Digital Loyalty Cards and Data Privacy: What Customer Information Is Actually Collected
Exactly what customer information a digital loyalty card collects, how consent works at signup, and how that data is used versus how it is not, explained plainly.

WeLoyal is a digital loyalty card platform built around collecting only the customer information genuinely needed to run a loyalty program properly, with clear consent shown at the point of signup and full control given to the business over what's asked for. Any business considering a digital loyalty program, and any customer asked to hand over a phone number or email to install one, has a fair question worth answering directly, what information actually gets collected, and what happens to it afterward. This post addresses that plainly, covering what data is typically gathered, how consent works, and how customer information is used versus how it isn't.
What information actually gets collected at signup
When a customer installs a loyalty card, they fill out a short issuance form before the card is added to their wallet. Exactly what's on that form is configurable by the business building the card, but it typically includes a name and either a phone number or an email address, the minimum needed to identify a specific customer and deliver notifications to them. Beyond that baseline, a business can choose to add further fields if they're genuinely useful for how the program is run, a birthday field to enable birthday bonus notifications, for instance, or for a membership card specifically, an email is required as a mandatory field, since Stripe needs a valid email address to handle billing receipts and subscription management properly.
Each field a business adds can individually be marked as required or optional, and certain fields, typically phone number or email specifically, can be marked as unique, preventing the same contact detail from being used to create multiple separate loyalty profiles. A business isn't required to collect anything beyond the bare minimum needed to identify a customer, and the sensible default across every card type is to ask for as little as actually necessary to run the program well, rather than collecting information simply because it might be interesting to have.
How consent is handled
Sitting alongside the issuance form is a privacy policy and consent toggle, letting a business link to its own privacy policy and requiring a customer to actively agree to it before their card is issued. This follows the same basic principle behind data protection regulation in most parts of the world, that a customer should clearly know what they're agreeing to and actively consent to it, rather than data being collected passively without their awareness. A business is responsible for having an actual privacy policy that accurately reflects what it does with customer data, and linking that policy directly into the signup flow rather than burying it somewhere a customer would never think to look.
What the collected data is actually used for
The information gathered at signup exists to serve the loyalty program itself. A name and contact detail let a business identify a specific customer when they're scanned in-store, deliver the push notifications the loyalty program is built around, and, where relevant, issue receipts or manage billing for a paid membership. Purchase history tied to a loyalty card, how much a customer has spent, how often they've visited, feeds directly into the analytics and segmentation covered elsewhere on this site, letting a business understand its own customer base and run smarter, more targeted communication rather than generic messaging sent identically to everyone.
None of this is unusual or hidden, it's the same basic category of information any loyalty program, digital or otherwise, has always needed to function, a name to recognize a customer, a contact method to reach them, and a record of their activity to actually reward them accurately.
What the data is not used for
Customer information collected through a loyalty card belongs to the business running that specific card, not to some shared pool sold or shared across unrelated companies. A customer's phone number collected for one café's stamp card program isn't handed off to unrelated third parties for unrelated marketing purposes, and a business's own customer list stays specific to that business. This matters because plenty of consumer hesitation around loyalty programs generally comes from a reasonable, well-founded wariness about where personal information ends up once it's handed over, and a properly run digital loyalty card is built around collecting exactly what's needed for that one specific relationship, not aggregating data for broader resale or unrelated use.
Why geo-located notifications don't require constant location tracking
A reasonable question specifically around geo-located notifications, covered in depth elsewhere on this site, is whether enabling this feature means a customer's location is being continuously tracked and logged. It isn't, in the sense most people worry about. The feature works through the native geofencing capability already built into Apple Wallet and Google Wallet, the same underlying mechanism that causes a boarding pass to automatically surface near an airport, triggering a notification only when a device crosses into a defined radius around a specific point a business has set. This is fundamentally different from a dedicated tracking app continuously logging a customer's precise location history throughout the day, and it only ever activates in relation to the specific locations a business has configured, not as a general, ongoing surveillance mechanism.
Why a business should still be deliberate about what it asks for
Even with reasonable defaults and clear consent built in, it's worth a business thinking carefully about what it actually asks for on a signup form, rather than adding every available field simply because it's an option. Every additional required field is friction that reduces how many customers actually complete the signup, and every additional piece of information collected is something a business then has a responsibility to handle carefully. The businesses that get the most participation out of their loyalty programs tend to keep the signup form genuinely minimal, a name and one contact method, adding further fields only when there's a clear, specific reason tied to how the program is actually run.
At a glance: how data privacy works
What's typically collected:
- Name and either a phone number or email
- Additional optional fields only if the business adds them for a specific reason
- Email is mandatory specifically for membership cards, to support billing
Consent:
- A privacy policy link and active consent toggle shown at signup
- The business is responsible for maintaining an accurate, linked privacy policy
How data is used:
- Identifying a customer at the point of a scan or transaction
- Delivering push notifications and, where relevant, billing receipts
- Feeding into analytics and segmentation specific to that one business
How data isn't used:
- Not shared or sold across unrelated businesses
- Geo-located notifications use geofencing, not continuous location tracking
- Data collected stays specific to the business running that particular card
Read more

Customer Lifetime Value: What It Means and How a Loyalty Program Actually Increases It
What customer lifetime value means, why it matters more than any single visit, and exactly how a digital loyalty program moves that number in the right direction.

Referral Programs on a Digital Loyalty Card: How They Actually Work
How a built-in referral program on a digital loyalty card works, the ways it can be configured, and why it outperforms generic refer-a-friend links.

How to Win Back Sleeping Customers Automatically: Re-Engagement Campaigns Explained
How automated re-engagement identifies customers who have quietly stopped visiting and wins them back with timely, targeted messaging.
