fidz.app
Try free

Effective 16 June 2026

Privacy policy

Fidz takes your privacy and your customers' privacy seriously. This policy explains what we collect, why, where it's stored, and your rights — written in plain English, no lawyer-speak.

Who we are

Fidz is operated by Adrien Pouchard, sole trader (individual) (ABN 89 169 486 121), based in Shepparton, Victoria, Australia. We provide a software-as-a-service platform that helps local businesses run digital loyalty programs via Apple Wallet and Google Wallet. Contact: hello@fidz.app.

What we collect (and from whom)

We collect two distinct categories of personal information:

1. From merchants (you, the business owner)

  • Your email address and password (hashed).
  • Your business name, address, phone number, and business type.
  • Payment information (handled by Stripe — we never store your card details).
  • Logs of your dashboard activity for security and debugging.

2. From your customers

  • Their mobile phone number (required to issue a loyalty card).
  • Their first name (optional).
  • Their birthday (optional).
  • Their email (optional).
  • Visit timestamps and points earned.
  • Their language preference (auto-detected from their phone).

Customer data belongs to the merchant who collected it. Fidz acts as a data processor on the merchant's behalf — we don't sell or market to your customers ourselves.

Where it's stored

All data is stored in Supabase's Sydney region (ap-southeast-2), within Australia. Backups stay within Australia. Stripe stores payment data per their own privacy policy.

How we use it

  • To deliver the loyalty card experience (Apple Wallet/Google Wallet passes).
  • To send push notifications and SMS that the merchant has configured.
  • To send Google review requests on the merchant's behalf.
  • To bill the merchant for their plan via Stripe.
  • To improve our service (anonymous aggregated metrics).
  • To respond to support requests.

Who we share with

We share data only with these subprocessors, each governed by their own privacy policy:

  • Supabase — database hosting (Sydney).
  • Vercel — application hosting (global edge).
  • Apple & Google — Wallet pass delivery.
  • Stripe — payment processing.
  • Resend — transactional emails.
  • Anthropic — AI weekly briefing generation (when enabled; aggregated metrics only — no individual customer data is sent).

We only engage a subprocessor once its feature is switched on for your plan. If we add or change a subprocessor (for example an SMS provider when SMS launches), we update this list and notify you before it processes any of your data.

We do not sell personal data. Ever.

Cookies

Fidz uses only the cookies strictly required for the service to work — login session cookies and your cookie preference itself. We do not use advertising or third-party tracking cookies on the merchant dashboard. The marketing site (landing, pricing, demo) may include analytics cookies if you accept them via the cookie banner.

Your rights

You have the right at any time to:

  • Access — request a copy of all personal data we hold about you.
  • Correct — update inaccurate information.
  • Delete — request permanent deletion (subject to legal retention requirements, e.g. tax records).
  • Export — download your customer database as CSV anytime from the dashboard.
  • Withdraw consent — opt out of marketing emails or push notifications.
  • Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Email hello@fidz.appwith the word “PRIVACY” in the subject — we respond within 30 days.

For customers of merchants using Fidz

If a local business has enrolled you in their loyalty program using Fidz, the merchant is the primary data controller. Contact them first. If they don't respond, contact us — we'll help you exercise your rights.

Data retention

We keep your data while your account is active. After cancellation, your data stays for 60 days (so re-activation is painless), then we permanently delete it. Tax records are kept for 7 years as required by Australian law.

Children's data

Fidz is not designed for users under 16. We don't knowingly collect data from anyone under 16. If you believe a child's data is in our systems, contact us and we'll delete it.

Security

  • All data in transit is encrypted via TLS 1.3.
  • Passwords are hashed with bcrypt.
  • Database uses Supabase row-level security so merchants only ever see their own data.
  • Stripe handles all payment data — we never see card numbers.

Changes to this policy

We'll email you at least 30 days before any material change. The effective date at the top of this page always shows the current version.

Questions? Email hello@fidz.app.
See also: Terms of service.