Perkfinity

🔒 Privacy Policy

Effective Date: March 23, 2025  |  Last Updated: May 5, 2026

1. Introduction

Welcome to Perkfinity ("we," "our," or "us"). Perkfinity operates the website www.perkfinity.net and the Perkfinity mobile application (iOS and Android). We are committed to building a privacy-first ecosystem that connects people with local and online businesses through perks and rewards.

This Privacy Policy explains how we collect, use, protect, and handle your information when you use our website, mobile app, and related services.

🛡️ Our Privacy-First Promise: We never sell your Personal Identifiable Information (PII). We may only share or sell data in a strictly aggregated, anonymized form. Most importantly, Merchants can never see a Member's PII (like your email or phone number) through our platform.

2. Information We Collect

We collect different information depending on whether you use our services as a Member (consumer) or as a Merchant (business owner).

A. For Members (Consumers)

  • Account Information: Name, email address, and password when you create an account. If you sign up via Apple Sign-In or Google Sign-In, we receive your name and email from those providers.
  • Profile Information: Zip code and notification preferences you provide during onboarding.
  • Activity Data: Records of perks you claim, activate, and redeem — including QR code scans at participating physical locations and promo code reveals for online merchants. This data is used solely to facilitate your rewards and is never shared with merchants in a form that identifies you personally.
  • Device Information: Device type, operating system, and push notification tokens if you opt in to receive notifications.
  • Location Data: We may request access to your device's location (GPS) solely to show you nearby participating businesses within the Nearby Deals feature of our mobile app. Location data is used in real-time and is not stored on our servers. You can deny or revoke location permission at any time in your device settings. We also use your ZIP code (entered manually) for the same discovery purpose on our website.

B. For Merchants

  • Business Information: Business name and contact details. The specific information collected depends on your business type:
    • Physical Store merchants: Street address, suite, city, state, ZIP code, and optional website.
    • Online Brand merchants: Business website URL (physical address is not required or collected).
    • Online + Physical (Hybrid) merchants: Business website URL and, for single-location businesses, a primary street address, city, state, and ZIP code.
    • Mobile / Pop-Up merchants: Operating city and ZIP area (no fixed street address required).
  • Contact Information: Contact person name, phone number, and email address.
  • Account Credentials: Password for merchant portal access (stored securely using industry-standard hashing).
  • Business Assets: Logo and other branding materials you upload.
  • Subscription & Billing: Subscription tier selection and payment information (processed securely by Stripe — we never store your full card number). For Online Brand and Hybrid merchants, billing begins after application approval. For Physical and Mobile merchants on the free trial, billing begins after the trial member limit is reached. Payment information is collected at sign-up, but no charge is made until billing is triggered.

C. Automatically Collected Information

  • IP address, browser type, device type, and pages visited on our website.
  • App usage analytics (crash reports, feature usage) to improve our services.

3. How We Use Your Information

  • Providing Services: Facilitating the scanning and redeeming of perks via QR code at physical locations, and the revealing and use of promo codes for online checkout. Also includes managing member memberships and merchant campaigns across all presence types.
  • Communications: Sending campaign emails from merchants about their offers (via our email service), transactional emails (password resets, welcome emails), and push notifications about new perks.
  • Account Management: Administering member accounts, merchant portals, and subscription billing.
  • Improvement: Analyzing aggregated, anonymized platform usage to improve our services.
  • Security: Detecting and preventing fraud, abuse, and unauthorized access.

4. How We Protect and Share Your Information

The Perkfinity Privacy Promise

We do not sell, rent, or trade your Personal Identifiable Information (PII) to third parties. Any data we may share or sell is strictly in an aggregated, anonymized format that cannot be traced back to you.

