Privacy Policy

Mobile App Privacy Policy

Effective Date: November 13, 2025

Introduction

Welcome to the BellyButton Loyalty App ("App"). This Mobile App Privacy Policy describes how we collect, use, store, and protect your personal information when you use our loyalty rewards application. By using our App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account or log in to our App, we collect:

• Email Address: Required for account creation and login authentication
• Name: To personalize your experience
• Profile Information: Any additional details you choose to provide

Authentication Data

We offer multiple login methods:

• Email/Password Login: Your email and encrypted password
• Google Sign-In: When you use Google to log in, we receive basic profile information (email, name, and profile picture) from Google in accordance with their privacy policies

Receipt Data

Our App allows you to earn rewards by scanning receipts from our restaurant:

• Receipt Images: Photos of receipts you upload through the App
• Transaction Details: Purchase date, items ordered, transaction amount, and receipt number
• Visit Frequency: Data about when and how often you visit our restaurant

Loyalty Program Data

• Virtual Currency Balance: Points, coins, or credits earned through purchases and activities
• Reward History: Records of rewards earned, redeemed, and available
• Transaction History: History of points earned and spent within the App

Usage and Analytics Data

• App Usage Information: Features used, pages viewed, and interactions within the App
• Device Information: Device type, operating system, unique device identifiers
• Log Data: IP address, browser type, access times, and pages viewed

Location Data (Optional)

• With your permission, we may collect location data to provide location-based services, such as finding nearby restaurant locations or verifying receipt authenticity

How We Use Your Information

We use the collected information for the following purposes:

Account Management

• Creating and managing your loyalty account
• Authenticating your identity when you log in
• Providing personalized user experience

Loyalty Program Operations

• Processing receipt scans to verify purchases at our restaurant
• Calculating and crediting virtual currency to your account
• Managing reward redemption and tracking
• Preventing fraud and abuse of the loyalty program

Communication

• Sending account-related notifications
• Informing you about earned rewards and available promotions
• Providing customer support and responding to inquiries
• Sending marketing communications (with your consent)

Service Improvement

• Analyzing usage patterns to improve App functionality
• Understanding customer preferences and behavior
• Enhancing user experience and developing new features
• Conducting research and analytics

Legal and Security

• Complying with legal obligations
• Protecting against fraudulent or illegal activity
• Enforcing our Terms of Service
• Resolving disputes

Receipt Scanning and Processing

When you scan a receipt through our App:

1. The image is securely uploaded to our servers
2. We use optical character recognition (OCR) technology to extract transaction details
3. The system verifies the receipt is from our restaurant and has not been previously submitted
4. Virtual currency is automatically credited to your account based on the purchase amount
5. Receipt images are stored securely and may be retained for verification and audit purposes

Virtual Currency System

The virtual currency earned through our App:

• Has no cash value and cannot be exchanged for real currency
• Can only be redeemed for rewards, discounts, or items specified within the App
• Is non-transferable between accounts
• May expire according to the terms displayed in the App
• Is subject to our loyalty program terms and conditions

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who assist us with:

• Cloud hosting and data storage
• Receipt processing and OCR technology
• Analytics and app performance monitoring
• Email and push notification services
• Authentication services (e.g., Google Sign-In)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law or in response to:

• Legal processes or government requests
• Protection of our rights, property, or safety
• Investigation of fraud or security issues
• Emergency situations involving potential harm

Business Transfers

If our business is acquired or merged with another company, your information may be transferred as part of that transaction.

Third-Party Services

Google Sign-In

When you use Google Sign-In, your use is subject to Google's Privacy Policy. We receive only the information you authorize Google to share with us. You can manage your Google account settings and permissions at any time through your Google account.

Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit and at rest
• Secure authentication protocols
• Regular security audits and updates
• Restricted access to personal data on a need-to-know basis
• Secure storage of receipt images and transaction data

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to:

• Maintain your account and provide services
• Comply with legal obligations
• Resolve disputes and enforce our policies
• Prevent fraud and abuse

Receipt images and transaction data may be retained for up to 7 years for audit and verification purposes. You may request deletion of your account and associated data at any time, subject to legal retention requirements.

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

• Request a copy of the personal data we hold about you
• Export your loyalty program data and transaction history

Correction and Update

• Update or correct your account information through the App settings
• Request correction of inaccurate data

Deletion

• Request deletion of your account and personal data
• Note: Some information may be retained as required by law or for legitimate business purposes

Opt-Out Rights

• Unsubscribe from marketing emails via the link in our emails
• Disable push notifications through your device settings
• Revoke location permissions through your device settings
• Disconnect third-party accounts (like Google) through the App settings

Data Processing Objection

• Object to certain types of data processing
• Withdraw consent for optional data collection

To exercise any of these rights, please contact us using the information provided below.

Children's Privacy

Our App is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately, and we will delete such information.

International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. By using our App, you consent to the transfer of your information to countries that may have different data protection laws than your country.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy in the App
• Sending you an email notification
• Displaying a prominent notice within the App

Your continued use of the App after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BellyButton Restaurant
Email: kontakt@bellybutton.sk
Address: Timonova 13, Košice
Phone: +421 902 458 082

For data protection inquiries or to exercise your privacy rights, please email us with "Privacy Request" in the subject line.

---

Last Updated: November 13, 2025