Privacy & Data Policy

Your data belongs to you. Here's how we protect it.

Business Data Ownership

When you use Local, all customer data belongs to you, the business owner. Local acts as a data processor, not a data owner.

This means:

  • You maintain full ownership and control of your customer data
  • You can export all your data at any time in standard CSV format
  • When you cancel your account, your data is deleted after a short retention period

What Customer Data We Store

For each customer in your loyalty program, we store:

  • Contact Information: Phone number (required), name (optional)
  • Birthday: Month and day only (if provided), for birthday rewards
  • Loyalty Data: Visit history, rewards earned, and rewards redeemed
  • SMS Consent: Opt-in status, consent timestamp, and language preference

What We Never Do

Customer data is never sold, shared with advertisers, used across businesses, or monetized in any way.

  • ❌ Sell customer data to third parties
  • ❌ Share data with advertisers or data brokers
  • ❌ Use customer data across different businesses
  • ❌ Send marketing messages unrelated to your loyalty program
  • ❌ Use customer data to train AI models
  • ❌ Retain data indefinitely after account cancellation

SMS & Phone Number Usage

Phone numbers are used solely for customer identification and transactional loyalty messages. We:

  • Only send messages related to your loyalty program (welcome, rewards earned)
  • Immediately honor STOP requests — no further messages after opt-out
  • Mask phone numbers (e.g., *-4444) wherever possible in the interface to protect customer privacy
  • Never share phone numbers between businesses
  • Never use phone numbers for telemarketing or third-party purposes

Data Export & Portability

Business owners can export all their customer data at any time from Account Settings. Exports include:

  • Complete customer records (names, contact info, birthdays)
  • Full visit history with timestamps
  • Reward records (earned, redeemed, expired)
  • SMS consent status and preferences

Data is exported in standard CSV format, compatible with spreadsheets and other systems.

Data Deletion on Cancellation

When a business cancels their Local account:

  • Customer data is marked for deletion immediately
  • A short retention period (up to 90 days) allows for accidental cancellation recovery
  • After the retention period, all customer personally identifiable information is permanently destroyed

Internal Access Controls

Access to customer data by Local staff is strictly limited to:

  • Customer support (when requested by the business owner)
  • Technical debugging (to resolve reported issues)
  • Legal compliance (when required by law)

There is no casual or exploratory access. All access is logged and auditable.

Security Measures

  • ✅ All data transmitted over HTTPS/TLS encryption
  • ✅ Database encryption at rest
  • ✅ Regular security updates and monitoring
  • ✅ Role-based access controls for all staff

End Customer Rights

If you're a customer of a business using Local, you can:

  • Text STOP at any time to opt out of SMS messages
  • Contact the business directly to request data deletion
  • View your loyalty status via your personal loyalty page link

Questions?

If you have questions about our data practices, please contact us at hello@use-local.com.

Last updated: January 1, 2026