Privacy Policy

Last updated: April 15, 2026 • Applies to OffersMap and OffersMap Business apps

1. Introduction

Welcome to OffersMap. We respect your privacy and are committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Account Data

• Full name — to personalize your experience
• Email address — for sign-in and communication
• Phone number (optional, business only) — for account verification
• Password — stored encrypted with bcrypt

2.2 Location Data

• Precise location — to show nearby offers and navigation. Used only while the app is active.
• Background location (optional) — for geo-fenced offer notifications.

2.3 Usage Data

• Offer clicks, views, bookmarks
• Navigation logs (trip duration, distance)
• Program interactions (loyalty, reviews)

2.4 Device Data

• Unique device identifier (UUID) — for guest login support
• Device type and OS version — for performance optimization
• FCM token — for push notifications (Firebase)

3. How We Use Your Data

• Provide core services (map offers, navigation, loyalty)
• Communicate with you about your account and notifications
• Analyze usage to improve the app (anonymized aggregate statistics)
• Detect suspicious activity and maintain security

4. Sharing with Third Parties

We do not sell your data. We share it only with essential service providers:

• Mapbox — for map rendering and navigation
• Firebase Cloud Messaging — for push notifications
• Moyasar — for payment processing (business only)
• Google Sign-In / Sign in with Apple — for authentication
• Sentry — for error tracking
• Cloudflare R2 — for image storage

5. Your Rights

• Right to access: request a copy of your data
• Right to rectification: update incorrect data
• Right to erasure: delete your account and data (from Settings)
• Right to object: stop processing your data
• Right to portability: receive your data in a transferable format

6. Data Security

• All communications encrypted via HTTPS/TLS 1.3
• SSL pinning to prevent man-in-the-middle attacks
• Passwords hashed with bcrypt (cost 12)
• Two-factor authentication (2FA) available for owners
• Periodic JWT token rotation

7. Data Retention

We retain your data as long as your account is active. Upon account deletion, we remove all personal data within 30 days, except where legally required to retain.

8. Children

The app is not intended for children under 13. We do not knowingly collect data from this age group.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of any material changes via in-app notification or email.