Want to see how it works for your business?

Back to home

Privacy Policy

Last updated: 2026-05-17

Draft — pending legal review. If you plan to use PuntosPro in production, we recommend having the final text reviewed by an attorney.

PuntosPro ("we", "the platform") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and what rights you have over it. By using our app or website you agree to the practices described in this document.

1. Data controller

PuntosPro is the controller of your personal data. For any privacy-related question you can email us at privacy@puntospro.com. Our service is operated from Argentina.

2. Data we collect

The data we collect depends on the type of account you create and how you use the platform.

If you're an end customer (PuntosPro app):

  • Name, email and password (hashed) when you sign up. Alternatively you can sign in with Google or Apple (Sign in with Apple); in that case we don't store a password, only the email verified by the provider.
  • Optional data you choose to add: phone, date of birth, gender, national ID.
  • Alias and unique QR code generated automatically so you can use the platform.
  • Notification language you choose (Spanish or English).
  • Memberships at enrolled businesses: points balance, tier, visits, total spent, transaction and redemption history.
  • Coupon book purchases and their usage (if applicable).

If you're a business (admin panel):

  • Business name, email, phone, address, city, state/province, business category.
  • Owner or team user data: name, email, hashed password, role (admin / staff).
  • Loyalty program configuration: point rates, tiers, rewards, campaigns.
  • If you connect MercadoPago: user identifier and access token required to process coupon-book payments.

Technical data:

  • IP address (for rate limiting and fraud prevention).
  • Session cookies needed to keep you signed in (httpOnly cookies named "token" and "app_token").
  • Audit logs for critical actions (login, redemptions, plan changes).
  • We don't use third-party web analytics tools such as Google Analytics or Meta Pixel.

3. How we use your data

  • Operate the loyalty program: identify you, assign points, record redemptions, and apply tiers.
  • Send you transactional emails: welcome, point credits, redemptions, point expiration, birthday and reminders. You can change the language of these emails from your profile.
  • Generate your personal QR code and read merchant or customer QRs using the device camera. The camera only turns on when you open the scan screen; we don't record, transmit, or store any images or video — we only decode the QR locally.
  • Process coupon-book payments through MercadoPago.
  • Optionally generate a Google Wallet pass for your loyalty card.
  • Prevent fraud and abuse and resolve disputes.
  • Comply with applicable legal obligations.

We don't sell or rent your data to third parties for advertising purposes.

4. Who we share your data with

We share data only with providers that supply services needed to operate the platform. Each of them processes data under its own privacy policy:

  • Vercel — hosting, app delivery, and anonymous usage metrics (Vercel Web Analytics and Speed Insights, cookieless and without personal data).
  • Supabase — database where your account information and movements are stored.
  • Resend — transactional email delivery.
  • Google — optional OAuth login and, on Android, Google Wallet pass generation.
  • MercadoPago — coupon-book payment processing when the business enables it.

We may also disclose information if required by a competent authority or as necessary to protect our rights or the rights of third parties.

5. Data retention

We keep your information for as long as your account is active. If you request deletion, we'll erase your identifiable personal data within 30 days, unless the law requires us to retain part of the information (for example, accounting records or financial transaction logs).

6. Your rights

Under Argentina's Personal Data Protection Act (Law 25.326) and equivalent regulations, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or outdated data.
  • Request the deletion of your account and associated data.
  • Object to the processing of your data in certain circumstances.
  • Export your data in a readable format.

To exercise any of these rights, email privacy@puntospro.com with your registered email. We'll respond within 10 business days.

7. Security

Your passwords are stored hashed with bcrypt. Sessions use signed JWT tokens and httpOnly cookies with the Secure flag in production. All connections to the platform use HTTPS. We apply role-based access controls and audit logs for critical actions. No system is 100% impenetrable: we recommend choosing unique passwords and enabling two-factor authentication when available.

8. Minors

Our platform isn't directed at children under 13. If you're under 18, we ask you to have your parent's or guardian's consent to use it. If we discover a child under 13 has created an account without consent, we'll delete it.

9. International transfers

Some of our providers (Vercel, Supabase, Resend, Google) have servers outside Argentina. By using PuntosPro you accept that your data may be transferred to and processed in other countries where data protection may differ from Argentina's, always under contractual clauses that ensure an adequate level of protection.

10. Cookies

We only use strictly necessary cookies for the platform to work:

  • "token" — business session (valid for 7 days).
  • "app_token" — end customer session (valid for 30 days).

We don't use advertising or third-party tracking cookies.

11. Changes to this policy

We may update this policy to reflect changes in the platform or regulations. If changes are substantial, we'll notify you by email at least 15 days in advance. The last-updated date is always shown at the top of this document.

12. Contact

If you have questions, concerns or complaints about this policy or about the processing of your data, write to privacy@puntospro.com.