How Stamp handles your data

Last updated: 21 May 2026

Stamp is a digital loyalty platform for indie cafés. This policy covers thestamp.org and the Stamp mobile + dashboard apps. We collect the minimum we need to run the loyalty program, store it on Google Firebase (australia-southeast1), and never sell it. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

1. Who we are

Stamp is operated by AroraLabs (the “Studio”), based in Australia. For privacy questions, contact contact@aroralabs.org.

2. The two kinds of accounts

Stamp has two distinct user types, each with different data:

Customers — people who install the Stamp mobile app to collect stamps and redeem rewards at participating cafés.
Café owners — people who sign up to the Stamp dashboard (thestamp.org/dashboard) to run a loyalty program for their café.

3. What we collect from customers

Email + display name (and your photo if you sign in with Google or Apple) — to identify you on stamp requests at the café till.
Your stamp + redemption history at every café you follow.
Approximate location at the moment you tap “Request a stamp”. Used only to confirm you’re inside the café’s geofence. The coordinates are stored on the request record as an anti-fraud audit trail; they’re not used for marketing, profiling, or sold.
Push-notification tokens (FCM) — to notify you when a barista approves your stamp.
Birthday — optional. Only used if a café you follow has birthday rewards turned on.

4. What we collect from café owners

Email + display name — to sign in to the dashboard and tag “Approved by Joe” on stamps.
Café profile — name, address, location, opening details, branding.
Stripe billing details (for paid tiers, when live) — held by Stripe, not by us. We store only the customer and subscription IDs.

5. What a café owner sees about their customers

Café staff only ever see customers who have followed their café via the store QR. For those customers they see:

Display name + profile photo (if shared by Google/Apple)
Date they joined
Card progress, lifetime stamp count, rewards claimed at that café only
Last visit date

Café staff cannot see your email address, your activity at other cafés, your birthday, your location history, or your phone. Firestore security rules enforce this — you can read them at github.com/aroralabs/stamp/firestore.rules.

6. Where your data lives

Google Cloud Firestore, region australia-southeast1 (Sydney). Encrypted at rest by Google.
Firebase Authentication for sign-in (Google / Apple / email + password).
Firebase Cloud Messaging for push notifications.
Zoho Mail for sending branded verification + password-reset emails. The email body is the only content shared with Zoho.
Stripe (when paid plans launch) for café-owner billing only. Customers never interact with Stripe.

7. Cookies and analytics on thestamp.org

The marketing site (thestamp.org) uses Google Analytics 4 to understand which sources bring café-owner signups. GA4 sets first-party cookies and reports anonymised page views, referrers, and country. You can opt out with any standard tracker-blocker, or by signing out of Google before visiting.

The dashboard (thestamp.org/dashboard) and the mobile app do not run third-party analytics. App crashes are reported to Firebase Crashlytics, stripped of personal content.

8. Your rights

Access — your profile is visible to you on the Profile screen.
Correction — edit your display name and birthday in-app.
Deletion — Delete account in Settings (mobile) or Profile (dashboard) instantly removes your sign-in, your profile doc, all your enrolments, and (if you own a café) the café and its staff + campaigns + customer enrolments.
Stamps and redemptions records are kept as an audit trail for the cafés you visited, but with your user profile gone they can’t be linked back to you.
Complaints — contact us first at contact@aroralabs.org; unresolved complaints can be escalated to the Office of the Australian Information Commissioner (OAIC).

9. Children

Stamp is intended for users 13+ (App Store / Play Store age rating). We don’t knowingly collect data from anyone under 13. If you believe we have, email us and we’ll delete it.

10. Changes to this policy

Material changes will be announced via in-app banner and email at least 14 days before they take effect. The “last updated” date at the top will always reflect the current version.

← Back to Stamp · Read the Terms of Service