LoyaltyKH

Legal

Privacy Policy

How we handle personal data across the LoyaltyKH loyalty service.

Last updated: 14 June 2026

This Privacy Policy explains how LoyaltyKH (“we”, “us”, “our”), handles personal data. It applies to customers who join a merchant’s loyalty program through LoyaltyKH and to merchants who use the LoyaltyKH dashboard.

Our role. For data about a merchant’s customers, the merchant decides how it is used, so the merchant is the “controller” and we act as a “processor” on their behalf. For a merchant’s own account and billing data, we are the controller.

1. Information we collect

If you are a customer

We do not ask for your name, email address, or phone number. We process:

  • a membership code that represents your membership of a program;
  • your loyalty activity: stamps or points, totals, rewards redeemed, and the dates of each change;
  • your wallet pass and whether you have installed it;
  • basic technical information (such as IP address and device or browser type) kept in standard logs to run and secure the service;
  • a small value saved on your device so the page remembers your membership (it stays on your device and is not used to track you across other sites);
  • whether you tapped a link in a wallet notification (not who you are).

Location. Store reminders on your wallet pass are handled by your wallet app on your own device. We do not collect or receive your location.

If you are a merchant

  • account details: your name, business name, email, and a securely hashed password, plus optional phone, address, city, and logo;
  • if you ever make a payment to us, a record of that payment. Payments are handled by a payment provider and authorized in your own banking app, so we do not collect or store your bank or card details;
  • login and security information needed to keep your account safe;
  • content you create: your card design, notifications, store location, and notes.

2. How we use information

  • To provide the loyalty service and keep your balances.
  • To create and update your Apple Wallet and Google Wallet passes and send the notifications a merchant chooses to send.
  • To run merchant accounts, sign you in, and handle prepaid billing.
  • To keep the service secure and reliable.
  • To meet our legal obligations.

Where a data-protection law requires a legal basis, we rely on performance of a contract, our legitimate interests in running and securing the service, your consent where you add a pass to your wallet, and compliance with the law.

3. Who we share it with

We do not sell your personal data or use it for third-party advertising. We share it only with the providers that help us run the service, and only as needed, including:

  • the wallet platform that creates and delivers your Apple Wallet and Google Wallet passes;
  • Apple and Google, which deliver and update the passes in their wallet apps;
  • our payment provider, for merchant payments;
  • the cloud hosting and infrastructure providers that run our systems;
  • a provider that helps us monitor and fix technical errors.

We may also disclose information where required by law, or where reasonably necessary to protect our rights, our users, or the public.

4. International transfers

Some of these providers operate outside Cambodia, so your data may be processed in other countries. When we use such a provider, we rely on their contractual data-protection commitments to protect your information.

5. How long we keep data

We keep your data while your membership or merchant account is active, and delete or anonymize it within a reasonable period afterwards. We may keep limited records longer where needed for security, fraud prevention, or legal reasons. You can ask us to delete your data sooner, subject to those limits.

6. Security

We use encryption in transit, store passwords only as secure hashes, and limit who can access personal data. No system is completely secure, so we cannot guarantee absolute security.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal data, and to object to certain processing.

  • Customers: because we do not hold your name or email, the simplest way to remove your data is to delete the pass from your wallet and ask the merchant, or us, to remove your membership. Have your membership code ready so it can be located.
  • Merchants: you can view and update most of your data in the dashboard, or contact us.
  • For loyalty data we hold on a merchant’s behalf, we will pass your request to that merchant.

To exercise any right, email us at [email protected].

8. Cookies and local storage

We do not use advertising or third-party analytics cookies. We use only storage that is necessary for the service: the dashboard keeps you signed in, and the card page remembers your membership on your device. Because this is strictly necessary and not used for tracking, we do not show a cookie-consent banner.

9. Children

LoyaltyKH is intended for businesses and their adult customers. It is not directed at children under 16, and we do not knowingly collect personal data from them.

10. Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date above, and for significant changes we will take reasonable steps to notify merchants.

11. Contact us

For any privacy question or request, contact LoyaltyKH at [email protected].