NAMAA Loyalty Rewards Privacy Policy

This Privacy Policy explains how Namaa Loyalty Rewards ("Namaa," "we," "us," or "our") collects, uses, discloses, stores, and protects information in connection with the NAMAA Loyalty Rewards customer-facing app and platform (the "NAMAA App") and the merchant-facing NAMAA application that runs on Clover point-of-sale devices (the "Clover App").

The NAMAA App is the customer-side app and platform used for loyalty accounts, customer barcodes, rewards, merchant discovery, participating store information, offers, and loyalty activity. The Clover App is a separate merchant-side app used on Clover devices to pair a register, scan a customer NAMAA barcode, verify loyalty status, and link eligible checkout activity to a customer's loyalty account.

When this policy describes merchant names, merchant identifiers, store profiles, business listings, offers, or other business information, that information is collected and maintained through the NAMAA App, NAMAA platform, merchant onboarding, merchant administration, or support workflows. The Clover App may use a paired merchant identifier and related Clover installation or device information so the device can connect to the correct merchant account, but the Clover App does not create or manage the full public merchant profile displayed in the NAMAA App.

This Privacy Policy does not replace the privacy policy that a merchant may be required to provide to its own customers, personnel, or other individuals. Merchants are responsible for providing all required privacy notices and obtaining all required permissions or consents for their own use of Clover, NAMAA, loyalty programs, customer data, and point-of-sale systems.

1. Roles, Apps, and Scope

Namaa operates a loyalty platform with two related but separate app surfaces: the customer-facing NAMAA App and the merchant-facing Clover App. Depending on the information and context, Namaa may act as a service provider or processor for a merchant, and may also act as an independent business or controller for customer account operations, security, fraud prevention, support, compliance, analytics necessary to operate the service, merchant discovery, and maintaining the NAMAA loyalty platform.

2. Information We Collect

2.1 NAMAA App customer account and loyalty information

• Customer account information submitted through the NAMAA App or platform, such as name, contact information, login information, preferences, and support requests.
• NAMAA loyalty identifiers, customer barcode values or short-lived barcode tokens, point balance, reward activity, visit activity, redemption activity, and loyalty status.
• Customer interactions with participating merchants, offers, rewards, stores, notifications, wallet features, or loyalty program features in the NAMAA App.

2.2 NAMAA App merchant and business information

• Merchant name, merchant identifier, store or business profile information, locations, categories, logos, photos, offers, rewards, and public listing details shown in the NAMAA App.
• Business contact information, onboarding information, support information, and administrative account information provided through NAMAA merchant onboarding, merchant administration, platform workflows, or support.
• This merchant and business profile information is part of the NAMAA App and platform experience. It is not collected from the Clover device app except where a paired merchant identifier, Clover merchant identifier, or installation status is needed to connect the Clover App to the correct merchant account.

2.3 Clover App device and pairing information

• One-time pairing code submitted by the merchant or device user.
• Device identifier, device label, paired merchant identifier, pairing timestamp, and device token.
• Local device settings such as whether compact scan overlay, keyboard scanner mode, or Clover payment-screen scan mode is enabled.
• Diagnostic events related to pairing, scanner readiness, tender setup, and scan handling.

2.4 Clover App scan, barcode, and loyalty information

• NAMAA customer loyalty barcode values or short-lived barcode tokens scanned through Clover-supported scanners.
• Scan source, scan time, scan result, and limited scan diagnostics needed to verify or troubleshoot scans.
• Customer loyalty identifiers, customer display name when available, point balance, estimated loyalty value, visit count, last visit date, redemption or discount result, and related loyalty status returned by the NAMAA platform.
• Information needed to link a loyalty scan to an eligible checkout, such as merchant identifier, customer loyalty identifier, transaction time, and checkout context.

2.5 Clover POS information

• Information received from Clover APIs or Clover device broadcasts that is needed to operate scanner, merchant, tender, and loyalty-linking features.
• Limited checkout or transaction metadata if needed to award, verify, adjust, or audit loyalty points.

2.6 Support and communications

• Messages, support requests, diagnostics, screenshots, or logs that a merchant chooses to send to us for support.
• Administrative records needed to respond to support, compliance, or security requests.

3. Information We Do Not Intend to Collect

• We do not collect or store full payment card numbers through the NAMAA App or the Clover App.
• We do not collect card verification codes, bank account credentials, or payment account passwords.
• We do not use the NAMAA App or Clover App to sell customer personal information.
• We do not use Clover App scan data for third-party advertising.
• We do not intentionally collect sensitive personal information unless it is necessary to operate the requested loyalty functionality or comply with law.

