Privacy Policy

Because Gratify supports both customer-facing and business-facing features, the information we collect and how we use it may depend on how you interact with our Services. This Policy describes Gratify's own privacy practices. A participating business may also have its own privacy policy or notice describing its separate privacy practices outside of Gratify.

Defined Terms

Gratify, we, our, or us

Gratify Loyalty Inc.

Personal Information

Information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable individual.

Services

Gratify's website, mobile application, and related products, tools, features, and services.

Participating Business

A business that uses Gratify to offer or manage a loyalty program, rewards, promotions, or related customer engagement features.

Customer User

An individual who uses Gratify to join or interact with a Participating Business's loyalty program.

Business Representative

A business owner, administrator, employee, or invitee who uses Gratify on behalf of a Participating Business.

Visitor

Someone who visits our website, contacts us, or otherwise interacts with Gratify without using Gratify as a Customer User or Business Representative.

Loyalty Data

Information related to loyalty memberships, points balances, rewards, claims, redemptions, message interactions, and other activity necessary to operate a Participating Business's program through Gratify.

1.1 Scope of this Policy

This Policy applies when you:

• visit our website at https://gratifyloyalty.com
• use the Gratify mobile application
• create or use a Gratify account as a Customer User
• create or use a Gratify account as a Business Representative
• join, manage, or interact with a Participating Business's loyalty program through Gratify
• contact us for support or other inquiries

1.2 Gratify's role

Gratify directly operates the Services described in this Policy. We collect and process Personal Information to provide account access, loyalty program functionality, customer support, business management tools, and related communications.

A Participating Business may also collect, use, or disclose information outside of Gratify, such as through its own point-of-sale system, website, email marketing tools, or in-store processes. Those separate practices are governed by that business's own privacy policy or notice, not this Policy.

2.1 Information you provide directly

Depending on how you use Gratify, we may collect the following Personal Information.

2.1.1 Customer User account information

• name
• email address
• password
• profile photo or avatar, if you choose to upload one

2.1.2 Business account information

• business name
• business logo or photos
• business address
• business phone number
• business email address
• business website
• business hours
• subscription or account plan information
• other business profile details you choose to provide

2.1.3 Employee and admin information

• name
• email address
• employee invite information
• role or account status within a business account

2.1.4 Support and contact information

• information submitted through support forms or contact forms
• screenshots, attachments, or images you choose to upload
• the contents of messages you send to us

2.2 Loyalty and account activity information

When you use Gratify, we may collect and store Loyalty Data and related account activity, including:

• Participating Business memberships
• points balances
• rewards available to you
• rewards claimed or redeemed
• promotion or message interactions
• account preferences related to specific businesses
• business-customer relationship records necessary to operate loyalty programs

For Participating Businesses, we may also store operational information such as:

• reward catalog information
• promotions and messages
• customer loyalty records
• redemption records
• business analytics and summary metrics
• employee and invite records
• subscription and billing status metadata

2.3 Images and uploaded content

If you choose to upload content through the Services, we may collect and store:

• customer profile photos
• business photos or logos
• reward images
• promotion images
• support screenshots or attachments

2.4 Login data from third-party providers

If you choose to sign in using Google, we may receive limited information from Google, such as your name, email address, profile photo, and a unique account identifier associated with the login provider. We use this information to authenticate you, create or maintain your account, and support account access.

2.5 Payment and subscription information

If you are a Business Representative, we may store limited subscription or billing-related account information, such as subscription tier or plan, billing status, renewal-related information, and customer or price identifiers associated with billing systems.

We do not store full payment card numbers or card security codes ourselves. If payment processing is used for business subscriptions or related Services, that processing is handled by the applicable third-party payment processor in accordance with its own privacy and security practices.

