Privacy Policy

Last updated: 28 June 2026

Private-pilot legal draft. Final legal review is required before broader public launch.

1. Who is responsible?

Zomia is a loyalty software service for customers, business owners, and staff.

Provider: Bellis Prennis, operating the service Zomia, Fremersbergstr. 103, 76530 Baden-Baden, Germany.

Contact: info@zomia.eu

For the current private pilot, this policy describes how Zomia operates the service and handles account, loyalty, QR, reward, staff, and business data. The final controller/processor model between Zomia and participating businesses must be reviewed before a broader public launch.

2. Which roles use Zomia?

Zomia has three active MVP roles:

  • Customers use QR codes, campaign progress, rewards, profile, and account settings.
  • Business owners manage business settings, missions, campaigns, reward templates, staff invitations, and staff activity.
  • Staff scan customer QR codes, register actions, and use active rewards during service.

3. What data do we process?

Depending on your role, we process the following categories of data:

  • Account data: display name, email address, password hash, role, account status, email verification state, and account settings.
  • Authentication data: access tokens, rotating refresh token hashes, sign-in state, logout state, password recovery state, and security-related token metadata.
  • Customer QR data: customer ID, QR token hash, issue time, expiry time, revocation time, and active/inactive state. Raw QR tokens are not stored in the database.
  • Loyalty data: missions, actions registered by staff, point ledger entries, campaign progress, campaign completions, reward issue, reward status, and reward use.
  • Business data: business name, category, business settings, owner relationship, missions, campaigns, reward templates, and owner-visible recent activity.
  • Staff data: invited email address, invitation status, password hash after acceptance, staff membership, active/inactive state, and actions registered for customers.
  • Email workflow data: email verification codes, password recovery codes, email change codes, staff invitation links, token hashes, expiry times, and delivery metadata where available.
  • Technical and operational data: browser storage values required for login/session operation, server logs, backend logs, Nginx logs, backup logs, and security logs.

4. Why do we process data?

We process data to create and secure accounts, operate the loyalty service, show QR codes and campaign progress, let staff register actions, issue and use rewards, support business owners, send transactional emails, and protect the service from misuse.

5. Legal bases

The main legal bases are contract performance or pre-contract steps, legitimate interests in secure service operation, and legal obligations where applicable. Marketing messages, if introduced later, require a separate decision and may require consent and double opt-in.

Accepting Terms is not treated as consent for all data processing. Where consent is required, it must be requested separately.

6. Transactional emails

We send transactional emails such as verification codes, password recovery messages, email change codes, and staff invitation links. These emails are necessary for account and security workflows and are not marketing emails.

Zomia does not currently send newsletters, promotional messages, points reminders, reward reminders, or marketing emails. If these are introduced later, they must be separated from transactional emails, use an appropriate consent flow where required, and include unsubscribe handling.

7. Browser storage and cookies

The web app uses browser storage for session operation and customer QR cache in the current MVP web version. This storage is used to keep users signed in and to operate the app.

Zomia does not currently use analytics cookies, advertising cookies, marketing pixels, or non-essential tracking technologies. External uptime monitoring checks the public health endpoint and is not used to track individual users.

8. Recipients and processors

Data may be processed by hosting, database, email, backup, and operational service providers. Current providers include server hosting, email delivery, encrypted off-server backup storage, and uptime monitoring. Data processing agreements or equivalent provider terms must be reviewed before broader public use.

9. Business owner and staff visibility

Business owners can see activity related to their own business, including staff actions and customer service activity summaries. Staff actions are tied to customer service events and may be visible to the business owner.

Staff members can see customer information needed for the service flow after scanning a valid customer QR code. The Staff view does not need to expose the customer's email address for the current MVP service workflow.

10. Rewards and loyalty history

Loyalty actions, points, campaign progress, rewards, and reward use may remain stored to preserve business history, dispute handling, auditability, and fraud prevention. Retention periods require final legal/product review.

Zomia points are not cash, not electronic money, not transferable, and cannot be paid out.

11. Account deletion and erasure

Customers can request account removal in the app. The MVP removes or anonymizes direct personal account fields and revokes active customer QR and refresh tokens. Some historical loyalty, reward, staff action, or audit records may remain in anonymized or business-history form where needed for security, legal, dispute-handling, fraud-prevention, or operational reasons.

Because backups are used for disaster recovery, removed or anonymized data may remain temporarily in backups until the relevant backup expires under the active retention schedule. Backups are not used for normal customer lookup.

Owner account removal and Staff account removal are not self-service in the current MVP because they affect business ownership, staff membership, and historical business records.

12. Retention

Exact final retention periods still require review. Account data is kept while the account exists. OTP and invitation data is time-limited. Server logs and backup logs are kept for operational security and recovery. Current private-pilot PostgreSQL backup retention is 14 days, with encrypted off-server backups used for disaster recovery.

13. Your rights

Subject to applicable law, you may have rights of access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority. To make a request, contact info@zomia.eu.

We may need to verify your identity before processing a rights request.

14. Children

Zomia is not intended for children. Minimum age and parental-consent policy must be finalized before broader public use.

15. Changes

We may update this Privacy Policy as the MVP evolves. Material changes should be reviewed before broader onboarding.

Back to Legal