Privacy Policy

LocalPunch ("we," "us," or "our") operates a digital punch card loyalty platform that connects local businesses with their customers. Our service is available at localpunch-v2.vercel.app and any associated mobile applications.

For questions about this policy, contact us at: hello@localpunch.app

Information you provide directly

• Phone number — used to create your customer account and send one-time verification codes via SMS.
• Email address — used by business owners and administrators to create and manage accounts.
• Display name — optional name you provide during account setup.

Information generated through your use of the service

• Punch and redemption records — each time a punch card is stamped or a reward is redeemed, we record the timestamp, business, and program.
• QR code scan events — we store a hashed token to prevent duplicate punches; raw QR tokens are not retained.
• Account activity — sign-in timestamps and session data managed by Supabase Auth.

Information we do not collect

• We do not collect payment information.
• We do not track your location.
• We do not use advertising trackers or third-party analytics pixels.

• Authentication — to verify your identity when you sign in using a one-time SMS code or email magic link.
• Loyalty tracking — to record punches, display your punch cards, and unlock rewards.
• Business operations — to give merchants visibility into their loyalty programs (aggregated usage, not individual customer profiles).
• Service communications — we may send you transactional SMS messages for authentication. We do not send marketing SMS.
• Security — to detect and prevent fraud, replay attacks, and abuse of the QR code system.

When you sign in as a customer using your phone number, LocalPunch uses Twilio to send a one-time verification code via SMS. By providing your phone number and requesting a code, you consent to receive that single transactional SMS message.

• Message frequency: One message per sign-in attempt. We do not send recurring marketing messages.
• Message and data rates may apply depending on your mobile carrier plan.
• To opt out: Reply STOP to any message to stop receiving SMS from LocalPunch.
• For help: Reply HELP or email hello@localpunch.app.
• We do not share your phone number with third parties for marketing purposes.

We do not sell your personal information. We share data only in these limited cases:

• Service providers — Supabase (database and authentication infrastructure), Twilio (SMS delivery), and Vercel (hosting). Each is bound by their own privacy and data processing agreements.
• Merchants — when you collect punches at a business, that merchant can see aggregated usage data for their program. They do not see your phone number or email address.
• Legal requirements — we may disclose information if required by law or to protect the rights and safety of our users.

We retain your account and punch card data for as long as your account is active. If you request deletion of your account, we will remove your personal information within 30 days, except where retention is required by law.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Opt out of SMS communications at any time by replying STOP

To exercise any of these rights, email us at hello@localpunch.app.

We use industry-standard security practices including encrypted connections (HTTPS), hashed QR tokens, row-level security on our database, and time-limited authentication tokens. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

LocalPunch is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

LocalPunch
Email: hello@localpunch.app