Privacy Policy

Last Updated: 2026-06-02

This Privacy Policy explains how Pokesuta (“we”, “us”, or “our”) collects, uses, and discloses information about you when you access or use our platform, APIs, and website.

1. Scope of Policy

This policy applies to:

  • Merchants: Businesses using our platform to create digital passes.
  • End-Consumers: Individuals who download digital passes created by our Merchants. Note that for End-Consumer data, the Merchant is the primary Data Controller, and Pokesuta acts as a Data Processor.

2. Information We Collect

From Merchants:

  • Account information (name, email address, password).
  • Business information (company name, logo, locations).
  • Billing information (processed securely by third-party payment providers).

From End-Consumers:

  • Pass identifiers (UUIDs generated when a pass is added to a wallet).
  • Optional data provided during registration (e.g., name, email address) if requested by the Merchant.
  • Interaction data (e.g., when a pass is scanned, stamps earned, or coupons redeemed).
  • Device type (e.g., Apple vs Google Wallet).

Automatically Collected:

  • Usage data via cookies and analytics (e.g., PostHog) including IP addresses, browser type, and interaction events.

3. How We Use the Information

  • To provide, maintain, and improve our platform.
  • To process pass generation and distribute push notifications.
  • To provide analytics and aggregated insights to our Merchants regarding their pass performance.
  • To communicate with Merchants regarding support, billing, or platform updates.

4. Location Data Disclosure

Pokesuta allows Merchants to set geographic coordinates (GPS locations) on digital passes to trigger lock-screen notifications when an End-Consumer is nearby. Important: Pokesuta does not continuously track or store the End-Consumer’s real-time GPS location. Location monitoring is handled entirely locally on the End-Consumer’s device by the native OS (iOS or Android) Wallet application.

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Cloud hosting (Google Cloud Platform), email delivery (Resend), and analytics (PostHog) acting on our behalf.
  • Legal Compliance: If required by law, subpoena, or to protect the rights and safety of Pokesuta, our users, or the public.

6. Data Security

We implement industry-standard security measures (including ISO27001-equivalent database protections via GCP) to protect your data. However, no internet transmission is 100% secure.

7. Your Data Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, APPI), you may have the right to access, correct, or delete your personal data.

  • Merchants: Can manage data via their dashboard.
  • End-Consumers: Should contact the Merchant directly to exercise their rights, as the Merchant controls the data. If a Merchant is unresponsive, Consumers may contact us for assistance.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at: [Insert Contact Email]

Please contact support if you have questions regarding this document.