Security & Reliability

Built for trust — secure by design, reliable by default

Loopy Loyalty is operated by PassKit and backed by modern security controls, encrypted infrastructure, and audited processes — so you can run loyalty with confidence.

  • Encryption in transit and at rest

  • Strong access controls and audit logs

  • Redundancy, backups, and disaster recovery plans

content-image

Security you can rely on

The essentials are built in — so you don’t have to think about them

feature-image
Encrypted by default

All traffic is protected with modern TLS, and data is encrypted at rest

feature-image
Controlled access

Role-based access and least-privilege principles help keep customer data locked down

feature-image
Built for uptime

Redundant infrastructure, monitoring, and backups keep your loyalty program running smoothly

content-image
Privacy first — and clear roles

Loopy Loyalty is a PassKit product. We protect platform data, and we support merchants who run their own loyalty programs.

What that means in practice

  • Loopy Loyalty protects the platform with technical and organisational safeguards

  • Merchants control the customer data they collect for their loyalty program

  • End customers can request privacy actions via the merchant (we support as processor)

Operational security that holds up

Not just “secure in theory” — the platform is designed with real-world controls that reduce risk

Security foundations

  • Least-privilege staff access and secure VPN + MFA controls

  • Production access is logged and monitored

  • Secure development practices with gated approvals and separate environments

  • Regular vulnerability scanning and patching processes

content-image
content-image
Reliability, backups, and disaster recovery

Loyalty shouldn't go down during a rush. Our infrastructure is built with redundancy, monitoring, and recovery processes

Designed for continuity

  • Redundant services and clustered databases

  • Near real-time replication and encrypted backups

  • Monitoring and alerting for issues and anomalies

  • Documented disaster recovery planning and testing

1
Prevent

Strong access control, encryption, and secure architecture reduce attack surface.

2
Detect

Monitoring, logging, and intrusion detection help spot issues early.

3
Respond

Incident processes and clear escalation help contain and resolve problems fast.

content-image

Questions & Answers

Quick answers to common questions about Security & Reliability

1. Is Loopy Loyalty GDPR-friendly?

Yes — we support GDPR/UK GDPR rights handling, and merchants remain responsible for their end-customer data.

2. Who owns the customer data collected for a loyalty card?

The merchant does. Loopy Loyalty processes that customer data on the merchant's behalf.

3. Is data encrypted?

Yes — data is encrypted in transit and encrypted at rest in our cloud infrastructure.

4. Do you have a Data Processing Addendum (DPA)?

Yes — our DPA outlines how customer data is processed, sub-processors, and security commitments.

5. What happens if a customer asks to be deleted?

Merchants can delete customer records from the dashboard for compliance and data hygiene..

6. How do you handle incidents?

We maintain incident response processes and notify customers promptly if a personal data breach is identified.

Have any questions? Get in Touch