Privacy policy.

Stampo is a loyalty-card service. To run it we have to handle some personal data — yours, as the merchant, and a little bit of your customers'. This page explains, in plain language, what we collect, why we collect it, and what we never do with it.

This policy may be updated over time. We'll tell you by email at least 30 days before any material change takes effect.

HELMO SOLUTIONS LTD operates Stampo and acts as the data controller for everything you upload to the platform. For your customers' loyalty data, you (the merchant) are the controller — we are your processor, under a data processing agreement built into our terms of service.

To exercise any right, or ask a question, write to contact@stampo.cards. We respond within 30 days.

From you, the merchant: email, password (hashed with bcrypt), business name and category, address, logo, brand colors, and the payment details Stripe needs to bill your subscription. We don't see your card number — only Stripe does.

From your customers: first name, email, the timestamp at which they consented to receive their card, and their stamp and reward history tied to your business. Nothing more. We don't ask for their date of birth, address, or phone number.

For analytics: no analytics SDK is installed on the site today. If we ever ship one, it will be privacy-friendly, named explicitly here, and visible before it runs. No Google Analytics, no Meta Pixel, no ad cookies.

Run the service — create your card, scan your customers, issue rewards, push updates to Apple and Google Wallet. Send the transactional emails the service requires (welcome, activation, reward unlocked). Bill your subscription. Detect abuse and fraud. That's it.

We will never use your data, or your customers' data, to train a model or sell to a third party.

Contract execution for anything strictly necessary to deliver the service you signed up for. Explicit consent for anything optional, including marketing emails (which we don't send by default). Legitimate interest for security, fraud detection, and platform integrity.

A short list of processors, each bound by a data processing agreement that matches GDPR standards:

• Supabase — database hosting, Singapore region.
• Vercel — application hosting, Europe and USA.
• Resend — transactional email delivery.
• Stripe — payment processing, Europe and USA.
• Apple and Google — Wallet pass delivery on the customer's phone.

No advertising network. No data broker. No CRM that resells enrichment.

HTTPS/TLS encryption for all traffic. AES-256 encryption at rest. Passwords hashed with bcrypt. Per-tenant database isolation through Row Level Security — your customers' data is invisible to other merchants on the platform. Annual permissions audit.

On your side, please apply the basics: keep your operating system up to date, protect your account password, and turn on two-step authentication when we ship it.

Merchant account: during your subscription, plus 6 months after termination to meet accounting obligations. Then permanent deletion.

Customer loyalty data: as long as you keep the account active. Deleted on request from the customer (you act on it; we provide the tooling).

Logs: 30 days for access logs, 12 months for security events.

We only set cookies that are strictly necessary to operate the service — your authentication session, and a CSRF token. No advertising cookies. No third-party tracking script. No consent banner because we don't need one.

Some data is hosted outside the European Union (Supabase Singapore, parts of Vercel in the USA, Stripe in the USA). These transfers are covered by the Standard Contractual Clauses approved by the European Commission.

GDPR gives you the right to access, rectify, erase, port, object to, and restrict the processing of your personal data. Email contact@stampo.cards — we'll respond within 30 days.

You can also lodge a complaint with your local data protection authority. For EU residents that's typically the supervisory authority of your country of residence.

Stampo is a business-to-business service. The signing merchant must be an adult (18+) and legally able to enter into a contract for their business. We do not knowingly collect data from minors, and the customer-side wallet card is generated only after explicit consent from the customer who scans the activation form.

For any question about this policy or your data, write to contact@stampo.cards.