Privacy Policy
Muns – Retailer Service
Last updated: June 2026
We respect your privacy. This policy explains what data we collect, how we use it, and your rights. We do not track or store any shopper data or behaviour.
1. What we collect
- Business Information: Retailer email, shop name, physical address, shop location coordinates, shop cash payment incentives, and payment and transaction records - collected during registration and shop setup.
- Security Data: Authentication identifiers, including a unique numeric ID and assigned user role, used solely for account access and session security. No personal information is stored within these identifiers.
2. What we do NOT collect or track
We are committed to minimal data collection and do not engage in any form of tracking or profiling. Specifically:
- No usage analytics, browsing behaviour, or IP addresses for tracking purposes.
- No cookies are used except for one essential authentication token required for account security.
- No personal shopper data whatsoever: We do not track, store, or process any shopper location, behaviour, or personal information.
- We do not use analytics, advertising, tracking, preference, or any third-party cookies.
Cookies
We use only one strictly necessary, first-party cookie: a JWT authentication token. This is essential for secure user authentication and maintaining access to core features in our service.
- Type: First-party authentication cookie (JWT bearer token).
- Purpose: To securely authenticate users and verify permissions. The application is fully stateless — no server-side session data is stored; all required claims are contained in the secure token itself.
- Claims in the token: The token contains all non-PII required claims. It is built using a database-generated numeric ID and the user's role (e.g., RETAILER). It contains no personal data.
- Duration: 2 hours. The cookie is cleared immediately upon logout or when it expires.
- No other cookies: As noted above, we do not use any other cookies or similar technologies.
This cookie is exempt from consent requirements under applicable laws (including UK GDPR, PECR, and other international data privacy standards) because it is strictly necessary for the service you explicitly request.
3. How we use your data
- To display your shop and offers on the public map.
- To authenticate you in the dashboard.
- To send important service emails (e.g., password resets).
4. Data storage and security
- Sensitive account, business, and payment and transaction information is encrypted at rest and in transit.
- Shop coordinates are stored securely to enable map functionality.
- Data is stored in secure cloud infrastructure.
- We use secure, hashed identifiers for data retrieval to ensure your information is only accessed by authorised processes.
5. Data sharing and payment processing
- We do not sell your personal or business data to third parties.
- We use a trusted third-party payment provider to securely process all payments and refunds.
- We do not see or store your sensitive payment credentials (such as credit card numbers). These are handled exclusively and securely by our third-party payment provider.
- We store basic payment and transaction records (such as amount, date, status, and payment provider reference IDs) in our database to manage your account and process refunds.
- We do not store your full billing information in our database. However, we may receive limited transaction details from our payment provider to assist with customer support and account management.
- We may share data if required by law or regulatory authorities.
6. Your rights
- You can view, update, or delete your account data at any time via the dashboard.
- Deleting your account will permanently delete all your user data from our database immediately.
7. Retention
We retain your account data for as long as your account remains active.
If you delete your account (via the dashboard), all associated data — including shops, offers, and personal information — is permanently and irreversibly deleted immediately, except for essential payment and transaction records as described below.
If your subscription expires and is not renewed, your account enters a 24-hour grace period. After this grace period, your account and all related data will be permanently deleted, except for essential payment and transaction records as described below.
Payment and Transaction Records: When a user account is deleted, we remove all direct personal identifiers. We retain only essential payment and transaction records (with payment identifiers encrypted) for a maximum of 5 years. These records are kept solely to fulfill our legal and regulatory obligations, such as tax reporting, accounting, and to defend against potential chargebacks or refunds. After this period, the records are permanently deleted.
8. Changes to policy
We may update this policy from time to time. We will notify you of significant changes via a dashboard message or email. Continued use of the Service after such changes constitutes your acceptance of the new policy.
Contact: support@muns.app