Legal
Data Access & Consent
Last updated: May 14, 2026 · Consent text version v1
What you authorize
When you connect a loyalty program, you authorize Loyalty.travel to log into that program on your behalf using credentials you provide, solely to retrieve your balance, tier, qualifying progress, recent activity, and account profile details.
What we store
- Your membership number (encrypted at rest).
- Your password — stored encrypted in Supabase Vault using AES-256, never in plain text, and never visible to staff.
- A consent record: a hashed IP address, a timestamp, and the version of this page you agreed to.
- The data we sync: balances, tiers, qualifying progress, and activity.
What we do not do
- We do not book travel on your behalf.
- We do not transfer points or redeem awards.
- We do not change account settings, addresses, or contact info.
- We do not share credentials with third parties.
How to revoke
Visit Connections and click Disconnect on any program. Disconnecting permanently deletes the encrypted credential from Vault and stops all syncs. Your historical balance/tier data is retained until you delete your account.
Account deletion
Email privacy@loyalty.travel to request full account deletion. We process within 30 days.