← Loopo

Privacy Policy

Version 2026-06-30

TODO-legal: The below is structure/summary, not the final legal text. To be finalised by a lawyer.

Two roles, clearly

The café is the controller for the loyalty relationship with you — they decide the program and the communications you receive. Loopo acts as a processor on behalf of the café, under a DPA.

Loopo additionally acts as an independent controller for limited service purposes: operating, improving and securing the service, analysing aggregated/anonymised data, and preventing abuse. Legal basis: legitimate interest — you may object at any time.

What we collect

Mobile phone (for ID and the card), an optional first name, stamp/reward counts and transaction timestamps. We do not collect email.

Consents

Café marketing consent is separate, optional, and applies only to communications from that specific café. You can withdraw it anytime from your card.

Your rights

Access, correction, deletion, objection, portability. Data deletion: from your card, with SMS verification.

Contact

privacy@loopo.app (TODO-legal:)