Privacy Policy

How we handle your data — and how little of it we collect.

Last updated: July 18, 2026

1. Who we are

Faran Services, Finland, is the controller of the personal data described here. For any data-protection question, contact privacy@stamppi.fi.

When you collect stamps at a Restaurant, both Stamppi (which runs the platform) and that Restaurant (which runs its own loyalty program) are involved in processing your data.

2. The data we collect

We built Stamppi to collect as little personal data as possible. We collect:

Your identity in the app is shown to staff as a short-lived, rotating code that contains no personal information on its own. It is a pseudonymous reference only our server can connect back to your account — it is not anonymous, because we can re-link it to you.

We do not collect passwords, payment-card details (you pay the Restaurant directly), location tracking, or special categories of data.

3. Why we use it, and our lawful basis

PurposeLawful basis (GDPR Art. 6)
Running your account, stamp cards, and rewardsPerformance of a contract — Art. 6(1)(b)
Sending sign-in (magic link) emailsPerformance of a contract — Art. 6(1)(b)
Preventing fraud and abuse; securityLegitimate interests — Art. 6(1)(f)
Marketing messages, if anyConsent — Art. 6(1)(a), separate and withdrawable
Optional anonymous usage analyticsConsent — Art. 6(1)(a), separate and withdrawable
Complying with legal obligationsLegal obligation — Art. 6(1)(c)

We keep your loyalty consent and your marketing consent separate. You can use the loyalty service without agreeing to marketing.

4. Who we share data with

We do not sell your personal data. We share it only with:

5. Where your data is stored

Our primary database is hosted in the European Union (Frankfurt, Germany). Some of our service providers (for example, certain hosting and email-delivery functions) are operated by companies based outside the EU/EEA, or may process limited data outside the EU/EEA; where that happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and/or the EU–US Data Privacy Framework. The providers we use are listed on our GDPR page.

6. How long we keep it

We keep your account and loyalty data for as long as your account is active. When you delete your account, we anonymise your personal data rather than retaining it — identifying information is removed so remaining records can no longer be connected to you. Deletion requests are honoured after a grace period of 30 days (during which you can cancel), after which your identity is permanently removed.

7. Your rights

Under the GDPR you have the right to access, correct, and erase your data; to restrict or object to processing; to data portability; and to withdraw consent at any time where processing is based on consent.

You can exercise several of these directly in the app — export your data and request deletion from your account settings. For any request, contact privacy@stamppi.fi; we respond within one month. You also have the right to complain to the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi.

8. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you solely by automated means. We do use automated checks for fraud prevention and security.

9. Cookies and local storage

As a web app, Stamppi uses essential browser storage to keep you signed in and run the app. We do not use advertising or third-party tracking cookies.

10. Children

Stamppi is intended for general audiences and is not directed at young children. We do not knowingly collect data from children below the age of digital consent in their country (13 in Finland).

11. Security

We protect your data with measures including EU-hosted infrastructure, encryption in transit, strict server-side access controls, and a design in which sensitive actions are verified by our servers rather than trusted to the device. See our GDPR page for more.

12. Changes to this policy

We may update this policy. When changes are material, we will notify you and, where required, ask you to re-confirm your consent. The date above reflects the current version.

13. Contact

Questions about your data: privacy@stamppi.fi, or Faran Services, Finland.