Privacy Policy
Last updated: 1 July 2026
1. Who we are
Stampomat is a digital loyalty stamp-card service operated by Daniel Ilievski, Ljubljana, Slovenia (“Stampomat”, “we”, “us”).
For anything related to your personal data, contact us at info@stampomat.com.
This policy covers the Stampomat website (stampomat.com), the customer loyalty wallet, the merchant dashboard, and the in-shop cashier screens. It applies to shop visitors who collect stamps (“customers”), businesses that run loyalty programs on Stampomat (“merchants”), people who contact us or start signing up, and visitors to our website.
2. Our role, and the shops' role
For your Stampomat account, our website, and our communications, Stampomat is the data controller.
Your loyalty activity at a particular shop — your name, your stamps, your visits, your rewards, and any feedback you leave there — is also visible to that shop, because that is what a loyalty program is. For this data, Stampomat and the shop are joint controllers: we run the platform, keep it secure, and handle your privacy requests; the shop may use this data only to run its loyalty program, and our contract with every merchant binds them to that. You can exercise your privacy rights against either of us; the easiest path is emailing us.
One shop never sees your activity at another shop.
3. Data we collect
If you are a customer (you collect stamps)
| Data | Where it comes from | Why | Legal basis | Kept for |
|---|---|---|---|---|
| Name, email address, Google account ID | Your Google account, when you sign in with Google | Your account and wallet | Contract | Life of your account |
| Language preference, email opt-out | Your choices in the app | Showing the app in your language; respecting your email preferences | Contract / consent | Life of your account |
| Push notification subscription | Only if you accept the browser's notification prompt | Reward nudges (e.g. “you're 1 stamp away”) | Consent | Until you unsubscribe |
| Stamps, rewards, redemptions — i.e. when you visited which shop | Scanning QR codes at the counter | This is the loyalty service itself; shared with that shop only | Contract | Life of your account |
| Feedback ratings and comments | Only if you fill in the voluntary feedback prompt | Shown to the shop, with your name | Consent | Life of your account |
| Anti-abuse signals (device cooldown cookie, temporary lockout state) | Automatic | Preventing stamp fraud | Legitimate interest | Lockouts until cleared; see §9 for logs |
If you are a merchant (you run a loyalty program)
Your name and email (from Google sign-in), your business name, phone number (if you submitted our setup-request form), your logo, language, and subscription status. Legal basis: contract. Kept for the life of your account; see §9 for what happens after termination.
If you contact us or start signing up
Contact-form submissions (name, business name, email, message) and unfinished registrations (email, name, how far you got). If you abandon a registration we may send you up to three reminder emails within 3 days, then stop. Legal basis: legitimate interest in answering you and helping you finish what you started.
If you just visit our website
Our analytics is cookieless and first-party. For each page view we record: the page, the referring site's domain, your language, your country (derived from your IP address — the IP itself is never stored), and an anonymous visitor hash that is cryptographically rotated every day, so it cannot follow you across days. We honor the Do-Not-Track browser setting: if it is on, we record nothing at all.
Security logs
For fraud prevention we log security-relevant events (e.g. failed logins, suspicious stamping attempts) with the IP address and country. These logs are automatically deleted after 90 days.
Automated anti-fraud decisions
Our anti-fraud systems can automatically and temporarily limit stamp collection (for example, when one device collects stamps on several accounts in quick succession). These automated locks only pause stamp collection — they never close an account or take away earned rewards on their own; such decisions are always made by a human. If you think an automatic lock got it wrong, email us and a person will review it.
4. What we never collect
- No payment card data. Merchant billing is handled by invoice; customers never pay us anything.
- No precise location. Only coarse country, derived transiently from IP.
- No advertising identifiers, no third-party trackers, no Google Analytics, no social-media pixels.
- We do not sell personal data. Not to anyone, not in aggregate, not ever.
5. Cookies
We use only first-party cookies that the service needs to function. There is no advertising or third-party tracking cookie, and our analytics works without cookies — which is why you do not see a cookie banner.
| Cookie | Purpose | Lifetime |
|---|---|---|
| Session + CSRF cookies | Keeping you logged in during a visit; protecting forms against forgery | Browser session |
| Customer “remember me” | So you don't have to sign in with Google on every scan | Up to 400 days |
| Merchant “remember me” | So merchants stay logged into their dashboard | Up to 400 days |
| Administrator “remember me” | Same, for the platform administrator | 30 days |
| Stamp device cookie | Anti-fraud: stops one device from collecting stamps on many accounts in quick succession | Persistent |
| Cashier device cookie | Marks a shop's counter tablet as a trusted device | Persistent |
All of these are encrypted and none of them are readable by third parties.
