1. Controller and processor roles
Controller: Leimeter Roland e.v.. Address: Dabas, Hungary. Privacy contact: [email protected]. Website: https://stmpr.io. Tax number: 69246054-2-33. Registration number: 52907795.
For personal data of end customers collected through a business's loyalty program, that business is the controller and Leimeter Roland e.v. acts as a processor on its documented instructions. For the website, waitlist, business/staff accounts, and the apps themselves, Leimeter Roland e.v. is the controller.
2. Data we process
Business users: name, business name, email, phone (optional), chosen language, how you found us, branding/logo, billing and subscription data, and support-access logs.
Staff users: name, email, chosen language, authentication data, and the stamp/redeem actions performed (including the store location a staff user selects for an action).
End customers: a unique card identifier (always), and, depending on the business's enrolment settings, first/last name, email, phone, and any additional fields the business configures, plus stamp/points balance, visit history, and reward redemptions. Anonymous enrolment (card identifier only) is supported.
Waitlist and contact: name, business name, email, language, and message content.
Technical and diagnostic data: IP address, device and browser data, pass type and wallet device tokens (for pass updates), logs, cookie identifiers, analytics events, and error/crash diagnostics.
3. The STMPR Scanner mobile apps
The staff apps request camera access solely to scan customer QR codes; scanned images are processed on-device to read the code and are not stored or uploaded.
Optional Face ID / Touch ID (biometric) unlock is handled entirely by your device's operating system; the provider never receives your biometric data.
To work offline, the apps store a limited local cache (your staff profile, recent customer cards, and queued stamp/redeem actions) on the device, which syncs to the server when a connection returns. Diagnostic/crash data may be collected to keep the apps stable.
Location: an action can be attributed to a store location that the staff user selects, this is a business location, not your device's GPS. Location-aware pass features, if introduced, will be described here before launch.
4. Sign-in with Google, Apple and Facebook
Staff users may sign in with Google, Apple, or Facebook. When you do, we receive from that provider only your basic profile needed to authenticate: your name, email address, and a provider account identifier. Sign in with Apple may relay a private/anonymised email.
We use this data only to create or match your staff account and sign you in. We do not post to your social accounts or access your contacts, and we do not receive your social password. You can revoke the connection in your Google, Apple, or Facebook account settings at any time.
5. Purposes and legal bases
Operating the Service (accounts, scanning, issuing/redeeming, running loyalty programs): performance of a contract, or the processor instructions of the business user.
Waitlist and product updates: consent. Handling enquiries and preparing the Service: pre-contractual steps or legitimate interest.
Security, debugging, crash monitoring, and fraud prevention: legitimate interest. Analytics and non-essential cookies: consent where required by law. Billing and tax records: legal obligation.
6. Notifications
We may send transactional emails to end customers only when an email is provided (for example, a reward-reached message), and pass updates delivered through Apple and Google wallet platforms.
Marketing or campaign messages and push notifications, where offered, are sent based on consent and the business user's instructions, and always include a way to opt out. We do not use end-customer data for our own marketing.
7. Cookies and analytics
The website may use essential cookies needed for operation, security, and forms. Private customer-portal pages are set to no-store and are excluded from analytics.
We may use analytics to measure visits and page performance. Non-essential cookies are used only with appropriate consent.
8. Processors and recipients
We do not sell personal data and do not share end-customer data between businesses. We use vetted processors under data-processing agreements for: hosting and database infrastructure, email delivery, payment processing, error/crash monitoring, and analytics.
Named platforms for specific features: Apple (Sign in with Apple, Apple Wallet / APNs pass updates), Google (Google sign-in, Google Wallet updates), Meta/Facebook (Facebook login), and our error-monitoring provider. If the planned external API, webhooks, or POS integrations are enabled, data is shared only with the third-party services a business user explicitly connects, on that business's instructions.
9. International transfers
Some providers (for example, Apple and Google wallet platforms) may process data outside the European Economic Area. Where they do, we rely on appropriate safeguards such as an adequacy decision or the European Commission's standard contractual clauses.
10. Retention
Account, loyalty-program, and end-customer data are retained while the related business subscription is active and are deleted within a limited period after the account is closed (typically within 60 days), unless a longer period is legally required.
Waitlist and contact data are kept until consent is withdrawn or deletion is requested. Billing data is kept for the legally required period. Logs, analytics, and crash diagnostics are kept for limited security and measurement periods.
11. Your rights
You may request access, correction, deletion, restriction, portability, object to processing, and withdraw consent at any time where processing is based on consent.
End customers should first contact the business that issued their card (the controller); we support that business in fulfilling the request. Requests to Leimeter Roland e.v. can be sent to [email protected] and are answered within the legal deadline (and within 30 days).
12. Deleting your data and account
End customers: removing the pass from your wallet stops updates; to have identifying data anonymised or deleted, ask the issuing business or email [email protected].
Business and staff users: you can request account deletion by emailing [email protected]; associated data is deleted within the retention window above, except records we must keep by law. App accounts can also be removed the same way, deleting the app alone does not delete server-side data.
13. Children
The Service is intended for businesses and their staff and is not directed to children. End customers must be at least 16. We do not knowingly collect data from children below the applicable age.
14. Security
We use reasonable technical and organisational measures (including encryption in transit, access controls, and per-business data isolation) to protect personal data. On-device app data is protected by the device's secure storage.
We notify affected businesses without undue delay (and, where feasible, within 72 hours) after becoming aware of a personal-data breach affecting their data.
15. Complaints and changes
If you believe processing is not appropriate, contact [email protected] first. You may also lodge a complaint with the competent authority, in Hungary, the National Authority for Data Protection and Freedom of Information (NAIH).
This Policy may be updated when the Service or legal environment changes; the current version and its last-updated date are always shown on this page.