Privacy Policy

Last updated: June 2026

Our Privacy Philosophy

Engage is a tool for businesses, not a data harvesting platform. Our business model is subscriptions paid by Merchants—not selling or monetizing data. We believe customer data collected through a Merchant's engagement should belongexclusively to that Merchant.

Information We Collect

From Merchants (Businesses)

  • Business name, email address, and contact information
  • Payment information (processed securely by PayPal/M-Pesa; we never store full card numbers)
  • Spin game and trivia configurations
  • Access code usage statistics

From Customers (End Users)

  • Name and email address (provided when creating an account or claiming a prize)
  • Spin and trivia participation history with each Merchant
  • Prize wins and redemption status
  • Loyalty points earned per Merchant

How We Use Information

For Merchants: We use your information to provide the Engage service, process payments, send account notifications, and improve our platform.

For Customer Data: We store customer data on behalf of Merchants. We do not:

  • Email, market to, or contact customers independently
  • Sell or share customer data with third parties
  • Use customer data for our own analytics or advertising
  • Cross-reference customer activity across Merchants for any purpose
  • Build profiles on customers beyond what's needed for the service

Customer data is siloed per Merchant. A customer who uses Engage with both "Coffee Shop A" and "Salon B" has two separate data relationships. Coffee Shop A cannot see the customer's activity with Salon B, and vice versa.

Data Retention

  • Active Merchants: Customer data is retained for the life of the Merchant's account.
  • Cancelled Merchants: Customer data is available for export for 30 days, then permanently deleted.
  • Customer accounts: Customers may request deletion of their account at any time, which removes their data from all Merchants.
  • Inactive customer activations: Expired activations (no engagement for 90+ days) may be anonymized.

Data Sharing

We share data only in these limited circumstances:

  • Payment processors (PayPal, M-Pesa) to process subscription payments
  • Email service (Resend) to send transactional emails to Merchants
  • Legal requirements if required by law or to protect our rights

We never share customer data with advertisers, data brokers, or analytics companies.

Customer Rights

Customers have the right to:

  • Access their personal data stored on Engage
  • Request deletion of their account and all associated data
  • Know which Merchants they are active with
  • Opt out of marketing communications from individual Merchants (by contacting the Merchant directly)

Note: Since customer data belongs to the Merchant, requests to modify or delete data specific to a Merchant's engagement should be directed to that Merchant.

Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and Row Level Security (RLS) on our database to ensure data isolation between Merchants. Access to customer data is strictly controlled and audited.

Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on customer-facing pages.

Children's Privacy

Engage is not intended for children under 13. We do not knowingly collect data from children under 13. Merchants are responsible for ensuring their engagement complies with applicable age restrictions.

International Data

Engage is hosted on servers located in the United States and/or Europe. By using our service, you consent to the transfer of data to these locations. We comply with applicable data protection laws.

Changes to This Policy

We will notify Merchants of material changes via email and update the "Last updated" date. Continued use after changes constitutes acceptance.

Contact

For privacy-related questions, contact us at privacy@engagespin.com.