Privacy Policy
Point Hunt

Last Updated:  24 August 2025

Point Hunt (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loyalty points management web application at www.pointhuntweb.com.


1. Information We Collect
1.1 Vendor Information

During vendor registration, we collect:

  • Full name
  • Shop/Office name
  • Shop/Office address
  • Phone number
  • Email address
  • Country of operation
  • Account credentials (passwords are hashed using SHA-256)
 
1.2 Customer Information

During customer registration (processed by checkout staff), we collect:

  • Full name
  • Email address
  • Mobile number
 
1.3 Transaction Data

We automatically collect:

  • Point addition and redemption transactions
  • Purchase amounts (manually entered by staff)
  • Transaction timestamps
  • Digital loyalty card usage data
 
1.4 Technical Information

We may collect:

  • IP addresses
  • Browser type and version
  • Device information
  • Usage patterns and analytics

 
 
2. How We Use Your Information
2.1 Service Delivery

We use your information to:

  • Provide loyalty points management services
  • Send verification emails and OTP codes
  • Deliver digital loyalty cards via email
  • Process subscription billing and payments
  • Send account updates and transactional notifications
  • Provide customer support
 
2.2 Communication Purposes

Your email address is used for:

  • Account verification during registration
  • Sending digital loyalty cards
  • Billing and subscription notifications
  • Important account updates
  • Transactional emails related to point activities
  • Customer support communications
 
2.3 SMS Communications

Your mobile number may be used for:

  • Account verification via SMS
  • Important security notifications
  • Transaction confirmations (when applicable)
 

 
3. Data Storage and Security
3.1 Storage Infrastructure
  • All data is securely stored in Google Firebase Firestore
  • Daily backups are maintained on Google Cloud services
  • Additional secure backups are stored on physical devices
  • Data centers comply with industry-standard security measures
 
3.2 Data Retention
  • Transaction Data: Only the last 100 add point and redeem point transactions are retained in our active database
  • Older Transactions: Automatically deleted and cannot be recovered
  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Backup Data: Subject to our backup retention policies
 
3.3 Security Measures
  • All passwords are hashed using SHA-256 encryption before storage in firebase firestore
  • No plaintext passwords are stored or accessible in firebase firestore
  • Secure transmission protocols (HTTPS/TLS) for all data transfers
  • Regular security audits and monitoring
  • Access controls limiting staff access to necessary data only

 
 
4. Third-Party Service Providers

We work with trusted third-party providers who process data on our behalf:

4.1 Amazon SES (Simple Email Service)
  • Purpose: Email delivery services
  • Data Processed: Email addresses, email content, delivery metrics
  • Use Cases: Verification emails, digital loyalty cards, billing notifications, account updates, transactional emails
 
4.2 Paddle
  • Purpose: Payment processing and billing management (Merchant of Record)
  • Data Processed: Billing information, payment details, subscription data
  • Use Cases: Subscription management, payment processing, tax calculations, refund processing if applicable.
 
4.3 Google Firebase/Cloud Services
  • Purpose: Data storage, hosting, and backup services
  • Data Processed: All application data including user accounts, transactions, and system logs
  • Use Cases: Primary data storage, backup services
 

 
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data

Point Hunt does not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Authorized Sharing

We may share your information only:

  • With service providers listed above for operational purposes
  • When required by law or legal process
  • To protect our rights, property, or safety
  • With your explicit consent
  • In connection with a business transfer or merger
 
5.3 Data Processing Agreements

All third-party providers operate under strict data processing agreements that require them to:

  • Process data only as instructed by Point Hunt
  • Implement appropriate security measures
  • Not use data for their own purposes
  • Comply with applicable privacy laws
 

 
6. Your Rights and Choices
6.1 Access and Correction
  • You can access your personal information after successful account verification
  • You may request corrections to inaccurate information
  • Contact us to exercise these rights
 
6.2 Account Deletion
  • You may request account deletion
  • Some data may be retained for legal or operational requirements
  • Transaction history may be retained for business records
 

 
7. Cookies and Tracking
7.1 Essential Cookies

We use essential cookies for:

  • User authentication and session management
  • Security and fraud prevention
  • Basic functionality of our services
 
7.2 Analytics

We may use analytics tools to understand service usage and improve our platform. You can opt out of non-essential tracking through your browser settings.


8. International Data Transfers

We rely on trusted third-party providers to deliver our services, including Google Firebase (for data storage), Amazon SES (for email delivery) and Paddle (for subscription billing).

This means that your personal data (such as name, email, and mobile number) may be transferred to and processed in countries outside your own.

When we transfer data internationally, we ensure that appropriate safeguards are in place, including:

  • Adequacy Decisions: Where relevant authorities recognize that a country provides adequate protection for personal data.
  • Standard Contractual Clauses (SCCs): Where no adequacy decision exists, we rely on contractual commitments that require our providers to protect your data.
  • Provider Certifications: Our third-party providers maintain recognized certifications and compliance frameworks (such as GDPR compliance, ISO/IEC 27001, and others where applicable).

By using our services, you acknowledge that your data may be transferred and processed in other countries. We will always ensure that your data receives an adequate level of protection, no matter where it is processed.


9. Children’s Privacy

Point Hunt is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will take steps to delete the information promptly.


10. Data Breach Notification

In the event of a data breach that may affect your personal information:

  • We will assess the risk and impact
  • Notify relevant authorities as required by law
  • Inform affected users when legally required or when we determine notification is appropriate
  • Take immediate steps to secure the breach and prevent further unauthorized access

 
 
11. Business Transfers

In the event Point Hunt is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your personal information becomes subject to different privacy practices.



12. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing includes:

  • Contract Performance: Processing necessary for subscription services
  • Legitimate Interests: Improving services, security, and customer support
  • Consent: Where explicitly provided for specific purposes
  • Legal Obligations: Compliance with applicable laws

 
 
13. Retention Periods

We retain personal information for different periods based on:

  • Active Accounts: Duration of service relationship plus reasonable period after termination
  • Point Transaction Records: Limited to last 100 add and redeem point transactions as stated in Terms
  • Backup Data: According to our backup retention schedule
  • Legal Requirements: As required by applicable laws
 

 
14. Updates to Privacy Policy
14.1 Policy Changes
  • We may update this Privacy Policy periodically
  • Material changes will be displayed through:
    • Website privacy policy page
    • Notices during the registration process
 
14.2 Continued Use

Continued use of Point Hunt services after policy updates constitutes acceptance of the revised Privacy Policy.


15. Contact Information
15.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:


 
 
16. Regulatory Compliance

Point Hunt is committed to compliance with applicable privacy laws, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable regional privacy regulations

For region-specific rights and procedures, please contact us using the information provided above.

Scroll to Top