chronoMelon Loyalty

Privacy Policy

Last updated: January 10, 2026

1. Introduction

chronoMelon Loyalty ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

chronoMelon is the data controller for merchant account data. For customer data collected through the loyalty program, the merchant (you) is the data controller, and chronoMelon acts as a data processor. Merchants are responsible for ensuring they have the legal basis to collect and process customer data, including obtaining necessary consents.

3. Information We Collect

3.1 Merchant Account Data

When you create an account, we collect:

  • Email address
  • Business name
  • Password (encrypted/hashed)
  • Account creation and update timestamps

3.2 Payment Information

Payment processing is handled by Stripe. We do not store credit card information. Stripe collects and processes payment data according to their privacy policy. We store:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription status

3.3 Customer Data (Processed on Behalf of Merchants)

When merchants use the Service, we process customer data on their behalf:

  • Customer name
  • Email address
  • Phone number (optional)
  • Points balance and transaction history
  • Reward redemption records

Note: Merchants are responsible for ensuring they have the legal basis to collect this data and have obtained necessary consents from their customers.

3.4 Integration Data

If you connect WooCommerce, we store:

  • WooCommerce store URL
  • API credentials (encrypted)
  • Webhook configuration

3.5 Usage Data

We automatically collect information about how you use the Service:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Error logs and performance data

4. Legal Basis for Processing

We process your data based on the following legal bases:

  • Contract Performance: To provide the Service you have subscribed to
  • Legitimate Interest: To improve the Service, ensure security, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent (e.g., marketing communications)

5. How We Use Your Information

We use the collected information for:

  • Providing and maintaining the Service
  • Processing payments and managing subscriptions
  • Authenticating users and preventing unauthorized access
  • Sending service-related communications (e.g., magic links, redemption confirmations)
  • Providing customer support
  • Improving and optimizing the Service
  • Detecting and preventing fraud or abuse
  • Complying with legal obligations

6. Data Sharing and Third-Party Services

We share data with the following third-party service providers:

6.1 Stripe

Payment processing. Stripe processes payment information according to their privacy policy. We share: email, subscription details. Stripe Privacy Policy

6.2 Mailgun

Email delivery service. Mailgun processes email addresses and email content to send transactional emails. Mailgun Privacy Policy

6.3 WooCommerce

When merchants connect their WooCommerce store, we interact with their WooCommerce API to process orders and create coupons. Data is shared only as necessary for the integration.

6.4 Other Disclosures

We may disclose your information:

  • If required by law or legal process
  • To protect our rights, property, or safety
  • In connection with a business transfer (merger, acquisition, etc.)
  • With your explicit consent

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of sensitive data (passwords, API secrets)
  • Secure HTTPS connections
  • Regular security updates and monitoring
  • Access controls and authentication
  • Regular backups

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations. Specifically:

  • Merchant account data: Retained while your account is active and for as long as required by law after account closure
  • Customer data: Retained as long as the merchant account is active, or as required by law
  • Transaction records: Retained for accounting and legal compliance purposes as required by law

You may request deletion of your data at any time, subject to legal retention requirements.

9. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at jeffrey@chronomelon.com. We will respond within one month.

Note: Automated data export and deletion tools are under development. Until available, please contact us directly to exercise your rights.

10. Cookies and Tracking

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled. We do not use tracking cookies or analytics cookies at this time.

11. International Data Transfers

Your data may be processed and stored in servers located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Policy, please contact us:

Email: jeffrey@chronomelon.com
Subject: Privacy Inquiry

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data protection rights have been violated.

← Back to Sign Up