STAMPEDE

F&B Loyalty & Engagement Platform

Privacy Policy

Last updated: 12 March 2026

Contact: hello@stampede.sg

This Privacy Policy explains how STAMPEDE AI PTE. LTD. (“STAMPEDE”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use our platform, in compliance with Singapore's Personal Data Protection Act 2012 (“PDPA”).

STAMPEDE is a white-label loyalty and engagement platform used by food & beverage (“F&B”) businesses (“Brands”) to manage loyalty programs for their customers (“Customers”). This policy applies to all users of the STAMPEDE platform, including Brand owners, their staff, and their Customers.

1. Data We Collect

1.1 Personal Data Collected Directly

  • Phone number (required for account creation via OTP verification)
  • Name (provided during onboarding)
  • Email address (if provided, optional)
  • Birthday (if provided, optional, for birthday rewards)

1.2 Data Generated Through Platform Usage

  • Stamp collection history (dates, locations, quantities)
  • Coupon issuance and redemption records
  • Referral activity (who referred whom, rewards earned)
  • Branch visit history (which outlets visited, when)
  • Device and browser information (for PWA functionality)
  • Language preference (English or Chinese)

1.3 Brand Owner and Staff Data

  • Phone number and name (for account access)
  • Role assignments (owner, manager, cashier)
  • Branch assignments
  • Activity logs (stamps issued, coupons claimed)

2. How We Use Your Data

2.1 Primary Purposes

  • To provide and operate the loyalty platform for Brands and their Customers
  • To verify your identity via OTP during login
  • To track and display your stamp collection, coupons, and referral rewards
  • To enable Brands to manage their loyalty programs, staff, and customer engagement
  • To detect and prevent fraud (e.g., self-stamping, unusual activity patterns)

2.2 Platform Purposes

  • To generate anonymized and aggregated analytics for platform improvement
  • To provide cross-brand insights using anonymized data (e.g., industry benchmarks)
  • To enable platform-level features such as multi-brand loyalty wallets, deals discovery, and cross-brand campaigns (current and future features)
  • To send platform-level communications about new features, promotions, or brands that may interest you

2.3 Brand-Specific Purposes

  • Brands may use your data within their loyalty program to send marketing messages (push notifications, SMS) about their products, promotions, and events
  • Brands may view your stamp, coupon, and visit activity within their own program
  • Brands do NOT have access to your activity with other brands on the platform

You may opt out of Brand-specific marketing communications at any time through your account settings or by contacting the Brand directly.

3. Data Sharing and Disclosure

3.1 With Brands

We share your personal data (name, phone number, activity within their program) with the Brand whose loyalty program you have joined. Each Brand can only see data related to their own program.

3.2 With Service Providers

  • Supabase (database hosting, Singapore region)
  • Vercel (web hosting)
  • Twilio (OTP SMS delivery)
  • Stripe (payment processing for Brand subscriptions)
  • Sentry (error monitoring, anonymized)
  • Firebase (push notifications, if enabled)

3.3 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify any individual for industry research, platform analytics, and business development purposes. This data cannot be used to identify you.

3.4 Legal Requirements

We may disclose your personal data if required by law, regulation, legal process, or governmental request, including to comply with the PDPA or orders from the Personal Data Protection Commission (PDPC).

4. Data Storage and Security

  • All data is stored on servers in Singapore (Supabase Singapore region)
  • Data is encrypted in transit (HTTPS/TLS) and at rest
  • Access to personal data is restricted through Row Level Security (RLS) policies — each Brand can only access their own customers' data
  • Staff access is role-based (owners see all brand data, cashiers see only their branch)
  • We conduct regular security reviews and maintain activity logs for audit purposes

5. Data Retention

5.1 Active Accounts

We retain your personal data for as long as your account is active and as necessary to provide services to you and the Brands whose programs you participate in.

5.2 Account Deletion by Customer

You may request deletion of your account by contacting us at hello@stampede.sg. Upon verified request, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention records).

5.3 Brand Subscription Cancellation

If a Brand cancels their STAMPEDE subscription, their customer data will be retained in anonymized form for platform analytics. Personally identifiable data linked to that Brand's program will be deleted or anonymized within 90 days of subscription termination, unless the Customer has active accounts with other Brands on the platform.

6. Your Rights Under PDPA

Under the PDPA, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Withdrawal of Consent: Withdraw your consent for any specific purpose of data collection or use (note: this may affect your ability to use certain features)
  • Data Portability: Request your data in a commonly used format

To exercise any of these rights, please contact us at hello@stampede.sg. We will respond within 30 days.

7. Cookies and Tracking

STAMPEDE is a Progressive Web Application (PWA). We use browser local storage to store your language preference and session information. We do not use third-party tracking cookies or advertising cookies.

8. Children's Data

STAMPEDE is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at hello@stampede.sg.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our platform with a new “Last Updated” date. Your continued use of the platform after such changes constitutes acceptance of the updated policy.

10. Data Protection Officer

For questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact:

STAMPEDE AI PTE. LTD. (UEN: 202611946M)
20A Lorong 3 Geylang #21-56, Singapore 382020
Email: hello@stampede.sg

We are committed to resolving any complaints about your privacy and our collection or use of your personal data in accordance with the PDPA.