Privacy Policy

Last updated: March 2026

1. Introduction

LoyalMT (“we”, “our”, or “us”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share information when you use our digital loyalty platform at loyalmt.com and any related services (the “Service”).

By using LoyalMT, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Who We Are & Our Role

LoyalMT is a digital loyalty platform that enables businesses in Malta to create and manage loyalty programs for their customers. In this context:

Businesses that use LoyalMT to run loyalty programs are the data controllers — they determine why and how customer data is collected for their specific program.

LoyalMT acts as the data processor — we store and process customer data on behalf of businesses, using it only to operate the Service as described in this policy.

When you join a loyalty program, your data is collected by the business running that program, and processed by LoyalMT on their behalf.

3. Information We Collect

Account Information: When you register as a business, we collect your name, email address, business name, and optionally your phone number and business address.

Customer Information: When end-users (customers) join a loyalty program, we collect their name and any additional details the business has chosen to request, which may include email address, phone number, and date of birth.

Scanner App Data: If you use the LoyalMT Scanner mobile app, we access your device’s camera solely to scan customer loyalty QR codes. Camera images are processed on-device in real time and are never stored, uploaded, or transmitted. The app also stores your session credentials securely on-device using encrypted storage.

Usage Data: We collect data about how you interact with the Service, including pages visited, features used, timestamps, and device information (browser type, operating system).

Payment Information: If you subscribe to a paid plan, payment is processed securely by Stripe. We do not store your full credit card details on our servers.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and manage subscriptions
  • Send transactional emails (e.g. account verification, payment receipts)
  • Improve the Service and develop new features
  • Respond to support requests
  • Comply with legal obligations

We do not sell your personal data to third parties.

5. Marketing Communications

When joining a loyalty program, you may be given the option to opt in to receive exclusive deals and offers from partner businesses in Malta. This is entirely optional and your choice is recorded with a timestamp.

If you opt in, we may use your contact details to send you promotional offers from participating businesses on our platform. You can withdraw your marketing consent at any time by contacting us at privacy@loyalmt.com.

If you do not opt in, your data will only be used by the specific business whose loyalty program you joined, and only for the purpose of operating that program.

6. Data Sharing

We may share data with the following categories of third parties, solely for the purposes described above:

  • Stripe: For payment processing
  • Supabase: For database hosting and authentication
  • Vercel: For application hosting
  • Email providers: For sending transactional emails

We require all third-party providers to handle your data securely and in accordance with applicable data protection laws.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS/SSL), secure database access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

9. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@loyalmt.com.

10. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use third-party tracking or advertising cookies. Analytics, if used, are anonymised and do not track individual users across sites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page and updating the “Last updated” date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@loyalmt.com.