Privacy Policy for munchcard
Effective date: 18 January 2026
munchcard (“we”, “us”, “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and safeguard your information when you use the munchcard mobile application (the “App”) and any related services.
If you do not agree with this Privacy Policy, please do not use the App.
1) Who we are (Controller)
For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), munchcard is the data controller for the personal data described in this policy.
Contact: hello@munchcard.co.uk
2) Information we collect
a) Account and profile information (provided by you)
Name
Email address
Date of birth (to verify eligibility and age-related requirements)
b) Loyalty and rewards information
Loyalty stamps / reward progress connected to the businesses and offers you choose to use in the App.
c) Usage, device and technical information (collected automatically)
We may collect:
Device information (e.g. device identifiers, device model, operating system version)
IP address
App interaction and diagnostic data (e.g. performance data, crash logs)
Approximate or precise location data (only if you enable location permissions on your device), used for location-based features such as showing nearby businesses.
d) Communications
If you contact us (e.g. by email), we may keep a record of that correspondence.
3) How we use your information
We use your information to:
Provide and maintain the App (account creation, authentication, core functionality).
Manage loyalty programmes (track stamps, progress and rewards with participating businesses).
Enable location-based features (e.g. showing nearby stores) where you have enabled location permissions.
Improve performance, reliability and security (debugging, diagnostics, crash troubleshooting, preventing misuse).
Communicate with you (service updates, support responses).
Marketing / promotions (only where permitted by law and, where required, with your consent; you can opt out at any time).
4) Legal bases for processing (UK GDPR)
We process personal data under one or more of the following legal bases:
Contract: where processing is necessary to provide the App and loyalty services you request.
Legitimate interests: to improve the App, maintain security, prevent fraud/misuse, and understand usage so we can fix issues and improve performance (balanced against your rights).
Consent: for optional features such as certain marketing communications and location permissions (you can withdraw consent at any time).
Legal obligation: where we must comply with applicable laws or lawful requests.
5) How we share your information
We may share personal data with:
a) Participating businesses / retailers
Where you choose to participate in a business’s loyalty programme, we may share the data needed to operate that programme (for example, loyalty progress / stamps and related identifiers). Businesses may act as independent controllers for their own purposes and have their own privacy policies. We encourage you to review them.
b) Service providers (processors)
We may use third-party service providers to help us operate the App (e.g. hosting, IT support, analytics, diagnostics). They may process personal data on our behalf under contractual obligations to protect it and only use it to provide services to us.
c) Legal and regulatory authorities
We may disclose information if required by law, regulation, court order, or to protect our rights, users, or the public.
d) Business transfers
If we are involved in a merger, acquisition, financing, reorganisation or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.
6) International transfers
Your data may be processed outside the UK or the European Economic Area. Where this happens, we will ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, an EU adequacy decision where applicable, or Standard Contractual Clauses (and any required addenda).
7) Data retention
We keep your personal data only for as long as needed to provide the App and fulfil the purposes described above, unless a longer retention period is required or permitted by law. We may retain certain data for legitimate business purposes such as dispute resolution, security, and compliance.
8) Security
We use appropriate technical and organisational measures designed to protect personal data. However, no method of transmission or storage is completely secure and we cannot guarantee absolute security.
9) Your choices and rights
Subject to applicable law, you may have the right to:
Access the personal data we hold about you
Rectify inaccurate or incomplete data
Erase your data (“right to be forgotten”) in certain circumstances
Restrict or object to certain processing (including direct marketing)
Data portability (receive certain data in a machine-readable format)
Withdraw consent where processing is based on consent
To exercise these rights, contact: hello@munchcard.co.uk
Marketing opt-out: You can opt out of marketing communications at any time by following the instructions in the message or contacting us.
Location permissions: You can enable/disable location access at any time via your device settings.
10) Children
The App is not intended for children who are not eligible under applicable law and our terms. We may use date of birth to help verify eligibility. If you believe a child has provided personal data, contact us and we will take appropriate steps.
11) Cookies and website analytics (website)
If we operate a website, we may use cookies and analytics tools to understand site usage and improve user experience. Where required, we will request consent before placing non-essential cookies or using non-essential analytics.
12) Third-party links and services
The App may reference third-party services (for example, participating businesses). We are not responsible for the content, security or privacy practices of third parties. Please review their privacy policies.
13) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version in the App or through our website and update the effective date. Your continued use of the App after changes means you accept the updated policy.
14) Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve your concern.
15) Contact
Email: hello@munchcard.co.uk
