Welcome to Lytti, a product offered by Anara Labs, LLC. ("we," "our," "us," or "Anara Labs"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our loyalty program solution services.
This Privacy Policy addresses both:
As a B2B loyalty program solution provider, we primarily collect and process information from merchants. However, we also process end-user data on behalf of our merchants. This policy addresses both relationships.
Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.
1. Information Collection and Use
1.1 Information We Collect from Merchants
As a business using Lytti's services, we collect the following information:
Business Information: Legal business name, business address, tax identification numbers, industry category
Account Information: Email addresses, names, and contact details of merchant administrators and staff members
Billing Information: Payment information, subscription details, billing contacts
Usage Information: How your business interacts with our platform, including features used and configurations set
Integration Data: Information about your POS systems, e-commerce platforms, and other business systems integrated with Lytti
Support and Training Data: Information shared with us during onboarding, support interactions, and training sessions
1.2 Information We Collect from End-Users
When end-users interact with loyalty programs operated by our merchants, we may collect the following information on behalf of the merchant:
Personal Identifiers: Name and email address
Location Data: Geographic location information
Usage Data: Information about how end-users interact with the loyalty program
Technical Data: Information collected through cookies and similar technologies
Loyalty Program Data: Points, rewards, purchase history, and redemption information
2. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process personal information based on the following legal grounds:
Contractual Necessity: Processing necessary for the performance of our contract with merchants to provide our loyalty program services.
Legitimate Interests: Processing necessary for our legitimate interests, such as to improve our services, prevent fraud, and for direct marketing purposes.
Consent: Where individuals have given consent for specific processing activities.
Legal Obligation: Processing necessary to comply with our legal obligations.
3. How we use your information
3.1 How we use Merchant information
We use the information we collect from merchants for:
Providing, maintaining, and improving our services
Creating and managing merchant accounts
Processing subscription payments and billing
Onboarding and training merchant staff
Supporting integration with your business systems
Analyzing platform usage to improve features
Sending service updates and marketing communications
Responding to support requests and inquiries
Ensuring compliance with our agreements and applicable laws
4. Merchant Dashboard and Administration
Our platform provides merchants with administrative tools to manage their loyalty programs, including:
Access Controls: Merchants can create staff accounts with different permission levels
Program Management: Tools to configure and manage loyalty program rules
User Data Management: Access to end-user data for program administration
Analytics: Reports and insights on program performance
Ensuring proper authorization for staff accessing the dashboard
Maintaining the confidentiality of login credentials
Configuring appropriate privacy settings for their loyalty programs
- Obtaining necessary consents from their end-users
5. Data flows in loyalty program operations
As a loyalty program solution provider, Lytti processes data in the following ways:
Merchants integrate our platform with their POS and e-commerce systems
When end-users register for a loyalty program, we collect their information on behalf of the merchant
When end-users make purchases or earn points, the merchant's systems transmit transaction data to Lytti
We calculate rewards and update loyalty status based on this data
We may send notifications about loyalty status, available rewards, or promotions
6. Cookies and tracking technologies
We use cookies and similar tracking technologies on our merchant dashboard and loyalty program interfaces. These technologies help us:
- Authenticate users and maintain session security
- Remember user preferences and settings
- Collect analytics on platform usage
- Improve our services and user experience
We primarily use cookies for Google Analytics purposes to understand how our platform is used.
Merchants and end-users can instruct their browsers to refuse all cookies or to indicate when a cookie is being sent. However, some features of our service may not function properly without cookies.
7. Data sharing and disclosures
7.1 Service Providers
We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, perform service-related services, or assist us in analyzing how our service is used.
Specifically:
- Payment Processing: We use Stripe for processing merchant subscription payments.
- Cloud Infrastructure: We use cloud hosting providers to store and process data.
- Analytics: We use analytics providers to understand platform usage.
- E-commerce and POS Integrations: Our service integrates with various e-commerce platforms and point-of-sale systems to track loyalty points and purchases.
7.2 Merchant-End User Relationship
When end-users participate in a merchant's loyalty program powered by Lytti:
- The merchant has access to their end-users' loyalty program data through our platform
- We process end-user data according to the merchant's instructions
- End-users should refer to the merchant's privacy policy for information on how the merchant uses their data
7.3 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
8. Data processing agreements
For merchants subject to GDPR or similar regulations, we offer Data Processing Agreements (DPAs) that outline:
- The subject matter and duration of processing
- The nature and purpose of processing
- The types of personal data and categories of data subjects
- The obligations and rights of the merchant as the data controller
- Our commitments as a data processor
Merchants can request a DPA by contacting our privacy team.
