Política de Privacidad

Walopass ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform at walopass.com and related services (the "Service").

This policy applies to two categories of users: Creators (who set up communities and send notifications) and Members (who join communities and receive wallet passes). By using the Service, you consent to the practices described in this policy.

From Creators

• Email address (for account authentication)
• Display name
• Community information (name, URL slug, images)
• Payment information (processed by Stripe; we do not store full payment details)
• Notification content and targeting preferences

From Members

• Email address (for account authentication)
• First and last name
• Date of birth (used for age verification — minimum 13 years — and demographic targeting)
• Gender (optional, used for demographic targeting)
• City, region, and country (collected via location autocomplete for geographic targeting)

Automatically Collected

• Device information when adding a wallet pass (device type, library identifier)
• Push notification delivery status
• Basic usage analytics (page views, feature usage)

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate users and manage accounts
• Generate and distribute Apple Wallet and Google Wallet passes
• Deliver push notifications from Creators to their Members
• Enable demographic targeting for notifications (by city, region, gender, and age)
• Process payments and manage subscriptions
• Communicate with you about your account, service updates, and support
• Enforce our Terms & Conditions and protect against misuse

We do not sell your personal information. We share data with third parties only in the following circumstances:

• Supabase — Our database and authentication provider. Stores user accounts, community data, and member records. Hosted in AWS US East region.
• Stripe — Payment processing for Creator subscriptions. Stripe processes payment data under its own privacy policy.
• Apple Inc. — Wallet pass distribution via Apple Push Notification service (APNs). Device tokens are shared to enable pass delivery and notifications.
• Google LLC — Wallet pass generation and distribution via Google Wallet API.
• Amazon Web Services (AWS) — File storage for generated pass files (S3). Infrastructure services for event processing.
• Google Maps Platform— City and location autocomplete during Member registration. Subject to Google’s privacy policy.

Creators can view member-level data and may export CSV files from the Members dashboard for legitimate community operations. Export files are access-controlled, temporary, and automatically deleted after the retention period. Creators are responsible for handling exported data in compliance with applicable privacy and data protection laws.

We implement appropriate technical and organizational measures to protect your personal information:

• All data in transit is encrypted using TLS/HTTPS
• Database access is protected by Row Level Security (RLS) policies
• Authentication uses secure JWT tokens with ES256 signing
• Payment data is handled exclusively by PCI-compliant Stripe infrastructure
• API access requires valid authentication tokens
• Admin access is restricted and protected by separate authentication

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Walopass uses essential cookies required for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled.

We do not use third-party advertising cookies or cross-site tracking. We may use basic analytics to understand how the Service is used, but we do not build advertising profiles based on your activity.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Creator accounts: retained until account deletion or subscription termination, plus a 30-day grace period
• Member records: retained for as long as the associated community is active
• Wallet passes: pass files are retained as long as the Member’s account is active
• Member CSV exports: retained for up to 7 days before automatic deletion
• Notification history: retained for 12 months after sending
• Payment records: retained as required by tax and financial regulations

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For All Users

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data. To leave a community or have your account and data permanently removed, email privacy@walopass.com. We will process your request within 30 days. Please also remove the wallet pass manually from your device after deletion is confirmed.
• Portability — Request your data in a machine-readable format

For EU/EEA Residents (GDPR)

You have additional rights under the General Data Protection Regulation, including the right to restrict processing, object to processing, and withdraw consent. Our legal basis for processing is contractual necessity (to provide the Service) and legitimate interest (to improve the Service and prevent abuse).

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@walopass.com. We will respond within 30 days.

Walopass requires Members to be at least 13 years old to register for a community. We verify age through date of birth collection during the registration process. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

Creator accounts require users to be at least 18 years old. We do not knowingly allow minors to create Creator accounts.

If you are a parent or guardian and believe your child under 13 has provided personal information to Walopass, please contact us at privacy@walopass.com.

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our infrastructure providers are located. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@walopass.com
• General inquiries: hello@walopass.com