6. Emails we send
- Service emails (cannot be opted out while you have an account): reward earned, reward about to expire.
- Engagement emails (every one contains a one-click unsubscribe link): “we miss you” win-back notes when you haven't visited a shop in a while, and reminders about unredeemed rewards. Unsubscribing is global — one click stops all engagement email from us, for every shop.
- Signup recovery: up to three emails within 3 days if you started but didn't finish merchant registration.
7. Who we share data with
We share personal data only with the processors needed to run the service:
| Recipient | What | Why |
|---|---|---|
| The shop where you collect stamps | Your name, stamps, visits, rewards, feedback | That's the loyalty program (see §2) |
| Google LLC | Sign-in only: Google confirms who you are and gives us your name and email | Authentication |
| Our hosting provider (InterServer, Inc., servers in the United States — New Jersey) | All service data, including encrypted backups | Hosting, email delivery, backups |
| Your browser's push service (Google FCM, Mozilla, or Apple, depending on your browser) | An anonymous push endpoint | Delivering notifications you opted into |
Country lookup never involves a third party: it runs on our own server against a local copy of the DB-IP Country Lite database, so your IP address never leaves our infrastructure.
Merchants can export a list of their own customers (name, email, stamp progress) to run their loyalty program. Our terms forbid them from using it for anything else.
We never share data with advertisers or data brokers. We disclose data to authorities only when legally required to.
8. International transfers
Stampomat operates from Slovenia (EU) and serves users in Slovenia, North Macedonia and the wider EU. Google (sign-in, push) is certified under the EU-US Data Privacy Framework. Our hosting provider, InterServer, Inc., stores the data, including backups, on its own infrastructure in the United States (New Jersey) and uses no sub-processors. For data of EU/EEA users transferred to the United States we rely on the European Commission's Standard Contractual Clauses.
9. How long we keep data
| Data | Retention |
|---|---|
| Customer and merchant accounts | Until you delete your account; then removed within 30 days |
| Merchant data after contract ends | Deleted within 90 days; export available on request before that |
| Security and anti-fraud logs | 90 days, automatic |
| Contact-form messages | Up to 2 years |
| Abandoned registrations | 90 days |
| Email delivery logs | 1 year |
| Encrypted backups | Rolling window of recent days; old backups overwrite automatically |
| Cookieless analytics events | Kept in aggregate-grade form (daily-rotating hash, no IP); not tied to an identifiable person |
10. Security
All traffic is encrypted (HTTPS, with HSTS). Login cookies are encrypted; merchant passwords are hashed. Cashier screens never show customer names. Anti-fraud systems (device cooldowns, lockouts, audit logs) watch for abuse. The database is backed up nightly with restrictive file permissions. Security headers (content-type sniffing protection, frame-ancestors restrictions, referrer policy) are applied platform-wide.
No internet service can promise perfect security, but if we learn of a breach affecting your data we will notify you and the competent authority as the law requires.
11. Your rights
Under the GDPR and the Macedonian Law on Personal Data Protection you can ask us, at info@stampomat.com, to:
- Access the data we hold about you, and get a copy (portability);
- Correct it;
- Delete your account and data (“right to be forgotten”);
- Restrict or object to processing based on legitimate interest;
- Withdraw consent at any time (e.g. push notifications — also possible directly in your browser settings; engagement emails — unsubscribe link).
We answer within 30 days. We will need to verify it's really you (normally by you writing from the email on the account).
You can also complain to a supervisory authority: in North Macedonia, the Agency for Personal Data Protection (azlp.mk); in Slovenia, the Information Commissioner (ip-rs.si); or your local EU authority.
12. Children
Stampomat is not directed at children under 16 and we do not knowingly collect their data. Signing in requires a Google account.
13. Changes to this policy
If we change this policy in a meaningful way we will say so on the website, and for significant changes affecting account holders we will email you. The “Last updated” date at the top always tells you the current version.
See also: Terms of Service for customers · Terms of Service for businesses