business. Businesses use Loopley to create and run points-based loyalty programs, manage members, and add scan-only staff accounts — with no hardware required.
  • Engage with us in other related ways.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have questions or concerns, please contact us at hello@loopley.co.uk.

Summary of Key Points

What personal information do we process? When you use our Services, we process personal information you provide (such as your name and email) and some information collected automatically (such as device and usage data). We deliberately collect as little as possible.

Do we process sensitive personal information? No. We do not process sensitive information (such as racial or ethnic origin, sexual orientation, or religious beliefs).

Do we collect information from third parties? No. We do not collect information about you from third parties.

How do we process your information? To provide and run the loyalty service, manage your account, communicate with you, keep the Services secure and prevent fraud, and comply with law. We process your information only when we have a valid legal reason.

When do we share personal information? Only with the service providers who help us run Loopley (such as our hosting/database provider, payment provider, and postcode-lookup service), and only as needed. We do not sell your personal information, and we do not use it for advertising.

How do we keep your information safe? Through appropriate organisational and technical measures, including database-level access controls and server-side protections. No system is perfectly secure, but we take protection seriously.

What are your rights? Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information. You can exercise most of these directly in the app or by emailing us.

How do you exercise your rights? By using the controls in the app (edit profile, remove a card, delete account) or by contacting us at hello@loopley.co.uk.

Table of Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your personal information?
  5. What is our stance on third-party websites?
  6. Is your information transferred internationally?
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Do we collect information from minors?
  10. What are your privacy rights?
  11. Controls for Do-Not-Track features
  12. Do we make updates to this notice?
  13. How can you contact us about this notice?
  14. How can you review, update, or delete the data we collect?

1. What Information Do We Collect?

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you register on the Services, use features, or contact us. The personal information we collect may include:

  • Names
  • Email addresses
  • Passwords
  • Usernames (your email serves as your login)
  • Phone numbers (for business accounts)
  • Optional profile photo (uploaded by you from your device's photo library)

Sensitive information. We do not process sensitive information.

Payment data. If a business subscribes, we collect the data necessary to process the payment. All payment card data is handled and stored directly by Stripe — we do not store full card numbers. You can review Stripe's privacy notice at https://stripe.com/gb/privacy.

Application data. If you use our app, we may collect the following if you grant permission:

  • Geolocation information. With your permission, we use your device's location to show you nearby businesses in "Discover". We use it live to calculate distance — we do not track or store a history of your location. You can change this in your device settings at any time.
  • Mobile device access. We may request access to your device's camera (to scan loyalty QR codes) and photo library/storage (so you can upload a profile photo). You can change these permissions in your device settings.
  • Mobile device data. We may collect basic device information (such as device model, operating system, and IP address) needed to operate the app, for security, and for troubleshooting.
  • Push notifications. We may send you notifications about your loyalty activity (such as points added or a reward becoming available). You can turn these off in your device settings.

Information collected automatically

In short: Some information — such as your IP address and device characteristics — is collected automatically when you use our Services.

This includes basic log and usage data (such as IP address, device type, and timestamps recorded in our server logs), device data, and location data (only if you enable location). This is primarily used to keep the Services secure and working, and for troubleshooting. We do not use third-party advertising trackers or analytics services.

2. How Do We Process Your Information?

In short: We process your information to provide and run the loyalty service, manage your account, communicate with you, keep the Services secure, and comply with law.

We process your personal information to:

  • Create and manage your account and keep it secure.
  • Deliver the loyalty service — track points, visits, and reward redemptions on your cards.
  • Respond to your inquiries and provide support.
  • Send administrative and service information — such as loyalty notifications and changes to our terms or policies.
  • Manage business subscriptions, trials, and billing.
  • Keep the Services safe — fraud monitoring and prevention.
  • Understand how the Services are used so we can improve them.
  • Maintain accurate loyalty records for businesses — we keep a record of points earned and rewards redeemed on each customer's card with each business, so reward programs operate correctly and fairly and customers' points and rewards are protected.
  • Protect vital interests where necessary to prevent harm.

We do not sell your personal information, use it for third-party advertising, or send you marketing communications.

3. What Legal Bases Do We Rely On?

In short: We only process your personal information when we have a valid legal reason under the UK GDPR and GDPR.

  • Consent — e.g. for location access. You can withdraw consent at any time (for example, by turning off location in your device settings).
  • Performance of a contract — to provide the Services you signed up for, run loyalty cards, and manage business subscriptions.
  • Legitimate interests — to keep the Services secure, prevent fraud, improve the Services, and maintain accurate loyalty records for businesses, where this does not override your rights.
  • Legal obligations — to comply with the law, respond to lawful requests, and exercise or defend legal rights.
  • Vital interests — to protect someone's safety where necessary.

