Privacy Policy

1. Introduction

NoxaLoyalty ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at noxaloyalty.com, our mobile applications, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, password, phone number
• Business Information (for Business Owners): Business name, address, logo, business type, contact details
• Payment Information: Billing address, payment method details (processed securely by our payment provider)
• Profile Information: Profile photo, preferences, settings
• Communications: Messages, feedback, and support requests

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers, browser type
• Usage Data: Pages visited, features used, time spent, click patterns
• Transaction Data: Points earned, points redeemed, purchase amounts, transaction timestamps
• Location Data: General location based on IP address (we do not collect precise GPS location)
• Log Data: IP address, access times, error logs

2.3 Information from Third Parties

We may receive information from third parties, including:

• Social Login Providers: If you sign in with Google, we receive your name, email, and profile picture from Google
• Analytics Providers: Aggregated usage statistics and trends

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Create and manage your account
• Track loyalty points and rewards
• Send you technical notices, updates, and administrative messages
• Respond to your comments, questions, and support requests
• Communicate with you about products, services, offers, and promotions
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience
• Comply with legal obligations

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Business Owners

When you participate in a business's loyalty program, we share your transaction history, points balance, and basic profile information with that Business Owner to enable the loyalty program functionality.

4.2 With Service Providers

We share information with third-party vendors who provide services on our behalf, including:

• Cloud hosting (Supabase, Vercel)
• Payment processing (Xendit)
• Email delivery (Resend)
• Analytics services

4.3 For Legal Reasons

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of NoxaLoyalty, our users, or others.

4.4 Business Transfers

If NoxaLoyalty is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.5 With Your Consent

We may share information with your consent or at your direction.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. We may also retain certain information as required by law or for legitimate business purposes, including:

• Transaction records: 7 years (for tax and legal compliance)
• Account information: Until account deletion requested
• Communication records: 3 years
• Analytics data: 2 years (aggregated and anonymized)

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with hashed passwords
• Regular security audits and vulnerability assessments
• Access controls and employee training
• Secure data centers with physical security measures

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

You may request access to the personal information we hold about you and receive a copy in a portable format.

7.2 Correction

You may update or correct your information through your account settings or by contacting us.

7.3 Deletion

You may request deletion of your account and associated data. Some information may be retained as required by law or for legitimate business purposes.

7.4 Marketing Communications

You may opt out of promotional emails by clicking the "unsubscribe" link in any email. You may still receive transactional emails related to your account.

7.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@noxaloyalty.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how you use our Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may limit your use of some features.

9. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@noxaloyalty.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the Philippines, including the United States and Singapore, where our service providers are located. These countries may have different data protection laws than your country.

We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including standard contractual clauses where applicable.

11. Philippine Data Privacy Act Compliance

We comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. As a data subject under Philippine law, you have the right to:

• Be informed of the collection and processing of your personal data
• Object to the processing of your personal data
• Access your personal data
• Rectify inaccurate personal data
• Suspend, withdraw, or order the blocking, removal, or destruction of your personal data
• Be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data
• File a complaint with the National Privacy Commission

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we will provide a more prominent notice, such as an email notification. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

You may also file a complaint with the National Privacy Commission of the Philippines:

15. Summary of Data Collection