Privacy Policy
1. Introduction
This Privacy Policy explains how Restilla ("we," "us," or "our") collects, uses, and protects information when you use our Restilla digital loyalty card platform (the "Service").
Contact: contact@restilla.com
2. Information We Collect
2.1 From Merchants
- Account Information: Name, email address, password (encrypted)
- Business Information: Business name, logo, card design preferences
- Payment Information: Processed securely by Stripe (we don't store card numbers)
2.2 From Customers (via Merchants)
- Anonymous Identifiers: Random customer IDs generated by the Service
- Loyalty Data: Points balance, transaction history, pass identifiers
- Technical Data: Device type, browser type, and diagnostic information
- Browser Storage: We use localStorage and cookies to persist your loyalty card on your device.
2.3 Automatically Collected
- Usage Data: Pages visited, features used, and interaction patterns.
- Cookies & Tracking: We use essential cookies for the operation of the Service and, with your consent, Google Analytics to improve our platform.
3. How We Use Information
We use information to:
- Provide and operate the Service
- Generate and update Digital Passes
- Process payments
- Send service-related notifications
- Improve the Service via anonymized usage analytics
- Comply with legal obligations
- Prevent fraud and abuse
4. Cookies and Analytics
4.1 Essential Cookies
We use essential cookies and browser storage (localStorage) to remember your session and keep your digital loyalty card accessible on your device. These are required for the Service to function.
4.2 Google Analytics
With your explicit consent via our cookie banner, we use Google Analytics to collect information about how visitors use our site. This helps us improve our Service. Google Analytics anonymizes your IP address and does not provide us with personal information. You can opt-out at any time via your browser settings or our consent manager.
5. Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Improving the Service | Legitimate interests |
| Legal compliance | Legal obligation |
| Marketing (with consent) | Consent |
6. Data Sharing
6.1 We Do NOT Sell Your Data
We never sell, rent, or trade personal information.
6.2 Service Providers
We share data with trusted providers:
- Hosting: Cloud infrastructure providers
- Payments: Stripe
- Email: Transactional email services
6.3 Platform Providers
We share necessary data with Apple and Google to provide Digital Passes.
6.4 Legal Requirements
We may disclose data when required by law or to protect our rights.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Active accounts | Duration of service |
| Inactive accounts | 2 years after last activity |
| Transaction records | 7 years (legal requirement) |
| Server logs | 90 days |
Upon account termination, data is deleted within 30-90 days.
8. Data Security
We implement appropriate security measures including:
- Encryption in transit (TLS)
- Encryption at rest
- Access controls
- Regular security reviews
9. Your Rights
GDPR Rights (EU/EEA)
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request deletion
- Portability: Export your data
- Object: Object to certain processing
CCPA Rights (California)
- Know: Request disclosure of data collected
- Delete: Request deletion
- Non-Discrimination: Not be discriminated against
To exercise rights: Contact contact@restilla.com
For Customers: Contact the Merchant who issued your loyalty card.
10. Children's Privacy
Our Service is not intended for individuals under 18. We do not knowingly collect data from children.
11. International Transfers
Data may be transferred internationally. For EU transfers, we use Standard Contractual Clauses.
12. Changes to This Policy
We will notify you of material changes via email or in-app notice.
13. Contact Us
Restilla
Email: contact@restilla.com