Privacy Policy
Last updated: June 2026
1. Who We Are
Eazistamp is operated by [YOUR LEGAL ENTITY NAME], registered in Spain ([CIF/NIF number]), with registered address at [ADDRESS]. We operate the Eazistamp loyalty stamp card platform, accessible at eazistamp.com and via the Eazistamp staff app.
For data protection purposes, we act as:
- Data Controller for data relating to our direct customers (business owners and staff who use Eazistamp)
- Data Processor on behalf of our business customers, for data relating to their end customers (loyalty card holders)
Contact for data protection matters: eazistamp@gmail.com
2. What Data We Collect and Why
For business owners and staff (our direct customers):
- Name and email address — to create and manage your account
- Phone number — for two-factor authentication
- Business name and address — to configure your loyalty program
- Payment information — processed by Stripe; we do not store card details
- Usage data — to improve the platform (pages visited, features used)
For loyalty card holders (end customers of businesses using Eazistamp):
- Phone number or email address — to identify the customer and link their stamp card
- Stamp and reward history — to operate the loyalty program on behalf of the business
- Push notification tokens — only if you explicitly opt in
3. Legal Basis for Processing (GDPR)
- Performance of contract — processing necessary to provide the Eazistamp service to you
- Legitimate interests — analytics and platform improvement, fraud prevention
- Legal obligation — tax records, compliance with applicable law
- Consent — push notifications (you can withdraw at any time in your device settings)
4. Third-Party Services and International Transfers
We use the following third-party services which may process your data:
- Google Firebase / Firestore — database, authentication, hosting (USA; EU data centre: europe-west1) — Standard Contractual Clauses
- Stripe — payment processing (USA/EU) — Standard Contractual Clauses
- Resend / Nodemailer — transactional email (USA) — Standard Contractual Clauses
- Vercel — website hosting (USA) — Standard Contractual Clauses
- Apple — Wallet pass delivery (USA) — Standard Contractual Clauses
- Google — Wallet pass delivery (USA) — Standard Contractual Clauses
All international transfers rely on Standard Contractual Clauses approved by the European Commission.
5. How Long We Keep Your Data
- Account data: for the duration of your account, plus 30 days after a deletion request
- Loyalty card data: for the duration of the business's subscription, plus 30 days
- Payment records: 7 years (Spanish tax law requirement)
- Backup exports: 30 days
6. Your Rights
Under GDPR and Spanish law (LOPDGDD), you have the right to:
- Access your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Withdraw consent at any time where processing is based on consent
To exercise any right, email eazistamp@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD) at aepd.es.
7. Cookies and Tracking
Our marketing website uses strictly necessary cookies to keep you signed in and remember consent preferences. We do not use advertising or tracking cookies. See our cookie banner for details. The Eazistamp apps do not use browser cookies but may use device identifiers for Firebase analytics — you can opt out in your device settings.
8. Changes to This Policy
We will notify you of material changes by email or in-app notification at least 14 days before they take effect.