لا يمكننا العثور على الإنترنت
محاولة إعادة الاتصال
حدث خطأ ما!
محاولة إعادة الاتصال
Privacy Policy
Last updated: March 8, 2026
Introduction
BaristaCard ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loyalty card service.
Information We Collect
Guest Users
When you use BaristaCard without registering, we collect:
- A unique guest identifier (stored in a cookie)
- Stamp collection and Coffee Beans progress
- Café visit history (which venues you've scanned at)
- Device and browser information
Registered Users
When you register via Google or Facebook OAuth, we collect:
- Email address
- Display name
- Profile picture (avatar URL)
- OAuth provider and unique identifier
- All guest data (if migrating from guest to registered user)
Café Owners
When you sign up as a café owner, we collect:
- All registered user information (above)
- Café name, description, and location details
- Loyalty deal configurations
- Customer engagement analytics (aggregated and anonymized)
- Payment and payout details (bank account information or Stripe Connect account)
Baristas and Staff
When you are added as staff at a participating café, we may collect:
- Name and email address
- Staff role and café association
- Tip earnings and payout history
- Payment and payout details (bank account information or Stripe Connect account)
Identity Verification (KYC)
If you receive payouts via manual bank transfer (rather than Stripe Connect) — whether as a café owner or as a barista receiving tips — we collect additional identity verification data to comply with anti-money laundering (AML) regulations and to protect the security of our platform. This includes:
- Full legal name, date of birth, nationality, and country of residence
- A photograph of a government-issued identity document (passport, national ID card, or driving licence)
- A selfie photograph of you holding your identity document
- For business accounts: registered business name, registration number, country, address, and a business registration document
These documents are uploaded securely using encrypted connections and stored in private cloud storage that is not publicly accessible. Only authorised BaristaCard staff may access your verification documents during the review process.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract performance: Processing necessary to provide the BaristaCard service (loyalty tracking, rewards, payouts)
- Legal obligation: Identity verification (KYC) data is processed to comply with anti-money laundering regulations that apply when we facilitate payouts to café owners
- Legitimate interest: Fraud prevention, service improvement, and platform security
- Consent: Optional communications such as café broadcast emails (you may withdraw consent at any time)
- Legitimate interest: Essential cookies (session, guest identification, language preference, consent storage) — strictly necessary for the service to function
- Contract performance: Product card purchases, subscription deals, and related payment processing necessary to fulfill your transactions
- Legal obligation: Purchase and subscription records retained for 6 years for UK tax and accounting compliance
- Consent: Analytics cookies (Mavlin/Matomo) and functional cookies (Tawk.to live chat) — only loaded after you consent via the cookie banner
- Legitimate interest: Sharing redemption activity with café owners so they can verify product card usage at their venues
How We Use Your Information
We use the collected information to:
- Provide and maintain our loyalty card service
- Track your stamp progress and Coffee Beans balance
- Enable reward redemptions
- Sync your data across devices (registered users)
- Send you important service updates
- Send optional café broadcast communications (for example, announcements sent by a café you have a loyalty membership with)
- Improve our service and develop new features
- Verify the identity of café owners who receive payouts (KYC)
- Prevent fraud and abuse
- Provide café owners with engagement analytics
Product Cards
When you purchase a prepaid product card from a café, we collect:
- Purchase details: card name, quantity, price paid
- Payment processing is handled by Stripe — BaristaCard does not store your card numbers
- Remaining redemption count as you use the card
- Redemption history: venue, timestamp, and barista who processed each redemption
Data shared with café owners: Purchase summary and redemption activity at their venues only. Café owners cannot see your activity at other cafés.
Retention: Purchase and redemption records are kept for 6 years (UK tax and accounting obligations), then deleted. Active card data is kept until the card is fully redeemed plus 1 year.
Subscription Deals
When you subscribe to a café's subscription deal, we collect:
- Subscription plan details and billing cycle
- Payment history references — Stripe handles all card details as a PCI-DSS compliant processor
Data shared with café owners: Subscriber count and subscription revenue for their deals. No customer payment details are shared with café owners.
Retention: Subscription records are kept for 6 years for financial and tax compliance.
Payments and Platform Fees
BaristaCard charges a platform fee on product card sales and subscription deals. This fee is deducted from the café owner's share and is not added to the customer's price.
The fee percentage may vary per café and is visible to café owners in their dashboard. BaristaCard does not store credit or debit card numbers — all payment data is managed by Stripe.
Emails and Communications
We may send emails to registered users, including:
- Service emails (e.g., account confirmation, password reset, security notices)
- Café broadcasts (announcements sent by cafés you interact with on BaristaCard)
You can opt out of café broadcast emails at any time using the unsubscribe link in the email or by updating your preferences in the app.
Data Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- With café owners: Aggregated, anonymized analytics about customer engagement
- Service providers: Third-party services that help us operate (e.g., hosting, analytics)
- Legal requirements: If required by law or to protect our rights
- Business transfers: In connection with a merger, sale, or acquisition
Cookies and Tracking
We use the following cookies:
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| _baristacard_key | Session management | 7 days | Essential |
| guest_token | Guest identification for frictionless loyalty card use | 1 year | Essential |
| locale | Remember language preference | 1 year | Essential |
| cookie_consent | Store your cookie consent preferences | 1 year | Essential |
| Mavlin/Matomo | Anonymous usage analytics | Varies | Analytics |
| Tawk.to | Live chat support widget | Varies | Functional |
Essential cookies are always active and are required for the site to function. They cannot be disabled.
Analytics and Functional cookies are only loaded after you give consent via the cookie banner that appears when you first visit the site.
You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of any page.
Third-Party Services
We use the following third-party services that may process your data:
- Stripe — Payment processing. Privacy Policy
- Mavlin/Matomo — Anonymous usage analytics (only with your consent). Privacy Policy
- Tawk.to — Live chat support (only with your consent). Privacy Policy
- Google — OAuth authentication and Google Wallet passes. Privacy Policy
- Apple — Apple Wallet passes. Privacy Policy
Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encrypted data transmission (HTTPS/TLS)
- Secure database storage with encryption at rest
- Identity documents stored in private cloud storage with restricted access controls
- Regular security audits
- Role-based access controls and authentication
However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Your Rights
You have the right to:
- Access your personal data (including any identity documents we hold)
- Correct inaccurate data
- Request deletion of your data (subject to legal retention requirements for KYC documents)
- Export your data in a portable format
- Object to processing based on legitimate interest
- Opt out of promotional communications (including café broadcast emails)
To exercise these rights, please contact us at privacy@baristacard.com.
Data Retention
We retain your data for as long as your account is active or as needed to provide services. Coffee Beans may expire after 90 days of inactivity (when implemented). You can request deletion of your account at any time.
Identity verification documents are retained for 5 years from the date your account is closed or your last payout, whichever is later, as required by anti-money laundering regulations. After this period, documents are securely deleted.
If your KYC submission is rejected and you do not resubmit, we retain the submitted documents for 30 days to allow you to resubmit, after which they are deleted.
Children's Privacy
BaristaCard is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.
Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: privacy@baristacard.com
General inquiries: Contact page
