Privacy for merchants, teams, and consumers using Arova.
This policy explains what data Arova handles, why we use it, how we protect it, and how merchants and consumers can reach us with privacy questions.
Who this policy applies to
Arova is a loyalty, CRM, and customer wallet platform used by merchants and their teams, and by consumers who use Arova-linked wallet and reward experiences.
This policy applies to visitors on the public website, merchant owners, managers, staff users, invited team members, and consumers who create or use an Arova account.
Merchant and consumer data we handle
The data we handle depends on how you use Arova. Merchants and merchant team users usually provide account, business, branch, operational, and billing-related information. Consumers usually provide contact details, wallet access data, and reward activity connected to participating merchants.
- Account and contact data, such as names, phone numbers, email addresses, usernames, invite details, and account verification records.
- Merchant business data, such as business name, branches, staff assignments, pricing or subscription records, and operational settings.
- Loyalty and wallet data, such as customer profiles, reward balances, points ledger entries, tier progress, referrals, and redemption requests.
- Transaction and redemption data, such as purchase amounts, timestamps, branches, staff users involved, approvals, fraud flags, and audit records.
- Consent and messaging data, such as opt-in or opt-out history, campaign settings, notification preferences, and message delivery events.
- Technical and security data, such as login events, request metadata, device or browser information, logs, and fraud-prevention signals.
How we use data
We use data to deliver the Arova product, keep merchant operations reliable, secure accounts, support consumers, and improve service quality.
- To create and manage merchant, staff, and consumer accounts.
- To run loyalty, CRM, wallet, redemption, approvals, and branch operations inside the app.
- To send service emails, password resets, verification emails, in-app notifications, and enabled SMS communications.
- To detect fraud, misuse, abuse, and operational issues.
- To provide support, troubleshoot incidents, and respond to account or privacy requests.
- To understand service usage, improve analytics, and maintain platform performance.
- To administer plans, billing workflows, and feature access for merchants.
Messaging, consent, and outreach
Arova supports operational notifications and, on eligible plans, campaign or outreach messaging for merchants. Merchants are responsible for using these tools lawfully and for honoring applicable consent requirements for their customers.
Consumers and merchant users may receive account, security, transactional, or support messages when needed to operate or secure the service. Promotional or campaign communications depend on merchant configuration and available plan access.
How data may be shared
We do not sell personal data. We may share data only where needed to operate the platform, provide support, comply with law, or protect users and the service.
- With infrastructure, hosting, storage, analytics, email, or messaging providers that help us operate Arova.
- With the relevant merchant, where a consumer is using that merchant’s loyalty or wallet experience.
- With the relevant consumer or merchant account holder when the product requires access to transaction, reward, support, or account records.
- With legal, regulatory, or law-enforcement authorities when required by law or to protect rights, safety, or platform integrity.
How long we retain data
We keep data for as long as it is reasonably needed to operate the service, maintain account history, support legitimate merchant workflows, meet security and fraud-prevention needs, and satisfy legal, tax, accounting, or contractual obligations.
When data is no longer needed for these purposes, we may delete it, anonymize it, or retain only the minimum records necessary for compliance, dispute handling, or platform integrity.
Security and user responsibilities
We use reasonable administrative, technical, and operational safeguards to protect Arova accounts and data. No platform can guarantee absolute security, so merchants, team users, and consumers also need to protect their credentials and devices.
- Keep passwords, verification links, and approval credentials private.
- Use trusted devices and log out of shared or public computers.
- Report suspicious access, fraud, or account misuse promptly.
Your choices and how to contact us
You may contact us to ask questions about this policy, request help with account data, or raise privacy concerns. Merchants may also need to coordinate certain requests with their own internal policies and customer obligations.
For privacy questions or notices, contact hello@arovadigital.com.
Changes to this policy
We may update this Privacy Policy as the product, legal requirements, or operational practices evolve. When we make material changes, we may update this page, adjust in-app references, or provide additional notice where appropriate.