Privacy Policy

Introduction

OAR Technologies Inc. ("we," "our," or "us") operates Loop, a local rewards platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you register for an account or use our Service:

• Account Information: Email address, name, and profile photo (optional)
• Phone Number: Optional, for receiving push notifications about nearby rewards
• Transaction Data: Purchase history at participating merchants for rewards calculation
• Communications: Messages you send to customer support

Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features accessed, time spent in app, screens viewed
• Log Data: IP address, browser type, access times, error logs

Location Information

With your explicit permission, we collect precise location data to identify nearby participating merchants and notify you of available rewards. You can enable or disable location services at any time through your device settings. The app functions without location access, but some features (like nearby merchant discovery) will be limited.

Biometric Data

We offer optional Face ID or Touch ID authentication for convenient and secure access to your account. Biometric data is processed entirely on your device by Apple's Secure Enclave and is never transmitted to or stored on our servers. We only receive a confirmation of successful authentication.

How We Use Your Information

We use collected information for the following purposes:

• Provide the Service: Create and manage your account, process rewards, and maintain your balance
• Transaction Processing: Match purchases with participating merchants and calculate rewards
• Notifications: Alert you to available rewards, nearby merchants, and account activity
• Personalization: Customize your experience based on your preferences and location
• Customer Support: Respond to your inquiries and resolve issues
• Analytics: Understand how users interact with our Service to improve functionality
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

Information Sharing and Disclosure

We may share your information in the following circumstances:

• Participating Merchants: We share transaction data with merchants to verify purchases and process rewards. Merchants see only the information necessary to fulfill rewards (e.g., that you made a qualifying purchase).
• Service Providers: We use third-party services for hosting (Supabase), authentication, analytics, and notifications. These providers are contractually bound to protect your information.
• Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties. We do not share your information with advertisers or data brokers.

Third-Party Services

Our Service uses the following third-party services that may collect information:

• Supabase: Database and authentication services (Privacy Policy)
• Expo: Mobile app development platform (Privacy Policy)
• Resend: Email delivery for account verification (Privacy Policy)

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account Data: Retained until you delete your account
• Transaction History: Retained for 7 years for tax and legal compliance
• Usage Logs: Automatically deleted after 90 days
• Support Communications: Retained for 2 years after resolution

After account deletion, we may retain anonymized, aggregated data for analytics purposes. Some information may be retained longer if required by law.

Data Security

We implement industry-standard security measures to protect your information:

• All data transmitted between your device and our servers is encrypted using TLS 1.3
• Sensitive data is encrypted at rest using AES-256 encryption
• We use secure, SOC 2 compliant infrastructure providers
• Access to user data is restricted to authorized personnel only
• We conduct regular security assessments and monitoring

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information via app settings or by contacting us
• Deletion: Request deletion of your account and associated data
• Opt-Out: Disable push notifications or location services at any time
• Portability: Request your data in a machine-readable format

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

To exercise these rights, contact us at privacy@looplocal.io. We will respond within 45 days as required by law.

Nevada Residents

Nevada residents may opt out of the sale of covered information. We do not currently sell covered information, but you may submit a request to privacy@looplocal.io.

Push Notifications

We may send push notifications about rewards, nearby merchants, and account activity. You can opt out at any time by adjusting notification settings in the app or your device settings. Opting out of notifications does not affect your ability to use the Service.

Tracking and Analytics

We do not track you across third-party websites or apps. We do not participate in cross-app advertising networks. Our analytics are used solely to improve the Service and are not shared with advertisers.

If prompted by Apple's App Tracking Transparency framework, you may choose whether to allow tracking. Loop functions fully regardless of your choice.

Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@looplocal.io, and we will delete such information.

International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last updated" date
• Sending an in-app notification or email for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within 30 days (or within the time required by applicable law).