How we collect, use, and protect your personal information when you use the D Points App platform.
D Points App (“we,” “our,” or “us”) operates the D Points App loyalty rewards platform, including the D Points App mobile application (“App”) and associated web services (“Platform”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
We are committed to protecting your privacy in accordance with applicable data protection laws including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), India’s Digital Personal Data Protection Act 2023 (DPDPA), Malaysia’s Personal Data Protection Act 2010 (PDPA), Singapore’s Personal Data Protection Act 2012 (PDPA), and internationally recognised standards including the General Data Protection Regulation (GDPR) where applicable.
By downloading, installing, accessing, or using the D Points App mobile application or web platform, you confirm that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use. If you do not agree to this Policy in full, you must discontinue use of the Platform immediately.
D Points App is a loyalty rewards platform that enables customers to earn and redeem points at participating venues including restaurants, cafes, food trucks, bakeries, and cloud kitchens. Venue owners and their staff use the Platform to manage loyalty programs, send marketing communications, and process customer transactions.
The D Points App Platform serves two distinct categories of users with different data requirements.
Customers are individuals who enroll in the D Points App loyalty program to earn and redeem points at participating venues.
The minimum personal information required to create a customer account is your full name and either your email address or mobile number. This information is used solely for account creation, identity verification, and secure login authentication. You are never required to provide anything beyond this to access the core loyalty features of the App.
| Category | Data Collected | Why We Collect It |
|---|---|---|
| Identity & Login | Full name — to personalise your account and identify you at venues Email address — for account login, identity verification, and transactional communications Mobile number (optional if email provided) — for account login and OTP verification Password (stored as a one-way cryptographic hash — never readable) — to authenticate your login securely | Account creation, login, and identity verification |
| Identity Credentials | Unique QR code token, 6-character PIN | Used at venue counters to process loyalty point transactions without sharing personal details with staff |
| Profile | Profile photo (optional, uploaded by you) | Personalisation of your in-app profile only |
| Transaction Data | Points earned, points redeemed, sale amounts, venue visits, transaction timestamps, transaction history | Core loyalty program operation — required to credit and track your points balance accurately |
| Preferences | Menu item preferences per venue (set by you) | Enables personalised offers from venues you are enrolled with |
| Notification Data | Device push notification token | Delivery of loyalty updates, points alerts, and offers to your device |
| Technical & Security | IP address, device type, app version, session logs, error logs | Security monitoring, fraud prevention, and improving app stability |
Venue users are business operators and their employees who manage loyalty programs through the D Points App Platform.
| Category | Data Points | Purpose |
|---|---|---|
| Account Information | Full name, email address, password (hashed), role | Account creation and access control |
| Venue Information | Venue name, address, city, country, phone, website, venue type | Platform listing and operations |
| Business Data | Transaction records, revenue analytics, customer engagement data | Business intelligence and reporting |
| Staff Actions | Points awarded, redemptions processed, orders placed | Audit trail and accountability |
| Media | Venue logo, banner images | Public venue profile |
Camera access is requested exclusively from venue staff accounts, and solely for the purpose of scanning customer QR codes to process loyalty point transactions at the counter. This camera usage is strictly limited to reading QR codes in real time. No images, photographs, or video are stored, recorded, saved, or transmitted at any point. The camera is activated only when a staff member initiates a scan and is immediately released afterwards. Customer accounts do not request, access, or use the camera under any circumstances.
We do not sell, rent, lease, trade, share for compensation, or otherwise transfer your personal data to any third party under any circumstances whatsoever. Your name, email address, mobile number, transaction history, and all other personal information you provide to D Points App is used exclusively to operate and improve the D Points loyalty platform for your benefit. No data broker, advertiser, marketing agency, analytics company, or any other commercial third party has access to your personal information.
When you enroll at a venue, that venue’s authorised staff can view your name, points balance, transaction history at their venue, and preferences you have set for that venue. Venues cannot access your data from other venues you are enrolled with.
All service providers are contractually bound to protect your data and use it only for the purposes we specify.
We may disclose your information if required by law, court order, or government authority in any jurisdiction where we operate, including UAE, India, Malaysia, and Singapore.
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
| Data Type | Retention Period |
|---|---|
| Customer account data | Duration of account + 3 years after deletion request |
| Transaction records | 7 years (financial compliance) |
| Push notification tokens | Until updated or account deleted |
| Venue user data | Duration of venue subscription + 3 years |
| System logs and error records | 12 months |
| Marketing communications | Until opt-out or account deletion |
Depending on your country of residence, you have the following rights regarding your personal data:
Rights under Federal Decree-Law No. 45 of 2021 including the right to be informed, access, correction, and erasure of your personal data.
Right to information, correction, erasure, grievance redressal, and nomination under the Digital Personal Data Protection Act 2023.
Right to access and correct your personal data under the Personal Data Protection Act 2010.
Right to access, correction, and withdrawal of consent under the Personal Data Protection Act 2012.
To exercise any of these rights, contact us at business@dpointsapp.com. We will respond within 30 days.
We implement multiple layers of technical and organisational security controls to protect your personal information.
Despite these measures, no system is completely secure. We encourage you to use a strong, unique password and to keep your login credentials confidential. If you suspect unauthorised access to your account, contact us immediately at business@dpointsapp.com.
With your consent, we send push notifications including points awarded or redeemed, personalised offers from enrolled venues, order updates, and marketing messages. You can withdraw consent at any time through your device settings or within the D Points App app.
The D Points App Platform is not intended for individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at business@dpointsapp.com and we will delete that information.
Your data is stored and processed in Singapore on Alibaba Cloud infrastructure. If you access D Points from the UAE or other regions, your personal data is transferred to and processed in Singapore. This transfer is protected by appropriate contractual safeguards and is carried out in compliance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 (PDPL), Singapore's Personal Data Protection Act 2012 (PDPA), and Malaysia's PDPA 2010 where relevant. By using the D Points Platform, you acknowledge that your data will be processed in Singapore.
We may update this Privacy Policy from time to time. We will notify you of material changes via push notification or email, and update the “Last Updated” date at the top of this Policy. Continued use of the Platform after changes constitutes acceptance of the updated Policy.
The D Points App Platform is provided exclusively for legitimate loyalty rewards and business management purposes. By using the Platform, you agree that you will not engage in any of the following prohibited activities:
Violation of any of the above terms may result in immediate account suspension or permanent termination without notice, removal of accumulated points, and where the conduct constitutes a criminal offence, referral to the relevant law enforcement authorities in the applicable jurisdiction. D Points App reserves the right to co-operate fully with any lawful investigation.
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
For grievances under India’s DPDPA, you may contact our Grievance Officer at the email below. We will acknowledge within 48 hours and resolve within 30 days.
This Privacy Policy was drafted to comply with UAE PDPL (Federal Decree-Law No. 45 of 2021), India DPDPA 2023, Malaysia PDPA 2010, Singapore PDPA 2012, and international best practices including GDPR standards. Last updated 25 April 2026.