Privacy Policy
- § 1
Controller
Controller within the meaning of the GDPR: Printproof UG (haftungsbeschränkt) [ERSETZEN: Straße Hausnummer] [ERSETZEN: PLZ Ort] Germany
Data protection contact: support@treuly.de · Phone: +49 170 5922001
- § 2
What data we collect
We only collect what Treuly needs to work: the shop owner's email address (authentication), details about the shop and the stamp card (display and configuration), and stamp timestamps (reward logic).
For your customers' stamp cards we use an anonymous pass identifier. End customers do not need to register with Treuly and are not personally identified by us.
No profiling, no sale of data to third parties, no advertising trackers on treuly.de.
- § 3
Legal bases
Processing takes place on the basis of Art. 6 (1) (b) GDPR (performance of a contract) to provide the service, Art. 6 (1) (c) GDPR (legal obligation) for retention requirements, and Art. 6 (1) (f) GDPR (legitimate interest) for operational security (e.g. log files).
- § 4
Account area and statistics
In the logged-in account area on treuly.de we show you statistics about your business (e.g. stamps issued, active wallet passes, redemptions). These insights are derived from the operational data already processed to run the service and are provided in performance of the contract (Art. 6 (1) (b) GDPR). Your end customers remain anonymous; no additional personal data is collected for this.
Paid subscriptions are purchased exclusively in the iOS app via the Apple App Store. Payment processing is handled by Apple Distribution International Ltd.; Apple's privacy terms apply. We do not receive payment data from Apple — only the subscription status.
- § 5
Service providers (processors)
We use the following providers to operate Treuly:
• Website and API hosting: Render Services, Inc. (Frankfurt / EU region) • Database: Supabase, Inc. (EU region) • Authentication and account management: Clerk, Inc. (USA) • Apple Wallet / push notifications: Apple Distribution International Ltd. (Ireland) • Google Wallet: Google Ireland Limited (Ireland)
Transfers to third countries (USA) take place on the basis of Standard Contractual Clauses under Art. 46 GDPR or, where certified, an adequacy decision (EU–US Data Privacy Framework).
- § 6
Your rights
Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). Send requests informally to support@treuly.de.
Competent supervisory authority: [ERSETZEN: Datenschutzaufsichtsbehörde des Bundeslandes, in dem die Printproof UG ihren Sitz hat, mit Anschrift].
- § 7
Retention
We only retain personal data for as long as it is needed to provide the service or to meet statutory retention obligations (e.g. § 147 AO, § 257 HGB). After you delete your account, content is removed within 30 days.
- § 8
Draft status
This privacy policy is a draft — legal review is pending.