Privacy Policy for GetStamp.app
Last updated: 13.04.2026 · Version 2.0
1. Data Controller
The data controller for your personal data is GetStamp.app, a loyalty program platform available at getstamp.app. For privacy inquiries, contact us at: privacy@getstamp.app.
2. What Data We Collect
Depending on account type, we collect the following information:
Personal Account (client):
- First name, last name, email address, phone number (optional)
- Password in encrypted form (bcrypt)
- Unique QR code assigned to the account
- History of scans, collected stamps, redeemed rewards and vouchers
- Interface language, registration date, and last login date
Business Account:
- Business name, owner's first and last name, email address, phone number (optional)
- Password in encrypted form
- Loyalty program data (name, type, configuration)
- History of issued stamps and rewards within programs
- Customer activity data within your programs
Technical and analytical data (all users):
- IP address, device type, operating system, browser
- Date and time of visits, pages viewed within the application
- Push notification subscription data (endpoint, encryption key)
- Aggregated analytics data collected via Google Analytics 4 (detailed in section 6)
3. Purpose and Legal Basis for Processing
We process your data for the following purposes:
- Contract performance (Art. 6(1)(b) GDPR): account management, loyalty program services, activity notifications
- Legitimate interest (Art. 6(1)(f) GDPR): system security, fraud prevention, analysis of aggregated statistics to improve the service
- Consent (Art. 6(1)(a) GDPR): push notifications, behavioral analytics via Google Analytics (you may withdraw consent at any time)
- Legal obligation (Art. 6(1)(c) GDPR): maintaining records required by applicable law
4. Data Sharing and Transfers
We share your data exclusively in the following cases:
With participating businesses:
- The business whose QR code you scan receives your first name, last name, and unique QR identifier – solely for the purpose of crediting a stamp or reward
- The business does not receive your email address, phone number, or data from other programs
With technical service providers (data processors):
- Google Analytics 4 – aggregated application usage analytics (see section 6)
- Hosting/server provider – data storage within the EU
- Email service provider – sending system notifications
✅ We do not sell your personal data to any third parties. Data is not used for third-party advertising targeting.
Data may be disclosed to public authorities solely on the basis of applicable legal requirements.
5. Data Security
We apply the following protective measures:
- SSL/TLS (HTTPS) connection encryption
- Password hashing with the bcrypt algorithm
- Restricted database access (principle of least privilege)
- Push notification token encryption
- Regular data backups
6. Analytics and Google Analytics
📊 GetStamp.app uses Google Analytics 4 (GA4), an analytics tool provided by Google LLC, to understand how the application is used and to improve it.
What Google Analytics collects:
- Number of visits to individual pages in the application
- Time spent in the application and navigation paths
- Device type, operating system, screen resolution
- Country/region (based on IP – IP addresses are anonymized)
- Traffic sources (e.g., direct visits, referral links)
Internal aggregated analytics (our own data):
In addition to Google Analytics, we analyze our own aggregated statistical data, such as:
- Number of active users and businesses in the system
- Overall number of stamps collected and rewards issued
- Popularity of loyalty program types
- User activity indicators (without identifying specific individuals)
This data is used solely to improve the service and is not shared with third parties.
How to manage Google Analytics:
- Install the browser extension: Google Analytics Opt-out Add-on
- Block analytics cookies in your browser settings
- On mobile: use the ad privacy settings in Android/iOS
Google Privacy Policy: policies.google.com/privacy
7. Cookies and Similar Technologies
We use the following types of cookies:
- Session cookies (essential): maintain the logged-in state (
GETSTAMP_SESSION). The application cannot function without them. - Language cookies (functional): remember your chosen interface language. Valid for 30 days.
- Analytics cookies (Google Analytics): collect anonymized data about application usage (
_ga,_ga_*). You can block these.
8. Your Rights (GDPR)
As a data subject, you have the following rights:
- Right of access – you may request a copy of your data (Art. 15 GDPR)
- Right to rectification – you may correct inaccurate data (Art. 16 GDPR)
- Right to erasure – you may request deletion of your account and data (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing based on legitimate interest (Art. 21 GDPR)
- Right to withdraw consent at any time (applies to analytics and push notifications)
- Right to lodge a complaint with the supervisory authority in your country (in Poland: UODO – Urząd Ochrony Danych Osobowych)
9. Data Retention Periods
- Account data: for the duration of the account + 30 days after deletion (backups)
- Transaction history: 3 years from the transaction date (legal requirement)
- System logs (IP): maximum 90 days
- Google Analytics data: in accordance with Google Analytics settings (default 14 months)
10. Changes to the Policy
We may update this privacy policy from time to time. We will notify you of significant changes via an in-app notification or email. The date of the last update is always shown at the top of this page.
11. Contact
For privacy and data protection inquiries, contact us:
- Email: privacy@getstamp.app
- Contact form: getstamp.app/contact