Fedele — Customer Privacy Policy
Last updated: February 17, 2026
1. Who is responsible for your data?
- For your participation in a Merchant's loyalty programme, the Merchant is the Data Controller and Fedele acts as Data Processor.
- For your Fedele account and App operation, Fedele acts as an independent Data Controller.
Contact: info@fedeleapp.com
2. What data we process
Data as Data Controller (for the App)
- Account data: name, email, password hash, language, country
- Personal barcode: unique identifier (EAN-13) for collecting points
- App/Device data: app version, device model, operating system, crash logs
- Geolocation data: approximate location (medium accuracy) to show nearby stores on the map — collected only when you use the map feature and with your permission
- Product analytics: events such as app opens, screen views, redemption success/failure counts (pseudonymised data)
- Support data: support messages and troubleshooting
Data for Merchants (as Processor)
- Programme data: user identifier, accumulated points, rewards, redemptions, timestamps
- Barcode usage: technical data needed to generate and validate barcodes
3. Why we use your data (legal bases)
| Purpose | Legal basis |
|---|---|
| Provide the App and your account | Contractual necessity |
| Show nearby stores (map) | Consent (location permission) |
| Security and fraud prevention | Legitimate interests |
| Improve reliability and UX | Legitimate interests |
| Send marketing communications | Consent |
| Legal obligations | Legal obligation |
4. Minors
The App may be used by minors.
Important: Where required by law, parental or guardian consent is needed for users under the applicable age of digital consent. In Italy, this age is set at 14 years.
- If you are under 14, you must obtain permission from your parents or guardians before creating an account
- Parents/guardians are responsible for monitoring minors' use of the App
- If Fedele discovers unauthorised use by a minor, it may disable the account and delete the related data
- Parents/guardians may contact us to request access, rectification, or deletion of their children's data
5. Sharing your data and third-party providers
We share your data only when necessary for the App to function. Below are the main service providers that process data on our behalf:
a) Merchants you interact with
To manage your loyalty programme and your rewards.
b) Analytics and product improvement — Firebase Analytics
- Provider: Google LLC (USA)
- Data processed: App usage events (opens, navigation, actions), pseudonymised identifier, device type, operating system
- Data NOT processed: Email, name, IP address, or other personally identifiable data
- Purpose: Understand how the app is used to improve the user experience
- Safeguards: Google is certified under the EU-US Data Privacy Framework and applies Standard Contractual Clauses
- Privacy Policy: https://policies.google.com/privacy
- Note: Firebase Analytics is NOT an advertising tool and is not used to show you ads
c) Error monitoring and stability — Sentry
- Provider: Functional Software, Inc. dba Sentry (USA)
- Data processed: Crash reports, error logs, technical device information, session identifier
- Data NOT processed: IP addresses, email, name, or other personally identifiable information (PII)
- Purpose: Identify and fix bugs to improve app stability
- Safeguards: Sentry applies Standard Contractual Clauses
- Privacy Policy: https://sentry.io/privacy/
d) Map services — Mapbox
- Provider: Mapbox, Inc. (USA)
- Data processed: Geolocation coordinates (when using the map), device information
- Purpose: Display the map and nearby stores
- Retention: Mapbox anonymises IP addresses within 30 days and rotates session identifiers within 24 hours
- Safeguards: Mapbox is certified under the EU-US Data Privacy Framework and applies SCCs
- Privacy Policy: https://www.mapbox.com/legal/privacy
e) Apple Wallet (optional)
If you choose to add your loyalty card to Apple Wallet, the card data is processed by Apple according to their privacy policy.
- Apple Privacy Policy: https://www.apple.com/legal/privacy/
f) Authorities
When legally required or to protect our rights.
We do not sell your personal data.
6. Marketing communications
- We may send you marketing communications (email, push notifications) about app news, new merchants, or promotions
- These communications are sent only with your consent
- You can withdraw your consent at any time:
- By disabling push notifications in your device settings
- By clicking the "unsubscribe" link in emails
- By contacting us at info@fedeleapp.com
- Essential service communications (e.g., changes to terms, account security issues) do not require consent
7. International transfers
Your data is hosted on servers located in Germany (European Union).
Some service providers (Firebase, Sentry, Mapbox) are based in the United States. For these transfers, we ensure an adequate level of protection through:
- EU-US Data Privacy Framework — certification ensuring protection standards equivalent to the EU
- Standard Contractual Clauses (SCCs) — contracts approved by the European Commission
8. How long we keep data
| Data type | Retention period |
|---|---|
| Account data | As long as you keep your account active |
| Security logs | Up to 12 months |
| Error logs (Sentry) | Up to 90 days |
| Loyalty programme data | According to the Merchant's instructions |
Account deletion
When you request the deletion of your account:
- Your personal data (email, name) is anonymised immediately
- The account ceases to exist and can no longer be linked to you
- We retain in anonymised form only the data necessary for the operation of the platform (e.g., historical transactions)
- Anonymised data does not allow you to be identified in any way
9. Your rights
Under the GDPR, you have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your data ("right to be forgotten")
- Restrict processing
- Object to processing based on legitimate interests
- Export your data in a portable format
- Withdraw consent at any time
How to exercise your rights:
- For data managed by Fedele: info@fedeleapp.com
- For loyalty programme data: contact the Merchant directly
- Account deletion: available directly in the app (Settings > Delete account) or via email
We will respond within 30 days of your request.
10. Security
We use appropriate technical and organisational measures to protect your data:
- Encryption in transit (TLS/HTTPS) and at rest
- Encrypted secure storage for tokens and credentials on the device
- Strict access controls
- Regular backups
- Continuous monitoring
No system is 100% secure. We recommend that you:
- Use a strong, unique password
- Do not share your credentials
- Keep the app up to date
11. Local storage technologies
The App uses essential technologies on your device:
| Technology | Purpose |
|---|---|
| Local cache (Hive) | Improve performance and enable offline functionality |
| Encrypted secure storage | Securely store the session token |
| Local preferences | Save your settings (language, theme) |
This data remains on your device and is deleted when you uninstall the app or clear app data.
We do not use tracking cookies or advertising SDKs.
12. Changes to this Policy
We may update this policy periodically. In the event of substantial changes:
- We will update the "Last updated" date
- We will notify you through the app or our website
- For significant changes to your rights, we may request new consent
We encourage you to review this policy periodically.
13. Contact and complaints
For privacy questions or requests: info@fedeleapp.com
To file a complaint with the supervisory authority — Garante per la Protezione dei Dati Personali (Italian Data Protection Authority):
- Website: https://www.garanteprivacy.it
- Email: protocollo@gpdp.it
- PEC: protocollo@pec.gpdp.it