Rewaro
Merchant sign in

Legal

Privacy Policy

Last updated: April 2026

Draft notice: This document describes how Rewaro handles data in plain terms. It has not yet been reviewed by a qualified legal professional for Kuwait or GCC jurisdiction compliance. If you have privacy-related questions, contact contact@rewaroapp.com and we will respond directly.

1. What Rewaro is

Rewaro is a B2B digital loyalty platform. Merchants use it to manage loyalty programs — points, visits, and VIP tiers — for their own customers. Customer loyalty passes are delivered through Apple Wallet and Google Wallet.

Rewaro is not a consumer product. We do not independently market to or contact end customers. All customer data within the platform is managed by the merchant.

2. Data we handle

The platform processes two distinct categories of data:

Merchant data

  • Business name, email address, and profile information provided during registration
  • Branch and organization settings
  • Staff member email addresses and role assignments
  • Commercial record references (plan, payment status — internal bookkeeping only; no payment card data stored)

End-customer data (managed by the merchant)

  • Name, phone number, and email address entered by the merchant
  • Loyalty ledger records (points earned, rewards redeemed, visits)
  • Wallet pass device registrations for customers who add a pass to Apple Wallet or Google Wallet
  • Aggregate analytics derived from loyalty activity

3. Data controller and processor relationship

For end-customer data, the merchant operates as the data controller. Rewaro acts as a data processoron the merchant's behalf, storing and serving data only as instructed by the merchant's use of the platform.

Each merchant is responsible for obtaining appropriate consent from their customers before enrolling them in a loyalty program or issuing wallet passes, in accordance with applicable law in their jurisdiction.

4. How we use data

  • To operate the platform and deliver loyalty program functionality
  • To send transactional emails (e.g. staff invitations, campaign messages) on behalf of merchants
  • To update wallet passes when loyalty balances change
  • To maintain an audit log for platform integrity

We do not sell data. We do not use end-customer loyalty data for advertising or profiling outside the merchant's own program.

5. Data storage and security

All data is stored in a PostgreSQL database with strict organization-level isolation — no merchant can access another merchant's data. All connections use HTTPS. Credentials and secrets are managed outside the application codebase.

6. Data retention and deletion

Merchant workspaces and their associated customer data are retained for the duration of the merchant relationship. Data deletion requests can be made by contacting our team. We will respond and action deletion requests in a reasonable timeframe.

7. Contact

For privacy inquiries, data deletion requests, or questions about how your data is handled:

contact@rewaroapp.com

Kuwait City — Rewaro operates in Kuwait with a GCC expansion roadmap.