Privacy Policy

Last updated: April 2026

1. Who we are

Loyalink is operated by Loyalink ApS, Copenhagen, Denmark. We provide a loyalty platform for tattoo studios, including cashback programs, wallet passes, and referral tools.

2. Data we collect

We collect the following data depending on your role:

Studio owners (our customers):

  • Name, email address, and phone number
  • Studio name, address, and logo
  • Payment information (processed securely by Stripe — we never store card numbers)
  • Usage data and analytics

End clients (loyalty program members):

  • Name, email address, and phone number
  • Transaction history and cashback balance
  • Wallet pass data (Apple Wallet / Google Wallet)

3. How we use your data

  • To provide and operate the Loyalink platform
  • To process payments via Stripe
  • To send transactional emails (receipts, trial reminders, account notifications)
  • To generate and deliver Apple and Google Wallet passes
  • To provide analytics and insights to studio owners

We do not sell your data to third parties. We do not run ads.

4. Hosting and infrastructure

Our application is hosted on Vercel (frontend) and Supabase (database and authentication), both of which process data in the EU. Payment processing is handled by Stripe.

5. Mobile application

The Loyalink mobile app for iOS and Android is a native wrapper around our web platform. In addition to the data described above, the mobile app may request access to:

  • Camera — used exclusively to scan customer QR codes for transaction processing
  • Push notifications — used to deliver real-time alerts about new customers, transactions, and program activity

Camera images are processed locally on your device and are never uploaded to our servers. Push notification tokens are stored securely and used only to deliver notifications you have opted into. You can revoke these permissions at any time in your device settings.

6. Cookies

We use essential cookies for authentication and session management. We use Vercel Analytics for anonymous usage statistics. We do not use advertising or tracking cookies.

7. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

8. Data retention

We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Some data may be retained longer where required by law (e.g. invoices for tax purposes).

9. Contact

For any privacy-related questions, email us at privacy@loyalink.com.