Last updated: 2 December 2025

Privacy Policy – Voucherino

This policy explains how we collect, use, store and protect personal data within the Voucherino app and related services, in line with Regulation (EU) 2016/679 (GDPR) and current Apple App Store and Google Play requirements.

1. Data controller

The data controller is the entity that owns and operates the Voucherino platform (“we”, “us”). With respect to business customers (companies), we usually act as a processor for data relating to their end customers (natural persons), while the company is the primary controller. For account data of admins and app users we act as controller.

2. What data we collect

  • Account data: name, email address, password (stored hashed), role within the company.
  • Company data: name, contact details, tax identifiers, location addresses.
  • Operational data: data about vouchers issued and redeemed, the location(s) where they are used, the user who validated the voucher, audit logs for app actions.
  • Subscription data: subscription and product identifiers (e.g. 1‑location, 2‑location or unlimited plans), subscription status, start and renewal dates, synchronised via RevenueCat and linked to user and/or company IDs.
  • Technical data: IP address, device identifiers, information about operating system and app version, technical logs necessary for security and debugging.

3. Purposes and legal bases of processing

  • Providing the service – to create and manage accounts, companies, locations and vouchers, based on performance of a contract (Art. 6(1)(b) GDPR).
  • Billing and subscriptions – to synchronise subscription status via RevenueCat and the app stores (Apple / Google), based on performance of a contract and legal obligations for tax/accounting (Art. 6(1)(b) and (c) GDPR).
  • Security and fraud prevention – logging voucher usage, detecting fraud attempts and ensuring system integrity, based on our legitimate interests (Art. 6(1)(f) GDPR).
  • Support and product improvement – analysing technical logs and feature usage to fix issues and improve the product, based on our legitimate interests.
  • Marketing communications – only with your explicit consent where required, based on Art. 6(1)(a) GDPR, with the option to withdraw consent at any time.

4. Processors and data transfers

To provide the service we may use third‑party providers (processors) such as:

  • RevenueCat – for managing subscriptions and synchronising with Apple App Store / Google Play.
  • Cloud infrastructure providers – for hosting servers and databases.

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses).

5. Retention period

We keep personal data only as long as necessary for the purposes described above or as required by law:

  • account data – for the duration of the contract and a reasonable period afterwards;
  • subscription and billing data – for the period required by tax and accounting law;
  • technical and security logs – for a limited period needed for investigations and audit.

6. Data subject rights

Where we act as controller, you have the following rights under GDPR:

  • right of access;
  • right to rectification;
  • right to erasure (“right to be forgotten”);
  • right to restriction of processing;
  • right to data portability;
  • right to object to certain processing activities, including direct marketing;
  • right to lodge a complaint with the competent supervisory authority.

For data relating to your own end customers (e.g. people using vouchers), you are the main controller and their requests should be directed to you first; we will assist you, where possible, in responding to such requests.

7. Cookies and similar technologies

The marketing site may use strictly necessary cookies for technical operation and, optionally, analytics/performance cookies. You will be informed and asked for consent, where required, via the cookie banner.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or destruction, including encryption in transit (HTTPS), role‑based access control and logging of sensitive actions.

9. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal or service changes. The current version will always be available in the app and on the site; continued use of the service after an update means you accept the changes.

10. Contact

For any questions or requests about data protection, you can contact us at contact@voucherino.ro.

We recommend consulting a data‑protection specialist to adapt this policy to your company’s specific structure and obligations, including for 2026 and beyond.