Business

Business Privacy Policy

Last Updated: April 2026

YOYBO

Yoybo Ltd. | 167-169 Great Portland Street, 5th Floor, London W1W 5PF, UK

info@yoybo.com | www.yoybo.app

•Yoybo Ltd., 167-169 Great Portland Street, 5th Floor, London W1W 5PF, London, United Kingdom.
•Email: info@yoybo.com

•Business name, category, logo and URL slug.
•Email address and phone number.
•Billing address and tax identification number (where required).
•Loyalty settings such as reward rates, lock type, validity period and billing date.

•Payment details are not stored on Yoybo servers.
•All payment transactions are processed by Stripe or Iyzico in a PCI-DSS compliant manner.

•Account creation and management: performance of contract.
•Cashier transactions and operation of the loyalty programme: performance of contract.
•Billing, commission calculation and payments: performance of contract and legal obligation.
•Statistics and reporting services: performance of contract.
•Payment reminders and account status notifications: legitimate interest.
•Ensuring platform security: legitimate interest.
•Legal obligations and financial audit requirements: legal obligation.

•Display ID and balance: the business can always see these.
•Customer name and phone: visible only if the customer has granted permission in their own privacy settings.
•Customer email address: never shared with the business under any circumstances.
•Customer data obtained through the platform may not be used for marketing, profiling or any other purpose outside the platform.
•If the business leaves the platform, its access to customer data ends immediately and the business is required to delete any customer data it has obtained.

•The business may request an anonymous list of customers registered in its programme in writing.
•The report contains only Display IDs and balance status; no personal information is provided.

•All communication is protected by TLS/SSL encryption.
•Data isolation between businesses is ensured by Row-Level Security.
•Admin access is protected by two-factor authentication (2FA).
•Payment details are processed by PCI-DSS compliant providers and are not stored on Yoybo servers.

•Account data: retained for as long as the account is active.
•Transaction and commission records: retained for five to ten years in accordance with legal requirements.
•Invoice records: retained for the period required by tax legislation.
•After account closure: retained until legal obligations are fulfilled and existing customer balances have expired.

•Data may be processed on servers in countries outside the European Economic Area.
•Transfers are carried out under Standard Contractual Clauses (SCCs) or European Commission adequacy decisions.

•Right of access: you may request access to data processed about you.
•Right to rectification: you may request correction of inaccurate or incomplete data.
•Right to erasure: you may request deletion of your data, subject to legal retention obligations.
•Right to restriction: you may request restriction of processing under certain conditions.
•Right to portability: you may request your data in a structured format.
•Right to object: you may object to processing based on legitimate interest.
•To exercise your rights, contact info@yoybo.com.
•You also have the right to lodge a complaint with the relevant data protection authority (the ICO in the United Kingdom, the relevant DPA in the European Union, or KVKK in Turkey).

•Email: info@yoybo.com
•Address: Yoybo Ltd., 167-169 Great Portland Street, 5th Floor, London W1W 5PF, UK