Privacy Policy

01Introduction

Aberkane Software House FZ-LLC(“the Company”, “we”, “our”) operates the LoyalFast platform. This Privacy Policy explains how we collect, use, disclose and protect your information when you use our Service, including our APIs, dashboard, SDKs and website.

02Information we collect

2.1 Account information

When creating an account, we collect your name, email address, company name, phone number and password.

2.2 Organization data

We collect information about your organization, including the organization name, member details, roles and invitation records.

2.3 Wallet card data

We process and store data you provide for wallet card generation, including template configurations, card content (text fields, barcodes, images), serial numbers and dynamic data. This may include personal data of your end customers that you submit via the API.

2.4 Certificates and credentials

We store Apple Developer certificates you upload for wallet card signing. Certificates are encrypted at rest with AES-256-GCM encryption.

2.5 Usage data and logs

We automatically collect information about your use of the Service, including API requests, IP addresses, browser type, device information and timestamps.

2.6 Device registration data

When end customers add cards to Apple Wallet or Google Wallet, the web service protocol transmits device tokens and push tokens to enable updates. We store this data to deliver push update notifications.

03How we use your information

We use the collected information to:

• Provide, operate and maintain the Service.
• Process and fulfill wallet card generation requests.
• Deliver push notifications for card updates.
• Send webhook notifications to your configured endpoints.
• Manage your account, organization and member access.
• Communicate with you regarding the Service, support and updates.
• Monitor and analyze usage to improve the Service.
• Detect, prevent and address technical issues and security threats.
• Comply with legal obligations.

04Data processing role

Regarding wallet card data containing personal information of your end customers:

• You are the Data Controller— you determine the purposes and means of processing your end customers' personal data.
• We are the Data Processor — we process this data solely on your behalf and in accordance with your instructions via the Service.

You are responsible for ensuring you have the necessary legal basis to collect and process your end customers' personal data via the Service.

05Data sharing and disclosure

We do not sell your personal information. We may share your information with:

• Service providers: third-party services that help us operate the Service, including Supabase (database and authentication), Resend (email delivery), Apple and Google (card distribution and push notifications).
• Legal requirements: when required by law, court process or government request.
• Business transfers: in connection with a merger, acquisition or sale of assets.
• With your consent: when you ask us to share information with third parties via webhook configurations or API integrations.

06Data security

We implement appropriate technical and organizational measures to protect your data:

• AES-256-GCM encryption for certificates at rest.
• Bcrypt hashing for API key verification.
• TLS encryption for all data in transit.
• Role-based access control for organization data.
• HMAC-SHA256 signed webhook payloads.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

07Data retention

We retain your data for as long as your account is active or necessary to provide the Service. Upon account termination:

• Account and organization data is retained for up to 30 days before deletion.
• Wallet card data and certificates are deleted on request or after the retention period.
• Log data may be retained for up to 90 days for security and debugging purposes.
• We may retain certain data as required by law.

08Your rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate personal data.
• Erasure: request deletion of your personal data.
• Portability: request a copy of your data in a portable format.
• Objection: object to certain processing of your personal data.
• Restriction: request restriction of the processing of your personal data.

To exercise these rights, contact us at support@aberkane.io.

09Cookies

We use essential cookies and local storage for authentication sessions and user preferences (such as active organization selection). We do not use third-party tracking cookies or advertising cookies.

10International data transfers

The Service is hosted on infrastructure that may process data in various locations. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

11Children's privacy

The Service is not intended for persons under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, contact us and we will take steps to delete that information.

12Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13Contact us

For any questions or concerns regarding this Privacy Policy:

Aberkane Software House FZ-LLC
Email: support@aberkane.io