Privacy Policy

Last updated: January 4, 2026

1. Introduction

Airpass ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital loyalty program platform.

2. Information We Collect

2.1 Business Account Information

When you create a business account, we collect:

  • Business name and email address
  • Owner name and contact information
  • Payment information (processed securely through Stripe)
  • Business logo and branding information

2.2 Customer Information

When customers sign up for a loyalty program, we collect:

  • First and last name
  • Email address and/or phone number
  • Date of birth (if required by the business)
  • Loyalty program activity and transaction history

2.3 Usage Information

We automatically collect certain information when you use our Service:

  • Device information (type, operating system, browser)
  • IP address and location data
  • Usage patterns and interactions with the Service
  • Log data and error reports

2.4 Wallet Pass Data

When digital passes are added to Apple Wallet or Google Wallet:

  • Device registration tokens for push notifications
  • Pass update requests and timestamps
  • Device identifiers (as provided by Apple/Google)

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send digital loyalty passes
  • Send administrative communications and updates
  • Provide customer support and respond to inquiries
  • Analyze usage patterns and optimize the Service
  • Detect and prevent fraud and abuse
  • Comply with legal obligations
  • Send marketing communications (with your consent)

4. Information Sharing and Disclosure

4.1 With Businesses

Customer information is shared with the business whose loyalty program the customer joined. Businesses are responsible for their own use of customer data in accordance with applicable laws.

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Stripe: Payment processing
  • Resend: Email delivery
  • Apple/Google: Digital wallet pass delivery
  • Railway/Supabase: Infrastructure and database hosting

4.3 Legal Requirements

We may disclose information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Limited access to personal information by employees

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and fulfill transactions
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records and analytics

When a business account is deleted, associated customer data is permanently removed from our systems within 30 days.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access and update your information through your account settings or by contacting us.

7.2 Data Deletion

You can request deletion of your account and associated data by contacting us. Businesses can delete customer data from their dashboard.

7.3 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link or adjusting your preferences in your account settings.

7.4 Do Not Track

Our Service does not currently respond to Do Not Track signals.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to such transfers.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and remember your preferences
  • Analyze usage patterns and improve the Service
  • Provide personalized content

You can control cookies through your browser settings, but some features may not function properly if cookies are disabled.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

12. GDPR Rights (European Users)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

By using Airpass, you acknowledge that you have read and understood this Privacy Policy.