Controller/processor terms for personal data processed on your behalf, with SCCs and our sub-processor register.
Template — counsel review recommended. This DPA covers our role as a processor for customers (including US customers whose end-users may be in the EU/UK). The Standard Contractual Clauses apply to any EU/UK transfers; a fuller EU/UK-specific addendum can follow. Drafted for completeness, not legal advice — have counsel confirm before relying on it.
For personal data processed through the platform, the customer (tenant) is the controller and LoyaltyOS is the processor, acting only on documented instructions.
Processing is for the provision of the loyalty service for the term of the agreement and the defined offboarding period thereafter.
Ingestion of order events, identity resolution, points/credit ledgering, reporting, and tenant-configured integrations — all as configured by the controller.
Loyalty members' identifiers and contact details (encrypted), transaction/order metadata, and tier/credit data. Data subjects are the controller's customers.
As described on the Trust & Security page and the Security Overview: per-customer envelope encryption, mTLS, PII-free event bus, RBAC, hardened credentials, and audit logging. Technical and organisational measures appropriate to the risk.
The controller authorises the sub-processors listed in the Trust Center register (Microsoft Azure services). We will give notice of changes and maintain equivalent obligations with each sub-processor.
Where personal data is transferred outside its region, we rely on Standard Contractual Clauses and data-residency selection (US / EU / APAC by tier).
We assist the controller in responding to data-subject requests and provide tooling for export and erasure. Erasure is effected via cryptographic erasure.
We notify the controller without undue delay after becoming aware of a personal-data breach affecting their data.
On termination, the controller may export data during the grace period; thereafter data is deleted via cryptographic erasure and a Termination Certificate is issued.
We make available information necessary to demonstrate compliance, including our SOC 2 materials (when available) and the pre-certification evidence pack.