📜 Privacy Policy

1. Who We Are

Loytap is operated by HILVY LTD (Company number 11529251), located at:

71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ.

You can contact us at: info@hilvy.io

2. What Information We Collect

Early Access Form

When you submit our early access form, we collect:

• Your name
• Email address
• Cafe name
• Domain information (if applicable)
• Preferred launch timeline

Loytap Platform Data

When you use the Loytap loyalty platform, we collect and process on behalf of participating cafes:

• Customer information: Name, email address, birthday
• Visit data: Timestamps of visits to participating cafes
• Purchase information: Items ordered or redeemed
• Loyalty activity: Points earned, rewards redeemed, visit frequency

👉 Note: We do not collect addresses, payment details, or other sensitive personal data.

3. How We Use Your Information

Early Access Information

Used to:

• Contact you regarding early access and onboarding
• Understand your business needs
• Provide support and product updates (if you opt in)

Platform Data

Used to:

• Power the loyalty program for cafes
• Track customer visits and reward activity
• Calculate and manage loyalty points and redemptions
• Send birthday rewards and promotional emails (with customer consent)
• Provide analytics and insights to participating cafes
• Ensure platform performance and detect issues

We do not use platform data for our own marketing or share it with third parties beyond what's necessary to operate the service.

4. Legal Basis for Processing

We process personal data under the UK GDPR on the following bases:

For Early Access:

• Legitimate interests – to respond to your request and support your use of the platform
• Consent – for marketing communications (can be withdrawn at any time)

For Loyalty Platform Operations:

• Contractual necessity – to deliver the service you signed up for
• Legitimate interests – to analyse performance and improve the service
• Consent – for optional features like birthday emails or rewards

5. Data Storage, Hosting & Transfers

We host all customer and client data in the United Kingdom using NeonDB, with our server location explicitly set to the UK. This means no personal data is transferred outside the UK.

All data is encrypted in transit and at rest.

6. Data Sharing & Third Parties

We do not sell, trade, or rent personal data to third parties.

We only share data with trusted providers who help us deliver the Loytap platform, including:

• Cloud database hosting – NeonDB (UK-based storage)
• Email delivery services – e.g., Resend, SendGrid (for transactional messages)
• Analytics tools – to monitor platform usage and improve performance

Participating cafes can access their own customer loyalty data and export it at any time. They cannot access data from other cafes.

7. Data Retention

We retain personal data only as long as needed to operate our services.

• For platform clients: We retain loyalty data for the duration of the cafe's subscription. When a cafe cancels, we retain data for an additional 30 days for data export. After that, all data is securely and permanently deleted.
• For early access forms: Data is kept for up to 12 months, unless deleted earlier upon request.

8. Analytics & Platform Usage Tracking

We use usage analytics tools to help us:

• Understand how cafes and customers interact with the platform
• Improve platform features and experience
• Identify bugs or performance issues

This data is aggregated and does not include personally identifiable information unless needed for technical diagnostics or support.

9. Your Rights Under UK GDPR

As a data subject, you have the right to:

• Access your personal data
• Correct inaccuracies in your data
• Request deletion ("right to be forgotten")
• Object to or restrict certain processing
• Withdraw consent at any time (e.g., for marketing or optional notifications)
• Data portability – request your data in a usable format
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, email us at info@hilvy.io.

10. Data Security

We apply strict technical and organisational measures to keep your data secure, including:

• Encrypted data storage and transmission
• Access controls for staff and third-party systems
• Regular security reviews and updates

11. Contact Us

For any questions, concerns, or data protection requests, please contact: