Privacy Policy

Last updated: June 2026

1. Introduction

Loot Loyalty (including Loot POS) is operated by MyShop Enterprises Pty Ltd (ABN 81 685 563 982) ("we", "us", "our"). We are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, point of sale system, and website (collectively, the "Service").

By using Loot Loyalty or Loot POS, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number (optional), and PIN for account security
  • Payment Information: When you add funds to your wallet, payment is processed by Stripe. We do not store your full credit card details.
  • Transaction History: Records of your wallet top-ups, purchases, gift card redemptions, and loyalty rewards
  • Business Information (Loot POS): Cafe name, Square account credentials (encrypted), menu data, and staff identifiers

2.2 Information Collected Automatically

When you use our Service, we may automatically collect:

  • Device information (device type, operating system)
  • App usage data and analytics
  • Push notification tokens (if you enable notifications)
  • Location data: Loot POS collects approximate location data to verify your Square store location for payment processing. Location is only accessed when the app is in use and is not stored on our servers.

2.3 Payment Card Information (Loot POS)

When customers pay via Loot POS, we may store a cryptographic hash (fingerprint) of the payment card provided by Square. This is used solely to recognise returning customers for automatic loyalty rewards. We do not store card numbers, CVVs, or other sensitive card details. All payment processing is handled by Square.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your Loot Loyalty account
  • Process wallet top-ups and track your balance
  • Enable payments at participating cafes via card, wallet, or cash
  • Track and redeem loyalty rewards, stamps, points, and gift cards
  • Automatically recognise returning customers via card fingerprint for seamless loyalty
  • Process orders and payments through Square (Loot POS)
  • Verify store location for payment processing (Loot POS)
  • Send transaction receipts and account notifications
  • Provide customer support
  • Improve and optimise our Service
  • Comply with legal obligations

4. Information Sharing

We may share your information with:

  • Participating Cafes: When you make a purchase, the cafe receives your name and transaction details to process your order and award loyalty
  • Payment Processors: Stripe processes wallet top-up transactions. Square processes in-store card payments via Loot POS. Their respective privacy policies apply.
  • Point of Sale Systems: We integrate with Square to enable seamless ordering and payments at participating cafes
  • Service Providers: We use trusted third parties for hosting, analytics, email, and SMS services
  • Legal Requirements: We may disclose information if required by law or to protect our rights

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with optional PIN protection
  • Encryption of Square OAuth credentials at rest
  • Tenant isolation ensuring cafe data is separated
  • Regular security assessments
  • Limited access to personal data on a need-to-know basis

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. Transaction records are retained for 7 years for accounting and legal purposes. Card fingerprints are retained while the associated customer account is active. You may request deletion of your account at any time.

7. Your Rights

Under Australian Privacy Law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and personal data
  • Opt out of marketing communications
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us using the details below.

8. Children's Privacy

Loot Loyalty is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

MyShop Enterprises Pty Ltd
ABN 81 685 563 982
11 May Street
St Peters NSW 2044
Australia

Email: hello@lootloyalty.app