Privacy Policy

1. Introduction

VipHub ("we," "our," "us," or the "Platform") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Name (first and last)
• Email address
• Phone number (optional)
• Profile photo (optional)
• Password (stored securely using industry-standard hashing)

For Merchants (additional):

• Business name and description
• Business address and location
• Business category
• Logo and branding images
• Banking/payment information (for subscription purposes)

Transaction Information:

• Points earned and redeemed
• Offers created (Merchants) or redeemed (Customers)
• Transaction history and timestamps

2.2 Information Collected Automatically

Device Information:

• Device type, model, and operating system
• Unique device identifiers
• Mobile network information
• Time zone and language settings

Usage Information:

• App features used and frequency
• Screens viewed and navigation patterns
• Error logs and crash reports
• Performance metrics

Location Information:

• With your consent, we may collect precise location data
• Location is used for finding nearby merchants
• You can disable location services in your device settings

2.3 Information from Third Parties

Authentication Providers:

• If you sign in using Apple or Google, we receive basic profile information as authorized by you

Payment Processors:

• Transaction status and subscription information (we do not store full payment card details)

3. How We Use Your Information

3.1 Provide and Maintain Services

• Create and manage your account
• Process loyalty points transactions
• Enable merchants to manage their loyalty programs
• Facilitate offer creation and redemption

3.2 Improve Our Services

• Analyze usage patterns to improve features
• Debug and fix technical issues
• Develop new features and services
• Conduct research and analytics

3.3 Communicate With You

• Send service-related notifications
• Respond to your inquiries and support requests
• Send promotional communications (with your consent)
• Notify you of policy changes

3.4 Ensure Security

• Detect and prevent fraud
• Verify user identity
• Protect against unauthorized access
• Enforce our Terms of Service

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our legal rights

4. How We Share Your Information

4.1 With Merchants (for Customers)

When you join a merchant's loyalty program, we share:

• Your name and profile photo
• Your points balance with that merchant
• Your transaction history with that merchant
• Your Digital ID for verification

Merchants may NOT: Share your information with third parties, use your information for purposes unrelated to their loyalty program, or contact you through methods you haven't consented to.

4.2 With Customers (for Merchants)

Customers can see:

• Your business name and description
• Your business location and category
• Your available offers and rewards
• Your points exchange rates

4.3 Service Providers

We may share information with third-party service providers who perform services on our behalf:

• Cloud hosting (Supabase, AWS)
• Analytics providers
• Payment processors (Apple, Google)
• Push notification services

These providers are contractually bound to protect your information and use it only for the purposes we specify.

4.4 Legal Requirements

We may disclose information if required to comply with applicable laws or regulations, respond to valid legal processes, protect the rights, property, or safety of VipHub, our users, or others, or enforce our Terms of Service.

4.5 Business Transfers

If VipHub is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain your information for as long as your account is active, needed to provide you services, required by law, or necessary for legitimate business purposes.

Retention Periods:

After Account Deletion:

• Data deletion requests are processed within 30 days
• Active files are marked for deletion and removed from all storage tiers
• Transaction records required for legal compliance may be retained in anonymized form
• Audit logs are retained for the full 7-year period as required by law
• You will receive confirmation when deletion is complete

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

• Encryption: AES-256 encryption for sensitive data at rest
• Transport Security: TLS 1.2+ for all data in transit
• Certificate Pinning: Mobile app verifies server certificates
• Secure Authentication: JWT tokens with short expiration
• Password Security: bcrypt hashing with salt

6.2 Organizational Safeguards

• Limited access to personal data on need-to-know basis
• Regular security audits and assessments
• Employee training on data protection
• Incident response procedures

6.3 Your Responsibilities

• Keep your login credentials confidential
• Use strong, unique passwords
• Enable biometric authentication when available
• Report suspicious activity immediately

7. Your Rights and Choices

7.1 Account Information

You can:

• Access your account information through the app
• Update or correct your information at any time
• Download a copy of your data (data portability)
• Delete your account and associated data

7.2 Communication Preferences

You can:

• Opt out of promotional emails
• Manage push notification settings
• Control notification frequency and types

7.3 Location Data

You can:

• Enable or disable location services
• Control location accuracy (precise vs. approximate)
• Revoke location permissions at any time

7.4 Data Deletion

To request deletion of your data:

1. Use the account deletion feature in the app
2. Email us at privacy@mitikasha.com

Note: Some data may be retained for legal compliance even after deletion.

8. Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information.

If you believe we have inadvertently collected information from a child, please contact us at privacy@mitikasha.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we use standard contractual clauses, ensure adequate data protection measures, and comply with applicable data transfer regulations.

10. Region-Specific Rights

10.1 European Union (GDPR)

If you are in the EU, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we use your data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

Data Protection Officer: dpo@mitikasha.com

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

10.2 California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights
• Correct: Request correction of inaccurate personal information
• Limit Use: Limit use of sensitive personal information

Do Not Sell My Personal Information: We do not sell personal information. To exercise your rights, contact privacy@mitikasha.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date
• We will notify you of material changes via email or in-app notification
• Continued use after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: