Privacy Policy

This Privacy Policy explains how Alvy collects, uses, stores, and protects personal information when businesses and customers use our website, dashboard, wallet pass tools, QR code joining, staff scanning, and related services.

Alvy is designed for businesses. In many cases, the business using Alvy controls how customer information is collected and used, while Alvy processes that information to provide the service.

We may collect business owner details such as name, email address, phone number, business name, location, subscription status, and billing information.

We may collect customer details entered through loyalty joins, such as name, phone number, email address, date of birth where enabled, loyalty progress, visit history, reward status, wallet pass identifiers, and QR scan records.

We may collect staff account details such as staff name, phone or username, branch, role, login records, and activity such as stamps or rewards recorded.

We use information to create and manage business accounts, provide loyalty cards, generate wallet passes, process scans, track stamps and rewards, support branches and staff, send service messages, handle billing, improve Alvy, prevent misuse, and provide support.

We may use business contact details to send onboarding, billing, security, product, and support messages.

Businesses are responsible for ensuring they have a lawful reason to collect and use customer data through Alvy.

Alvy processes customer data to provide the loyalty service, including wallet pass creation, card updates, reward tracking, analytics, and customer support requested by the business.

We use trusted service providers to operate Alvy. These may include hosting, database, authentication, payment, email, analytics, Apple Wallet, Google Wallet, and infrastructure providers.

Examples may include Supabase, Vercel, Stripe, Resend, Apple, and Google where relevant to the service being used.

Payments are processed by third-party payment providers such as Stripe. Alvy does not store full card numbers. Payment providers process billing information according to their own terms and privacy notices.

We keep personal information only for as long as needed to provide Alvy, meet legal or accounting requirements, resolve disputes, prevent abuse, and maintain business records.

Businesses may request deletion or export of their account data, subject to legal, security, and technical limitations.

We use reasonable technical and organisational measures to protect information, including access controls and secure service providers.

No online service can guarantee perfect security. Businesses are responsible for keeping owner and staff access secure.

Depending on where you are located, you may have rights to access, correct, delete, restrict, or object to the use of personal information.

Customers should usually contact the business whose loyalty card they joined first, because that business controls the loyalty relationship.

For privacy questions, contact alvy.co.uk@gmail.com.