Loyal SikkaLoyal Sikka
Get in touch
Legal

Privacy Policy

How we collect, use, and protect personal data on Loyal Sikka.

Last updated · 2026-05-13

Loyal Sikka (“we”, “us”) is operated by Elabd Technologies (Islamabad, Pakistan). This policy explains what personal data we collect when you or your customers use the platform, how we use it, and the rights you have over it. We follow the principles of data minimisation under Pakistan's Prevention of Electronic Crimes Act (PECA) 2016 and the draft Personal Data Protection Bill.

1. Who this applies to

  • Shop owners and staff who sign in to the merchant panel.
  • Shop customers who hold a digital loyalty card via Sikka Wallet on their phone.
  • Visitors to loyalsikka.com marketing pages.

2. What we collect

From shop owners and staff

  • Phone number (used for OTP login).
  • Shop profile (name, vertical, city, geo coordinates, radius).
  • Plan, billing, and trial status.
  • Audit-log entries: action taken, timestamp, IP, user-agent.

From shop customers

  • Phone number (used to identify the loyalty card).
  • First name (optional, only if the merchant provides it).
  • Sikka / redemption events at participating shops.
  • Approximate location captured at the moment of a scan, used only to verify the staff phone is inside the shop's declared radius. We do not retain raw GPS coordinates beyond the event row.

3. What we do with it

  • Operate the loyalty product itself (issue cards, count sikkas).
  • Prevent fraud (geofence checks, rate limits, signed scan payloads).
  • Send transactional SMS and in-app notifications related to the loyalty card.
  • Aggregate, anonymised analytics so we can improve the product. We never sell personal data.

4. Where it lives

Personal data is stored in Supabase Postgres in Singapore (ap-southeast-1). Backups are held in the same region. Operational access is limited to elabd-wallet staff using audited admin accounts with two-factor authentication.

5. Sharing

We share personal data with the shop the customer holds a card with — that's the point of the product. We do not share customer data with other shops on the platform. Sub-processors who help us run the platform:

  • Supabase (database, auth, storage)
  • Vercel (web hosting)
  • Cloudflare (DNS / CDN)
  • Firebase Cloud Messaging (push notifications to Sikka Wallet)
  • Branded SMS aggregator (Jazz / Telenor — transactional messages only)
  • SafePay / NayaPay (payment processing — billing only)
  • Sentry (error monitoring — IPs and user-agents)

6. Retention

  • Active shop accounts: held for as long as the shop subscribes plus 12 months after cancellation.
  • Customer cards: held while the customer's linked shop is active. Customers can request deletion at any time.
  • Audit logs: 24 months, after which they are anonymised but kept for regulatory compliance.

7. Your rights

You can ask us to access, correct, or delete the personal data we hold about you. Email privacy@loyalsikka.com from the phone number or email address on the account. We respond within 30 days.

8. Cookies

We use cookies that are strictly necessary to keep you signed in and to verify the reseller subdomain. We do not run advertising or cross-site-tracking cookies.

9. Children

Loyal Sikka is intended for businesses. We do not knowingly target users under the age of 18. If you believe a child has provided personal data, contact us and we will delete it.

10. Changes

We may update this policy. Material changes are announced via Sikka Wallet, email, and the merchant panel at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

Questions about anything on this page? Email legal@loyalsikka.com.

Contact us