Kawhe Logo

Privacy Policy

Last updated 18 February 2026

1. Who We Are

Kawhe Loyalty (“we”, “our”, “us”) is a software-as-a-service (SaaS) platform providing digital loyalty solutions for cafés and retail businesses, including QR-based signups, loyalty tracking, and Apple Wallet / Google Wallet integration.

Kawhe Loyalty is operated by:

wwwDream Limited
New Zealand
Email: info@wwwdream.co.nz
Website: https://wwwdream.co.nz/

For the purposes of applicable privacy laws:

  • We act as a Data Controller for merchant account information.

  • We act as a Data Processor for customer data collected by merchants through their loyalty programs.

2. Information We Collect

2.1 Merchant Account Data (Controller)

When businesses sign up, we collect:

  • Full name

  • Business name

  • Email address

  • Phone number

  • Billing address

  • Subscription information

  • Stripe customer ID

  • Login credentials (securely hashed)

2.2 Loyalty Member Data (Processor)

On behalf of merchants, we process:

  • Name (if provided)

  • Email address

  • Loyalty stamp activity

  • Reward redemptions

  • Wallet pass identifier

  • QR interaction history

  • Device metadata related to wallet pass updates

We process this data strictly under the merchant’s instruction.

2.3 Automatically Collected Data

  • IP address

  • Browser type

  • Device type

  • Log data

  • Session cookies

  • Usage analytics

We do not collect special category data (health, biometric, political, etc.).

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we rely on the following legal bases:

  • Contractual necessity – to provide the Kawhe Loyalty service.

  • Legitimate interests – to improve and secure our platform.

  • Legal obligation – to comply with financial and regulatory requirements.

  • Consent – where required for cookies or marketing communications.

4. Stripe & Payment Processing (DPA Language)

Payments are processed securely by Stripe, Inc.

We do not store full credit card numbers.

Stripe acts as an independent Data Controller for payment data. Stripe’s processing is governed by:

  • Stripe Services Agreement

  • Stripe Data Processing Agreement

  • Stripe Privacy Policy

Where required under GDPR, Stripe provides Standard Contractual Clauses (SCCs) for international transfers.

Merchants agree to Stripe’s processing terms when subscribing.

5. Apple Wallet & Google Wallet Processing

Kawhe Loyalty integrates with:

  • Apple Wallet (Apple Inc.)

  • Google Wallet (Google LLC)

When users add a loyalty pass:

  • A pass identifier is generated.

  • Minimal data necessary for pass functionality is transmitted.

  • Wallet providers may process device identifiers and push tokens.

Apple and Google act as independent Data Controllers under their respective privacy policies.

Kawhe Loyalty does not access unrelated wallet data stored on user devices.

6. Data Sharing

We do not sell personal data.

We may share information with:

  • Stripe (payment processing)

  • Cloud hosting providers

  • Analytics providers

  • Security monitoring providers

  • Legal or regulatory authorities, where required

All third-party processors are bound by confidentiality and data protection obligations.

7. International Data Transfers

Data may be processed outside New Zealand or the EEA.

Where required, we rely on:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Contractual safeguards with processors

8. Data Retention

We retain:

  • Merchant account data while account is active.

  • Financial records for up to 7 years (legal compliance).

  • Loyalty member data as instructed by merchants.

  • Security logs for a limited period for fraud prevention.

Merchants may request deletion of loyalty data at any time.

9. Data Security

We implement appropriate technical and organisational measures, including:

  • HTTPS encryption

  • Encrypted data storage

  • Role-based access controls

  • Secure authentication

  • Audit logging

  • Cloud infrastructure protections

While we take reasonable measures, no system is 100% secure.

10. Your Rights (GDPR & NZ Privacy Act 2020)

Depending on your location, you may have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent

Under the New Zealand Privacy Act 2020, individuals may request access or correction of their personal information.

Requests can be sent to:

info@kawhe.shop

We will respond within applicable legal timeframes.

11. Children’s Privacy

Our services are not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from minors.

12. Cookies & Tracking

We use cookies for:

  • Authentication

  • Session management

  • Security

  • Performance analytics

Users may manage cookie settings in their browser.

Where required by law, consent is obtained before non-essential cookies are used.

13. Data Breach Notification

In the event of a notifiable privacy breach:

  • We will notify affected parties as required under NZ Privacy Act 2020.

  • For EU users, we will notify supervisory authorities within 72 hours where applicable.

14. Changes to This Policy

We may update this policy from time to time. Updates will be posted on this page with a revised “Last Updated” date.

Continued use of the service constitutes acceptance of updates.

15. Contact & Complaints

Privacy Officer
Kawhe Loyalty
Email: info@kawhe.shop
Website: https://kawhe.shop

If you are in New Zealand and believe your privacy rights have been breached, you may contact the Office of the Privacy Commissioner of New Zealand.

If you are in the EU, you may lodge a complaint with your local supervisory authority.