2.6 Information collected automatically through use of the Services

We may automatically collect limited information related to how the Services operate and how you interact with them, including:

• records of points changes, reward claims, and redemptions
• message and promotion delivery records
• whether a message or promotion was opened
• support request context, such as the platform used and internal account identifiers
• limited app settings or preferences stored to support functionality

2.7 Information we do not knowingly collect

We do not knowingly collect:

• precise geolocation data
• contacts
• microphone data
• biometric identifiers
• phone or SMS authentication data
• payment card numbers directly from Customer Users through the Gratify app

3.1 Camera

We may request camera access to scan QR codes and support related in-app functionality.

3.2 Photos and Media Library

We may request access to your photo library so you can upload profile photos, business photos, reward images, promotion images, or support screenshots.

3.3 Managing permissions

You can control these permissions through your device settings.

4.1 Providing and operating the Services

We use Personal Information to:

• create and manage accounts
• authenticate users and provide account access
• support Google sign-in
• create and manage customer memberships with Participating Businesses
• calculate, update, and display points, rewards, claims, and redemptions
• create and manage business profiles, locations, employees, rewards, promotions, and messages

4.2 Communications

We use Personal Information to send service-related communications, including:

• signup verification emails
• password reset emails
• account deletion confirmation emails
• employee invitations
• support communications

4.3 Loyalty operations and business messaging

We use Personal Information to:

• provide in-app loyalty messaging and promotions
• track loyalty activity, message opens, and redemptions as part of operating the Services
• support Participating Businesses in managing loyalty programs and customer engagement through Gratify

4.4 Support, improvement, and legal compliance

We use Personal Information to:

• respond to support requests, questions, and feedback
• maintain the security, integrity, and operation of the Services
• improve and administer the Services
• comply with legal obligations
• enforce our terms and policies

We do not sell Personal Information for money.

5.1 Service providers

We may share Personal Information with vendors and service providers that help us operate Gratify, such as providers for cloud infrastructure, authentication, database and storage services, transactional email delivery, technical hosting and app delivery services, and billing and payment support where applicable. These providers may access Personal Information only as reasonably necessary to perform services for us.

5.2 Participating Businesses

If you join or interact with a Participating Business's loyalty program through Gratify, we may share relevant information with that business so it can operate and manage its loyalty program through the platform.

This may include:

• your name
• your email address
• your profile photo or avatar, if available
• your membership with that business
• your points balance with that business
• rewards claimed or redeemed with that business
• promotion and message interactions associated with that business
• loyalty activity reasonably necessary to operate that business's program through Gratify

5.3 Employees, administrators, and authorized business users

Within a Participating Business account, authorized owners, administrators, and employees may be able to access information needed to manage that business's Gratify account and loyalty program.

5.4 Legal requirements

We may disclose Personal Information if required to do so by law or if we reasonably believe disclosure is necessary to comply with legal process, respond to lawful requests by public authorities, enforce our agreements or policies, or protect the rights, property, or safety of Gratify, our users, or others.

5.5 Business transfers

We may disclose or transfer Personal Information in connection with a merger, acquisition, financing, asset sale, bankruptcy, or other corporate transaction involving all or part of our business.

6.1 Loyalty programs

Participating Businesses may use Gratify to offer loyalty programs, manage rewards, and communicate with Customer Users linked to that business through the platform.

If you join or use a Participating Business's loyalty program through Gratify, we may process information related to:

• your membership in that business's program
• your points balance and reward activity with that business
• the creation and delivery of in-app messages or promotions
• message recipients
• whether a message or promotion was opened
• whether a reward or promotion was redeemed

6.2 Customer controls

Customer Users may be able to mute communications from a specific Participating Business within the app where that functionality is available.

6.3 Participating Business privacy practices outside Gratify

A Participating Business may also collect or use your information outside of Gratify, such as during an in-store transaction, through its own website, or through its own marketing tools. Those separate practices are governed by that business's own privacy policy or notice, not this Policy.

7.1 Data retention

We retain Personal Information for as long as reasonably necessary for the purposes described in this Policy, including to:

• maintain active customer and business accounts
• operate loyalty programs and business relationships
• provide support
• comply with legal, accounting, tax, or regulatory obligations
• resolve disputes
• enforce our terms and policies
• maintain security and fraud prevention records

Retention periods may vary depending on the type of information and the context in which it was collected.