9. Data retention
9.1 Merchant Data Retention
We retain merchant account information for the duration of our business relationship plus at least 6 months after contract termination. We may retain certain information for longer periods as required by law, for legitimate business purposes, or to protect our legal interests.
9.2 End-User Data Retention
We retain end-user data according to:
- The merchant's instructions
- Our contractual obligations with the merchant
- Applicable legal requirements
When a merchant terminates their relationship with us:
- We provide an option to export all end-user data
- We delete or anonymize end-user data within 90 days of contract termination unless otherwise instructed
When an end-user deletes their account:
- Their personal identifiers will be removed or anonymized
- Their loyalty points and rewards may be forfeited according to the specific program terms
- Historical transaction data may be retained in anonymized form for analytics
10. Data security
We have implemented appropriate technical and organizational security measures designed to protect the security of information we process. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure.
These measures include:
- Encryption of sensitive data both in transit and at rest
- Regular security assessments and vulnerability testing
- Strict access controls and authentication procedures
- Regular security training for our staff
- Physical security measures for our facilities
- Continuous monitoring for suspicious activities
- Regular data backups and disaster recovery procedures
10.1 Data Breach Notification
In the event of a security breach affecting personal information, we will:
- Notify affected merchants without undue delay
- Provide information about the nature of the breach
- Recommend measures to mitigate potential adverse effects
- Notify relevant supervisory authorities where required by law
Merchants are responsible for notifying their end-users in accordance with applicable laws.
11. International data transfers
Your information, including personal information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.
We ensure that international transfers comply with applicable data protection laws, including implementing appropriate safeguards such as standard contractual clauses where required.
12. Your privacy rights
12.1 Merchant Rights
As a merchant using our platform, depending on your location, you may have certain rights regarding the business information you provide us:
- Right to Access: You have the right to request copies of your business information we hold.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate.
- Right to Data Portability: You have the right to request that we transfer your data to another service provider, under certain conditions.
12.2 End-User Rights
End-users should direct privacy rights requests to the relevant merchant (the data controller). However, we will assist our merchants in fulfilling such requests, which may include:
- Access to personal data
- Correction of inaccurate data
- Deletion of personal data
- Restriction of processing
- Data portability
12.3 How to Exercise Your Rights
For merchants:
1. Email your request to [privacy@lytti.com]
2. Submit a request through the "Privacy Rights" section of your merchant dashboard
3. Contact our designated privacy team using the online form on our website
For end-users:
Please contact the merchant operating the loyalty program. If you need assistance identifying the appropriate merchant, you may contact us and we will direct you accordingly.
We will respond to all legitimate requests within 30 days.
13. Merchant responsibilities
When using our platform, merchants are responsible for:
- Complying with applicable privacy laws in their collection and use of end-user data
- Providing appropriate privacy notices to their end-users
- Obtaining any necessary consents from end-users
- Responding to end-user privacy rights requests
- Implementing appropriate security measures for their own systems
- Notifying affected parties in the event of a data breach within their systems
14. Children's privacy
Our service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. Merchants are responsible for ensuring they do not use our platform to collect information from children under 13 without appropriate parental consent.
15. Roles as data controller and processor
- For merchant business information, we act as a data controller.
- For end-user data collected through loyalty programs, we act as a data processor processing data on behalf of the merchant (the data controller).
When we act as a data processor, we:
- Process data only according to the merchant's documented instructions
- Implement appropriate security measures
- Assist merchants in fulfilling data subject rights requests
- Support merchants with data protection impact assessments when required
16. Changes to this Privacy policy
We may update our Privacy Policy from time to time. We will notify merchants of any material changes via email or through a prominent notice on our merchant dashboard.
We encourage merchants to review this Privacy Policy periodically for any changes and to inform their end-users of any relevant changes that may affect them.
17. Contact Us
If you have any questions about this Privacy Policy, please contact us at legal@lytti.co.
Anara Labs, LLC.
TIN: 02404202510271
OKPO: 33856584
80 Yunusaliev St., Office 421
Bishkek, 720040
Kyrgyz Republic
