Privacy Policy

Inkmark (inkmark.co) provides digital loyalty stamp card software for independent businesses. We act as a data controller for business owner account data and as a data processor for customer loyalty data on behalf of our business customers.

Contact: support@inkmark.co

• Business owners: email address, password (stored hashed), business name, billing and subscription metadata via Stripe.
• Staff accounts: email address, password (stored hashed), and activity related to stamping and redemptions.
• Customer accounts: email address (verified via one-time sign-in code), optional session metadata, and linked loyalty cards across participating businesses.
• Customer loyalty cards: stamp and redemption events, card design preferences, and push notification subscription data when the customer opts in after linking an account.
• Technical data: server logs, error reports (when enabled), and request identifiers for support and security.

We use personal data to provide the Inkmark service, authenticate users, process subscriptions, send transactional emails, deliver push notifications requested by businesses, produce analytics for business owners, and improve reliability and security.

We use trusted providers to run Inkmark:

• Stripe — Payment processing and subscription billing
• Resend — Transactional email (verification codes, password reset, onboarding, billing, and security notifications)
• Railway — Application hosting, database, and cache infrastructure
• Cloudflare R2 — Logo and asset storage
• Sentry — Error monitoring and diagnostics

While your subscription or trial is active, we retain data needed to operate your loyalty programs. If you cancel, customer card and stamp data is deleted after 90 days unless you resubscribe sooner. Business account records may be retained longer where required for billing, legal, or fraud-prevention purposes.

Customer accounts and linked cards are kept until the customer deletes their account or we are required to remove them by law. Cards linked to an account are not automatically deleted for inactivity.

Unsaved (anonymous) customer cards that are never linked to an account may be anonymized after 120 days of inactivity (email and push data removed) and permanently deleted after one year of inactivity. Stamp and redemption history may be retained in anonymized form for aggregate business analytics until hard deletion.

UK and EEA individuals may have rights to access, rectify, erase, restrict, or object to processing, and to data portability where applicable. Business owners can contact us to exercise rights relating to their account. Customer requests about loyalty card data should normally be directed to the business that issued the card; we will assist our customers where required.

To make a request, email support@inkmark.co.

This policy is governed by the laws of England and Wales. UK businesses may also refer complaints to the Information Commissioner's Office (ICO).