When we no longer need Personal Information for these purposes, we will delete it, anonymize it, or securely store it until deletion is reasonably possible.

7.2 Account deletion and requests

You may request deletion of your account or Personal Information by contacting us using the information in Section 11 below.

After deletion is confirmed, we may place the account in a pending deletion state, disable access, and retain account data for up to 60 days before permanent deletion from active systems.

In some cases, we may need to verify your identity before processing a deletion request.

We may also retain certain information where required or permitted by law, for security purposes, to resolve disputes, to enforce agreements, or where immediate deletion is not technically feasible.

This may include limited legal, billing, tax, accounting, fraud-prevention, chargeback, and security records for up to 7 years where required or permitted by law.

7.3 Security

We use reasonable administrative, technical, and organizational measures designed to protect Personal Information. However, no method of transmission over the internet and no electronic storage system can be guaranteed to be completely secure. As a result, we cannot guarantee absolute security.

8.1 Age limitations

Gratify is not directed to children under 13, and we do not knowingly collect Personal Information from children under 13.

If you are under 13, please do not use the Services or provide us with Personal Information.

8.2 If we learn information was collected from a child under 13

If we learn that we have collected Personal Information from a child under 13 without appropriate authorization, we will take reasonable steps to delete that information.

If you believe a child under 13 has provided us with Personal Information, please contact us.

9.1 Your privacy rights

Depending on where you live, you may have certain privacy rights under applicable law, including the right to:

• request access to Personal Information we hold about you
• request correction of inaccurate Personal Information
• request deletion of Personal Information
• request information about how we collect, use, and disclose Personal Information
• withdraw consent where processing is based on consent, where applicable
• opt out of certain communications, where applicable

These rights may be subject to legal exceptions and verification requirements.

To exercise a privacy-related request, including a request to review, update, correct, or delete certain Personal Information, please contact us in accordance with the Contact Us section below.

9.2 U.S. Privacy Disclosures

9.2.1 Categories of Personal Information we may collect

Identifiers

Examples include name, email address, account identifiers, and business-related identifiers.

Customer record information

Examples include contact and profile details.

Commercial information

Examples include loyalty memberships, rewards, claims, redemptions, message interactions, and business subscription information.

Internet or similar network activity

Examples include limited app and service interaction records, such as message opens, promotion opens, and related activity.

Audio, electronic, visual, or similar information

Examples include uploaded photos, logos, reward images, promotion images, and support screenshots.

Professional or employment-related information

Examples include business owner, admin, and employee account information.

We do not knowingly collect biometric information, precise geolocation data, education records, or sensitive Personal Information as defined under certain state laws, except as may be incidentally included in support materials you voluntarily provide.

9.2.2 Sources of Personal Information

We may collect Personal Information:

• directly from you
• automatically through your use of the Services
• from Google if you choose to sign in with Google
• from Participating Businesses, owners, administrators, or employees using Gratify to manage loyalty programs and related account activity

9.2.3 Disclosure of Personal Information

We may disclose Personal Information to:

• service providers and contractors
• Participating Businesses whose loyalty programs you join or use
• legal authorities when required by law
• parties involved in corporate transactions

We do not sell Personal Information for money. We also do not use Personal Information for cross-context behavioral advertising as described under certain state privacy laws.

9.2.4 Do Not Track

Some web browsers offer a Do Not Track setting. Because there is not yet a universally accepted standard for how to interpret and respond to Do Not Track signals, Gratify does not currently respond to them.

10.1 Updates

We may update this Policy from time to time. If we make changes, we will revise the Last updated date at the top of this page. If required by law, we will provide additional notice.

10.2 Continued use

Your continued use of the Services after an updated Policy becomes effective means the updated Policy will apply to your use of the Services.

Please contact us if you have any questions about this Policy, our privacy practices, or would like to exercise any privacy-related rights, and we will review and respond within a reasonable timeframe.

You can contact us at privacy@gratifyloyalty.com or at our postal address below: