Privacy Policy

HubPass ("we", "our" or "Platform") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information in compliance with:

• PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
• LGPD - Lei Geral de Proteção de Dados (Law 13.709/2018, Brazil)

1.1 For Merchants

• Name and contact information (email, phone)
• Business name and information
• Billing and payment information
• Platform usage data (logs, metrics)

1.2 For Consumer Customers

• Required: Mobile phone number
• Optional: Name, email, date of birth
• Automatically collected: Stamp and redemption history, communication preferences

1.3 Technical Data

We automatically collect technical information such as IP address, browser type, operating system, and pages visited to improve our services and ensure security.

We use your personal data for the following purposes:

• Service Delivery: Operate the loyalty platform, record stamps and redemptions
• Communications: Send notifications about rewards, merchant-authorized promotional campaigns
• Identity Verification: Validate phone through SMS (2FA)
• Analytics and Improvements: Generate anonymous reports, improve user experience
• Security: Prevent fraud and misuse of the Platform
• Legal Obligations: Comply with legal and regulatory requirements

The processing of personal data by HubPass is based on the following legal grounds:

• Consent: For promotional communications, obtained through SMS code confirmation
• Contract Performance: For providing loyalty services
• Legitimate Interest: For analytics, improvements, and Platform security
• Legal Compliance: To meet legal and tax requirements

4.1 How We Obtain Consent

Consent to participate in the loyalty program is obtained through active opt-in: when the customer provides their phone number and confirms the SMS verification code (2FA), they are expressly consenting to:

• Participate in the business's loyalty program
• Receive program-related SMS communications
• Have their data processed according to this Policy

4.2 Withdrawal of Consent

You can withdraw your consent at any time, free of charge:

• By replying "STOP" or "UNSUBSCRIBE" to any SMS
• By contacting the business
• By emailing privacy@hubpass.ca

Your personal data may be shared with:

• Partner merchants: Only data necessary to operate your loyalty program
• Service providers: Companies that assist in operations (SMS delivery, hosting, payment processing)
• Authorities: When required by law or court order

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

Your data may be transferred and stored on servers located outside your country of residence, including servers in the United States, Canada, and Brazil. We ensure all transfers are made with adequate protection measures, including standard contractual clauses approved by competent authorities.

Under PIPEDA and applicable privacy laws, you have the following rights:

• Access: Confirm if we process your data and obtain a copy
• Correction: Correct incomplete, inaccurate, or outdated data
• Deletion: Request deletion of unnecessary data
• Portability: Receive your data in a structured format
• Withdrawal of Consent: Revoke previously given authorization
• Objection: Object to processing based on legitimate interest
• Information: Know with whom your data has been shared

To exercise your rights, contact us at privacy@hubpass.ca. We will respond within 30 days.

We retain your data for as long as necessary to:

• Provide the contracted service
• Comply with legal obligations (minimum 7 years for tax data)
• Exercise rights in judicial or administrative proceedings

After the retention period, data is anonymized or securely deleted.

We implement technical and organizational measures to protect your data, including:

• Data encryption in transit (HTTPS/TLS)
• Data encryption at rest
• Role-based access control
• Security monitoring and logs
• Regular backups
• Staff training on data protection

We use essential cookies for Platform functionality and analytics cookies to improve our services. You can manage your cookie preferences through your browser settings.

Our services are not directed to individuals under 18 years of age. We do not knowingly collect data from minors. If you become aware that a minor has provided personal data, please contact us so we can delete it.

We may update this Policy periodically. Significant changes will be communicated by email or through the Platform. We recommend reviewing this page regularly.

For questions related to data protection, contact our DPO:

• Email: dpo@hubpass.ca

If you believe your rights have not been respected, you may file a complaint with the competent authorities:

• Canada: Office of the Privacy Commissioner of Canada - www.priv.gc.ca
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) - www.gov.br/anpd

For questions about this Policy or the processing of your data:

• Email: privacy@hubpass.ca
• Support: support@hubpass.ca