LoyalKit
Sign inStart free

Privacy Policy

Last updated: May 28, 2026

LoyalKit is a digital loyalty card service operated by Mahmoud El Batish ("LoyalKit," "we," "us", "operator"). We provide digital loyalty cards for businesses of any kind, delivered through Apple Wallet and Google Wallet. This policy explains what information we collect from business owners who use our service and from end customers who join a participating business's loyalty program through LoyalKit.

Information we collect

From shop owners: business name, contact email, password hash, phone number (optional), shop location, and any branding assets (logo, brand color, welcome message) the owner uploads.

From end customers (loyalty program participants): first name, phone number, current stamp count, and visit timestamps at the specific shop the customer joined. We do not collect payment information from end customers.

Technical data: IP address and browser user-agent, used for security, abuse prevention, and basic analytics.

How we use information

  • To operate the loyalty program: issue and update wallet passes, count stamps, and deliver rewards.
  • To provide the owner dashboard, including customer lists and aggregated activity metrics.
  • To communicate service updates and respond to support requests.

We do not sell personal data. We do not share personal data with third parties for advertising.

Wallet passes

When a customer adds a LoyalKit loyalty card to Apple Wallet or Google Wallet, the pass payload (shop name, brand color, customer first name, stamp count, reward description, and a QR code used by the shop for identification) is delivered to Apple or Google so the pass can be displayed on the customer's device. This is the standard Apple Wallet and Google Wallet pass flow. No payment information is included in passes. Apple and Google may collect additional device-level information under their own privacy policies.

Data retention

Customer records are retained while the loyalty card is active. Customers may request deletion at any time by emailing mahmoudbatish8@gmail.com. Shop owners may also delete customer records from their dashboard. Deleted records are purged from active systems immediately and from encrypted backups within 30 days.

Security

  • All data is transmitted over HTTPS.
  • Data at rest is stored in encrypted databases hosted on Google Firebase.
  • Access to customer data is scoped per shop; owners and their staff can only see data for shops they administer.

Your rights

Customers and shop owners may request access to, correction of, or deletion of their personal data by contacting us at the address below. We will respond within 30 days.

Children

LoyalKit is not directed at children under 13, and we do not knowingly collect personal data from children under 13.

Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with a new "Last updated" date.

Contact

Questions about this policy? You can reach Mahmoud El Batish at mahmoudbatish8@gmail.com