4. When and With Whom Do We Share Your Personal Information?

In short: We share information only with the service providers who help us run Loopley, and only as needed.

We share personal information with third-party service providers who perform services for us and need access to do that work. We have agreements in place designed to safeguard your information; they may only use it as instructed by us and must protect it.

The service providers we may share information with are:

  • Supabase — backend hosting, database, and user account authentication.
  • Stripe — payment processing for business subscriptions.
  • postcodes.io — postcode lookup / geocoding (to convert a business's postcode into map coordinates).
  • TestFlight (Apple) — app testing during pre-release testing phases.

A business you join can see information relevant to your membership of their loyalty program (your name, email, and your activity at their business only). Businesses cannot see your activity at any other business, and other businesses cannot see your data.

Business transfers. We may share or transfer your information in connection with a merger, sale of company assets, financing, or acquisition of all or part of our business.

5. What Is Our Stance on Third-Party Websites?

In short: We are not responsible for the safety of information you share with third parties we may link to.

The Services may link to third-party websites or services (such as a maps app for directions, or Stripe's payment page) that are not operated by us. We do not guarantee, and are not responsible for, the content, privacy, or security practices of those third parties. We encourage you to review their policies.

6. Is Your Information Transferred Internationally?

In short: Our servers are in the United Kingdom, but some of our service providers may process data elsewhere.

Our database servers are located in the United Kingdom. Some of our service providers (such as Stripe) are based in the United States, so your information may be transferred to and processed in other countries.

Where information is transferred outside the UK/EEA, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK equivalent), which require recipients to protect your information in line with UK and European data protection law. Further details are available on request.

7. How Long Do We Keep Your Information?

In short: We keep your information only as long as you have an account with us, unless the law requires longer.

We keep your personal information for as long as you have an account with us. When you delete your account, we remove your account and loyalty cards and anonymise your past transactions (so businesses keep accurate totals but the records are no longer linked to you). We may retain limited information where required for legal, tax, or accounting reasons, or to prevent fraud.

8. How Do We Keep Your Information Safe?

In short: We protect your information with appropriate organisational and technical measures.

We use measures such as encrypted connections, secure authentication, database-level access rules (so each user and business can only access their own data), and server-side controls (so balances and records cannot be tampered with). However, no method of transmission or storage is 100% secure, so we cannot guarantee absolute security. You access the Services at your own risk and should use a secure environment.

9. Do We Collect Information From Minors?

In short: We do not knowingly collect data from anyone under 18.

The Services are not directed at children, and you must be at least 18 years old to create an account. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from someone under 18, we will deactivate the account and delete the information. If you believe we may have collected such information, please contact us at hello@loopley.co.uk.

(Note: customers of a business do not need to hold a Loopley account to benefit from that business's loyalty program in person; the account holder in the app must be 18 or over.)

10. What Are Your Privacy Rights?

In short: You may have rights to access, correct, delete, or restrict the use of your personal information.

Depending on where you live (including in the UK and EEA), you may have the right to: access and obtain a copy of your personal information; request correction or deletion; restrict or object to processing; data portability; and not to be subject to automated decision-making. You can exercise most of these directly in the app:

  • Edit Profile — review and update your information.
  • Remove Card — delete a single loyalty card.
  • Delete Account — delete your account and cards (transactions are anonymised).

You can also contact us at hello@loopley.co.uk.

Withdrawing consent. Where we rely on your consent (such as location access), you can withdraw it at any time — for example, by turning off location in your device settings. This does not affect processing carried out before withdrawal.

Complaints. If you are in the UK and believe we have handled your information unlawfully, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk — though we'd appreciate the chance to address your concerns first.

11. Controls for Do-Not-Track Features

Most browsers and some devices offer a "Do-Not-Track" (DNT) setting. As no uniform standard for DNT has been finalised, we do not currently respond to DNT signals. If a standard is adopted in future, we will update this notice.

12. Do We Make Updates to This Notice?

In short: Yes — we will update this notice as needed to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be shown by a revised "Last updated" date. For material changes, we may notify you in the app. We encourage you to review it periodically.

13. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, email us at hello@loopley.co.uk. We are Loopley Ltd, based in London, England, United Kingdom.

14. How Can You Review, Update, or Delete the Data We Collect?

You may have the right to request access to the personal information we hold about you, correct inaccuracies, or delete it. You can do most of this directly in the app (Edit Profile, Remove Card, Delete Account), or by contacting us at hello@loopley.co.uk.