4. How We Use Information

We use information collected through the NAMAA App, NAMAA platform, and Clover App to:

• Provide customer accounts, loyalty barcodes, rewards, points, participating merchant listings, offers, and app features in the NAMAA App.
• Maintain merchant business profiles, offers, rewards, store details, and merchant-facing platform services in the NAMAA App and platform.
• Pair Clover devices to the correct merchant account.
• Authenticate registered Clover devices using device tokens.
• Receive and verify NAMAA loyalty barcode scans.
• Display customer loyalty status, points, visits, and scan results to merchant staff during checkout.
• Link eligible checkout activity to a customer loyalty account.
• Award, redeem, reverse, adjust, or audit loyalty points where applicable.
• Enable optional scanner modes, compact overlays, and Clover payment-screen scan flows.
• Detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, scanner misuse, and security incidents.
• Provide merchant support, diagnostics, troubleshooting, and service communications.
• Maintain, improve, and secure the NAMAA App, Clover App, and NAMAA platform.
• Comply with legal, regulatory, Clover, Fiserv, App Market, and contractual obligations.

5. How We Share Information

We may share information only as needed to provide and protect the NAMAA App, Clover App, and related services:

• With the installing merchant: We display loyalty scan results and limited customer loyalty insights to the merchant using the Clover App.
• With customers using the NAMAA App: We may display participating merchant names, store profiles, offers, rewards, locations, and related business information in the customer-facing NAMAA App.
• With Clover and Fiserv: We exchange information with Clover or Fiserv as needed for Clover App installation, permissions, APIs, device operation, app review, compliance, support, billing where applicable, and App Market requirements.
• With service providers: We use vendors such as hosting, database, infrastructure, monitoring, communications, and support providers. These providers may process information only to help us operate the service and must protect it appropriately.
• With the NAMAA platform: The NAMAA App and Clover App communicate with NAMAA backend services to verify barcodes, device tokens, merchant accounts, customer loyalty status, and point activity.
• For legal and safety reasons: We may disclose information when required by law, subpoena, court order, governmental request, Clover or Fiserv policy, or when we believe disclosure is reasonably necessary to protect rights, safety, property, users, merchants, customers, or the integrity of the service.
• Business transfers: If Namaa is involved in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets, information may be transferred as part of that transaction subject to appropriate protections.

6. Data Security

We use administrative, technical, and organizational safeguards designed to protect information handled by the NAMAA App, Clover App, and NAMAA platform. These safeguards include HTTPS/TLS transport, device-token-based authentication, server-side authorization checks, signed or short-lived barcode tokens where applicable, restricted backend access, database access controls, and local secure storage for Clover device tokens where supported by the device.

No method of transmission, processing, or storage is completely secure. We cannot guarantee absolute security, and merchants must also maintain reasonable physical, account, employee, and device security for their Clover devices and merchant accounts.

7. Data Retention

We retain information for as long as reasonably necessary to provide the NAMAA App and Clover App, maintain accurate loyalty records, support customers and merchants, comply with legal and Clover obligations, resolve disputes, enforce agreements, maintain audit records, and protect against fraud or abuse. Short-lived barcode tokens and temporary diagnostic data may expire or be deleted more quickly. Some transaction, loyalty, accounting, security, or audit records may be retained after a device is unpaired or merchant account is closed if retention is reasonably necessary for legal, compliance, dispute, security, or business purposes.

8. Merchant Responsibilities

Merchants using the Clover App are responsible for:

• Using the Clover App only for lawful business and loyalty-program purposes.
• Providing any privacy notices required by law to customers, employees, contractors, and other individuals.
• Obtaining any permissions or consents required for loyalty scans, customer enrollment, customer rewards, and data sharing.
• Configuring Clover devices, scanners, employees, and permissions appropriately.
• Protecting access to Clover devices, Clover accounts, NAMAA accounts, pairing codes, and merchant credentials.
• Using customer information only for authorized loyalty-program and business purposes.
• Keeping merchant profile, offer, reward, and business information submitted to the NAMAA App or platform accurate and lawful.

9. Customer Privacy Rights

Individuals may have rights under privacy laws, such as rights to access, correct, delete, receive a copy of, restrict, or object to certain processing of personal information. Because merchants often control the customer relationship and determine how they operate their loyalty programs, customers should first contact the merchant with questions about a merchant's loyalty program or use of customer information. Customers may also contact Namaa for questions about their NAMAA App account, barcode, rewards, or privacy choices using the contact information below.

10. California and Other U.S. Privacy Disclosures

We do not sell personal information collected through the NAMAA App or Clover App, and we do not share such information for cross-context behavioral advertising. We may disclose identifiers, commercial information, device information, internet or network activity information, and support information to service providers, merchants, Clover, Fiserv, and other parties described in this Privacy Policy for the business and operational purposes described above.

11. International Transfers

The NAMAA App, Clover App, and NAMAA services may be operated from the United States or other locations where our providers operate. Information may be transferred to, stored in, or processed in locations outside the jurisdiction where a merchant or customer is located. We take steps designed to protect information as described in this Privacy Policy.

12. Children's Privacy

The Clover App is intended for use by merchants and merchant staff, not by children. The NAMAA App and Clover App are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 through either app.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date and will be effective when posted, unless a later date is stated. Merchants should review this Privacy Policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or Namaa's privacy practices, contact:

Namaa Loyalty Rewards
Email: privacy@namaa.app
Support: support@namaa.app