Features Support FAQ Privacy Terms Dashboard Beta

Privacy Policy

Last updated: February 2026

Your Loyalty Data, Your Control: LoyaltyHub helps you track airline miles, hotel points, bank rewards, and travel plans. Data stays on your device by default, with optional cloud sync for web access and cross-device sync.

What We Collect & What We Don't

What We Collect:

  • Account names and types (e.g., "American Airlines", "airline")
  • Expiration dates and reminder settings
  • Device push identifier (OneSignal Player ID) - randomly generated
  • Timezone information for notification scheduling
  • If you enable LoyaltyHub Cloud: the data you choose to sync (balances and history, certificates including certificate numbers, and reservation details without confirmation numbers)
  • If you enable LoyaltyHub Cloud: your account email address for sign-in

What We Never Collect:

  • Account numbers or login credentials
  • Confirmation numbers
  • Government IDs or payment card numbers
  • Location data (except timezone)
  • Highly sensitive personal data

What Stays on Your Device

By default, your loyalty wallet stays on your device:

  • Airline frequent flyer numbers and mile balances
  • Hotel loyalty account numbers and point totals
  • Credit card reward program details
  • Flight confirmation numbers

If you enable LoyaltyHub Cloud, we sync account names, optional balances and history, certificates (including certificate numbers), and reservation details. Member numbers and confirmation numbers never leave your device.

Hybrid Notification System

LoyaltyHub uses an intelligent hybrid notification system to ensure you never miss important dates:

  • High Priority (1-day reminders): Local notifications only - never leave your device
  • Medium Priority (7-day reminders): Hybrid mode with secure cloud backup
  • Low Priority (30-day reminders): Cloud notifications to preserve local quota

Email reminders are optional and sent only if you enable them. Member numbers and confirmation numbers are never included in notification payloads.

Third-Party Service Integration

Supabase Cloud Database:

  • Purpose: Optional cross-platform sync when enabled
  • Data Stored: Sync data you choose to upload
  • Security: Industry-standard cloud security with encrypted transmission

Supabase Authentication:

  • Purpose: Sign in with Apple, Google, or Email
  • Data Stored: User ID and email address
  • Security: Industry-standard cloud security with encrypted transmission

OneSignal Push & Email Notifications:

  • Purpose: Delivering expiration reminders by push and optional email
  • Data Transmitted: Device identifier, notification timing, notification content
  • OneSignal Privacy Policy: Available at onesignal.com/privacy_policy

Cloud Infrastructure (Fly.io):

  • Purpose: 24/7 notification scheduling service
  • Data Stored: Notification schedules and encrypted payloads
  • Security: Industry-standard cloud security with encrypted transmission

Use of these services is subject to their respective privacy policies.

Data Storage & Retention

Data Storage:

  • Local data stays on your device by default
  • Cloud sync data is stored in our cloud database only when you enable it
  • Sent notification records are automatically deleted after 30 days

Data Control:

  • Delete specific accounts, certificates, or reservations within the app
  • Disable cloud sync or server notifications at any time
  • Delete cloud data from the app or web dashboard

Optional LoyaltyHub Cloud Sync

If you choose to enable LoyaltyHub Cloud:

  • Sign in with Apple, Google, or Email
  • Sync account names and expiry dates
  • Optional: balances and balance history, certificates, and reservations
  • Web dashboard access to view and update synced data
  • Member numbers and confirmation numbers are never uploaded
  • You can disable sync or delete cloud data at any time

Optional iCloud Sync

If you choose to enable iCloud sync (when available):

  • Data is encrypted and stored in your personal iCloud account
  • Only you can access this data through your Apple ID
  • We cannot access your iCloud data
  • iCloud usage is governed by Apple's Privacy Policy
  • You can disable sync at any time

Data Export and Backup

You can export your data as a JSON file for backup purposes. This exported file:

  • Contains only the data you choose to export
  • Is under your complete control
  • Can be imported back into the App
  • Should be stored securely by you

Data Security

Your data is protected by:

  • iOS built-in security features
  • Local device encryption
  • Secure, encrypted transmission for cloud sync and notifications
  • App sandbox restrictions
  • Your device's passcode/biometric protection

Your Rights

You have complete control over your data:

  • View all your data within the App
  • Export your data at any time
  • Delete specific data entries
  • Clear all data from the App
  • Delete cloud data if enabled
  • Uninstall the App to remove all data

Children's Privacy

The App does not knowingly collect personal information from children under 13. Only minimal data is transmitted when cloud sync or notifications are enabled.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted within the App. Since we don't collect contact information, we cannot notify you directly of changes.

Questions About Privacy?

If you have questions about this Privacy Policy or our data handling practices, please contact us.

Contact Us