Pointly
Privacy Policy
Last updated: 2026-06-16
Pointly is a digital loyalty platform operated by Saveron. This policy describes what data we collect, how we use it, the legal basis we rely on, and the rights you have under the GDPR and other privacy laws. We've kept it readable — but the substance is here.
1. Who we are (data controller)
Pointly is a product of Saveron, the operating entity and the data controller for the personal data described in this policy. You can reach our privacy team at [email protected].
EU Representative: [to be appointed — GDPR Art. 27]
2. What we collect
When you create an account: your name, email address, and (optionally) phone number.
When you use Pointly: stamps you collect, visits you make, rewards you earn, and which merchants you join.
Device permissions (only with your consent): the camera — to scan loyalty QR codes, and in the Pointly Business app to read loyalty cards and capture menu/receipt photos; your photo library — to set a profile picture or store image; and your location, including precise and background (“Always”) locationonly if you enable it, to notify you when you're near a participating store. You can revoke any of these in your device settings at any time.
Notifications: to deliver push notifications we store a device push token (Apple Push Notification service / Firebase Cloud Messaging).
When merchants use Pointly: business profile, billing information, and customer activity at their location. In the Business app, photographed menus/receipts are processed on-device — only the recognized text is sent, never the photo.
3. How we use your data
To run the loyalty program — credit your stamps, deliver your rewards, surface relevant merchants, and send notifications you've opted into.
To generate insights for merchants. These are aggregated — Pip tells the merchant “42 customers visited last Tuesday,” not who.
To improve Pointly. Anonymous usage signals help us know what's working.
4. Legal basis for processing
Contract. We process the data needed to provide the loyalty service you (or the merchant) signed up for.
Consent. Where required, we rely on your consent — for example for location features, push notifications, and non-essential cookies. You can withdraw consent at any time.
Legitimate interest. To keep the platform secure, prevent fraud and abuse, and improve the product with aggregated, non-identifying analytics.
5. Where your data is processed
Pointly's servers are hosted in Germany (EU) with Hetzner, so your data stays within the European Union by default.
We use a small number of service providers (such as Cloudflare and our email/SMTP host) to operate Pointly. They process data on our behalf under their own confidentiality terms, and any transfer outside the EU is covered by appropriate safeguards (such as Standard Contractual Clauses).
6. What we share
The merchants whose loyalty cards you join can see your visit history at their location — your name, last visit, total visits, stamp count, and rewards earned. They can't see your activity at other merchants.
We never sell your personal information.
7. Merchants & the Data Processing Agreement
When a merchant runs a loyalty program, the merchant is the controller of their own customers' data and Pointly acts as a processoron their behalf, processing that data only on the merchant's documented instructions.
Merchants who need a Data Processing Agreement (DPA) can request one at [email protected].
8. Location
When you grant location permission, we use it to show nearby Pointly merchants and verify scans on the merchant side (geofence). Location is processed in real time and not stored long-term beyond the scan that uses it.
You can revoke location access in your device settings at any time.
9. Retention
Your data lives in Pointly while your account is active. When you delete your account, we anonymize your records within 30 days. Aggregated analytics (no personal identifiers) may be kept longer.
10. Your rights
You have the right to access, rectify, and erase your data, to data portability, to object to or restrict certain processing, and to withdraw consent at any time.
You can delete your account directly in the app, and you can export your data using the in-app data-export feature. For anything else, contact [email protected].
If you're in the EU/EEA, you also have the right to lodge a complaint with your local data-protection supervisory authority.
11. Children
Pointly isn't designed for children. The minimum age to use Pointly is 16 in the EU(and at least 13 elsewhere, where local law allows). If we learn we've collected data from someone below the applicable age, we'll delete it.
12. Changes
We'll update the “last updated” date when this policy changes and notify you in-app for material changes.
13. Contact
For any privacy question, or to exercise your rights, email [email protected].