Privacy Policy

Effective date: May 28, 2026 (v2.0)

PerkValet, Inc. ("PerkValet," "we," "us," or "our") operates the PerkValet loyalty platform, including the merchant dashboard, consumer mobile wallet, point-of-sale integrations, and AI-powered features (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information.

This Privacy Policy applies to merchants (businesses using PerkValet), consumers (individuals enrolled in a merchant's loyalty program), and visitors to perksvalet.com.

1. Information We Collect

1.1 Merchant Information

• Account information: business name, owner/contact name, email, phone, business address
• POS connection credentials: OAuth tokens from your POS provider — stored encrypted, never in plaintext
• Store locations: addresses, phone numbers, operating hours, and geographic coordinates
• Brand assets: logo, brand colors, fonts, taglines, and URL slug you provide
• Team member information: names, email addresses, and roles of users you invite, including data synced from your POS
• Billing information: processed through Stripe; we do not store full payment card numbers
• Communications preferences: email/SMS settings, "Your Voice" customizations, data collection mode selection

1.2 Consumer Information (collected on behalf of merchants)

PerkValet collects information about consumers who enroll in a merchant's loyalty program. The merchant — not PerkValet — is the "business" under applicable privacy laws. PerkValet processes this information as a "service provider" to the merchant.

• Identity: phone number (primary identifier), first name (optional)
• Locale preference: English or Spanish
• Loyalty data: enrollment events, visit history, stamp accumulation, reward earning and redemption, referral activity, multi-tier progression
• Transaction data (for enrolled consumers): date, time, store location, items purchased (names, SKUs, quantities, unit prices), category names, total amount, tax, discount, tip, payment method category (e.g., card, cash, gift card) — we do not collect payment card numbers or financial account details
• Geofence check-ins: timestamp and store associated with the check-in (when consumer allows location features)
• Device install events: whether the consumer has added the wallet to their home screen
• Communication engagement: delivery, open, and click events for SMS and email

1.3 Non-Enrolled Transaction Data (only when merchant enables Full Transaction Mode)

When a merchant enables Full Transaction Mode in their settings (default is off), PerkValet collects transaction metadata for all completed transactions, including from non-enrolled customers. These records contain only: date, time, store location, items purchased, category names, total amount, tax, discount, tip, and payment method category. They do not contain any personally identifying information about the non-enrolled customer.

1.4 Usage and Technical Information

• IP address, device type, browser type, operating system
• Pages viewed and feature interactions within the Service
• Referral source and session timestamps

We do not use third-party advertising trackers, social media pixels, or cross-site tracking technologies.

1.5 Information We Do Not Collect

• Payment card numbers, bank account numbers, or financial account credentials
• Employee wages, payroll, PINs, scheduling, or tax information
• Social Security numbers or government-issued IDs
• Health, medical, or biometric information
• Precise GPS location outside of opt-in geofence check-ins

2. How We Use Information

Merchant information: to operate the Service, process billing, communicate about your account, provide support, improve the Service, detect fraud, and comply with legal obligations.

Consumer information: to operate the loyalty program (enrollment, stamps, rewards, redemption), deliver rewards via your POS, send transactional and marketing communications, display loyalty status, detect duplicate accounts, and provide aggregated analytics to the merchant.

AI-powered processing: PerkValet uses third-party AI service providers (currently Anthropic, Inc.) to power features including Growth Advisor, template recommendations, AI-generated descriptions, and AI-assisted support. PerkValet sends only aggregated, de-identified data to AI providers — no individual consumer names, phone numbers, or email addresses. AI providers do not use this data to train their models.

PerkValet will never: sell consumer or merchant personal information, share consumer data across merchants, use consumer data for advertising, or use consumer data to train AI models.

3. Data Sharing

We share data only with service providers necessary to operate the Service:

• Render — cloud hosting infrastructure (SOC 2 Type II certified)
• Stripe — merchant billing and payment processing
• Zoho / Zepto Mail — transactional and marketing email delivery
• Twilio (or equivalent) — SMS notifications and authentication codes
• Clover / Square / Toast — POS integration for transaction events and reward delivery
• Anthropic — AI processing (aggregated, de-identified data only)

We do not sell, rent, or trade personal information. We do not share consumer data with other PerkValet merchants.

4. Data Security

• Encryption in transit: TLS 1.3 for all data transmission
• Encryption at rest: AES-256-GCM for POS access tokens and consumer phone numbers
• Access controls: role-based access control; principle of least privilege
• Audit logging: key actions logged for security and compliance
• Infrastructure: hosted on Render (SOC 2 Type II certified)

5. Data Retention

• Active merchant accounts: retained while account is active
• Closed merchant accounts: retained 90 days for reactivation; then deleted
• Active consumer accounts: retained while enrolled in at least one active loyalty program
• Inactive consumers: reviewed for deletion after 24 months of no loyalty activity
• Transaction records: retained for the duration of the merchant's active account
• Billing records: retained at least 7 years (tax/accounting requirements)
• Security and audit logs: retained at least 1 year

6. Your Rights

Under applicable privacy laws (including CCPA for California residents), you may have the right to: know what personal information we collect and how we use it, request deletion of your personal information, request correction of inaccurate information, and opt out of the sale of personal information (PerkValet does not sell personal information).

To exercise these rights:

• Consumers: contact your participating merchant directly, or contact hello@perksvalet.com
• Merchants: contact hello@perksvalet.com
• SMS opt-out: reply STOP to any SMS message

We will respond to verifiable requests within forty-five (45) days as required by law.

7. Children's Privacy

PerkValet is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. Consumers under 18 should obtain parental consent before enrolling.

8. Cookies

We use only strictly necessary cookies (authentication, session management) and functional cookies (locale preferences). We do not use advertising cookies, social media pixels, or cross-site tracking.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify affected merchants and consumers via email at least thirty (30) days before the changes take effect.

10. Bilingual Notice

A Spanish-language version of this Privacy Policy will be made available at perksvalet.com/privacy-es.

Una versión en español de esta Política de Privacidad estará disponible en perksvalet.com/privacy-es.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

PerkValet, Inc.
Pleasanton, California
hello@perksvalet.com