What Merchants See

When a Member redeems a perk — whether by scanning a QR code at a physical location or by revealing a promo code for online use — the Merchant does not receive the Member's PII (like email or phone number). Merchants receive only:

  • Aggregated data (e.g., "15 perks redeemed today" or "42 promo codes revealed this week")
  • Offer status (created, pending, redeemed, expired) without personal identifiers visible
  • Member count totals for their campaigns

Third-Party Services

We use the following trusted services to operate Perkfinity:

  • Brevo (Sendinblue): For sending campaign and transactional emails on behalf of merchants. Your email address is shared with Brevo solely for email delivery.
  • Firebase Cloud Messaging: For sending push notifications to your device. Your device token is shared with Firebase solely for notification delivery.
  • Vercel: For hosting our backend services.
  • Neon: For secure database hosting (all data encrypted at rest).
  • Apple & Google: If you use Apple Sign-In or Google Sign-In, your authentication is handled by their respective services.
  • Stripe (Payment Processor): Merchant billing and credit card processing are handled entirely by our secure, PCI-compliant payment partner, Stripe. Perkfinity does not process, interact with, or store full credit card numbers or sensitive billing data on our servers.

Security Measures

  • Passwords are hashed using bcrypt with 12 salt rounds
  • All data transmitted via HTTPS/TLS encryption
  • JWT-based authentication with token expiry
  • Database encrypted at rest

5. Daily Digest Emails

Perkfinity sends a Daily Digest — a single aggregated email delivered to members containing active deals and offers from multiple participating merchants. This digest:

  • Is sent from noreply@perkfinity.net under the Perkfinity name — not on behalf of any individual merchant
  • Aggregates active campaigns from multiple merchants relevant to the member, based on their preferences and location
  • Includes each merchant's offer details, logo, and store information (physical address for location-based merchants, or website link for online merchants, where applicable)
  • Includes a one-click unsubscribe link in compliance with the CAN-SPAM Act — members can opt out of future digest emails at any time

Your email address is never directly shared with any merchant. Merchants do not control or initiate individual emails to members — all member communications are managed exclusively by Perkfinity.

6. Promo Codes

For Online Brand and Hybrid merchants, Perkfinity auto-generates a unique welcome promo code (a "HELLO code") linked to the merchant's welcome offer. When a Member reveals a promo code on our platform:

  • The Member receives the code to use at the merchant's online checkout or point of sale.
  • Perkfinity records that a promo code was claimed to track campaign performance — this record does not identify the member to the merchant.
  • The merchant's identity is displayed to the member, but the member's identity is never disclosed to the merchant.
  • Promo codes are managed by Perkfinity; merchants configure them in their own checkout system (e.g., Shopify, WooCommerce).

7. Push Notifications

If you opt in during app onboarding, we may send push notifications about:

  • New perks available from merchants you've joined or visited
  • Expiring offers
  • Location announcements from Mobile / Pop-Up merchants you follow (e.g., where to find them next)
  • Important account updates

You can disable push notifications at any time in your device settings.

8. Your Choices and Rights

  • Opt-Out of Emails: Unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or contacting us.
  • Disable Notifications: Turn off push notifications in your device's Settings app.
  • Location Permissions: Deny or revoke location access at any time in your device's Settings app. This only affects the Nearby Deals geolocation feature; other app functions remain unaffected.
  • Data Access: Request to review or receive a copy of the personal information we hold about you.
  • Data Deletion: Members can instantly and permanently delete their accounts and associated personal data directly within the Perkfinity mobile app (Profile → Delete Account). Merchants possess a secure deletion workflow within the Billing tab of their dashboard. This deletion pipeline explicitly complies with Federal and State privacy laws (including CCPA), as well as Apple/Google ecosystem requirements. All Personal Identifiable Information (PII) is irrevocably wiped upon execution.
  • Account Portability: Request an export of your data in a commonly used format.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon initiating account deletion:

  • Members: Active account Personal Identifiable Information (PII) is securely wiped instantly from our servers.
  • Merchants: To prevent accidental loss of business data, campaigns, and community member lists during off-seasons, we retain inactive Merchant data securely under an automatic 6-month Grace Period following subscription cancellation. Merchants may deliberately bypass this grace period and permanently wipe their Personal Identifiable Information (PII) immediately by utilizing the manual deletion link accessible exclusively within the Billing dashboard of a fully cancelled or cancellation-pending account.
  • Analytics: Strictly anonymized, aggregated data markers (e.g., historical perk redemptions containing no personal identifiers) are retained indefinitely for global system analytics.

10. Children's Privacy

Perkfinity's services are not directed to individuals under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such data, we will promptly delete it.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: