LoyaltyVIP
Privacy

Plain-language privacy policy.

Effective April 30, 2026. We update this when we change anything material; you’ll get 30 days’ notice before changes take effect.

TL;DR
  • We store the bare minimum needed to run the product.
  • We never sell, rent, or aggregate your data for resale.
  • We never train models on your data.
  • Hosts only see what you explicitly share via Share Links.
  • You can export everything in one click. You can delete everything in one click.
01

What we collect

Account email, session data you log (or import via email forwarding), W-2G photos you scan, casino player cards you add, and Share Links you generate. We log security-relevant events (sign-in, MFA, profile changes) for audit. We do not collect your SSN, address, or any of the data the casinos already harvest.

02

How we store it

AES-256 at rest. Per-row encryption keys for tax documents (W-2Gs). TLS 1.3 in transit. AWS us-east-1 (default) or us-west-2 (on request). Backups encrypted and rotated; retention 7 days for logs, 30 days for snapshots, longer windows are available to enterprise/host accounts on request.

03

Who can see it

Only you, unless you generate a Share Link. Each Share Link is a read-only token bound to a specific scope you choose, with optional expiration and per-link revoke. Hosts in the marketplace see only the public profile fields you mark public, plus anything you send them via a Share Link.

04

Third parties

We use AWS for infrastructure, Cognito for authentication, Mailgun for transactional email, and Stripe for payment processing on the host side. We do not run third-party analytics, ad pixels, or session-replay tooling in the authenticated app. We will tell you 90 days in advance if we ever add a third-party processor that touches your data.

05

Your rights

Export everything (JSON or CSV) at any time. Delete your account and we will hard-delete your data within 24 hours, except for tax-record retention windows where law requires longer keeping. You can request access, correction, or restriction of processing by emailing privacy@loyaltyvip.com.

06

Changes to this policy

We will notify you by email at least 30 days before any material change. Trivial edits (typos, clarifications) are made without notice but logged in the document history. The current version is dated below; previous versions available on request.

Questions? Email privacy@loyaltyvip.com or read our terms of service.