Last updated: 9 May 2026
Operator: NOMI Stamps · www.nomistamps.com · hello@nomistamps.com
NOMI Stamps ("we", "us", "our") operates a digital loyalty platform that connects customers with independent shops. This Privacy Policy sets out in full how we collect, use, store, share, and protect your personal information when you use the NOMI Stamps app, shop owner portal, or website (collectively, "the Platform").
We are committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Platform you consent to the practices described in this policy.
This policy applies to all users of NOMI Stamps — customers who collect loyalty stamps, and shop owners who manage loyalty programmes. Where practices differ between these groups, we say so clearly.
In this policy:
3.1 Information you provide — customers
3.2 Information you provide — shop owners
3.3 Loyalty and transaction data
When stamps are issued or rewards are redeemed through NOMI Stamps, we record:
This data is the core of the loyalty service and cannot be disabled while you use NOMI Stamps.
3.4 Location data
See Section 5 for a full explanation of how we handle location. In summary: if you grant location permission, your GPS coordinates are recorded each time you open the app and each time you open the Map tab, and are retained for up to 12 hours. This data is used to show nearby deals, centre the map, and determine geo-reach push notification eligibility.
3.4a Third-party sign-in (Apple, Google)
If you sign in using "Sign in with Apple" or "Continue with Google", those providers share limited information with us — typically your email address (or an Apple-generated relay email) and, optionally, your display name on first sign-in. We use this solely to create and authenticate your NOMI Stamps account. We do not receive your Apple ID password, payment information, or any other Apple or Google account data. Apple may provide a private relay email address; we store and use it like any other email address for account operations only.
3.5 Device and technical data
We automatically collect limited technical information to keep the Platform running reliably:
This data is used only for debugging, security monitoring, and improving reliability. It is not linked to your identity in any personally identifiable way.
3.6 Push notification tokens
If you grant permission for push notifications, we store a device token issued by Apple's Push Notification Service (via Expo). This token is used only to deliver notifications from shops you follow. You can revoke this at any time in your device settings, which will prevent new tokens being stored.
3.7 Local storage and session data
We use your device's local storage (not cookies) to remember preferences such as dark mode, your active session token, and navigation state. This data stays on your device and is not transmitted to our servers except where required to authenticate your session.
3.8 Payment information — shop owners
Subscription billing is handled entirely by Stripe. NOMI Stamps never receives, processes, or stores your credit card or payment card details. We store only your Stripe customer ID and subscription status (active, trialing, cancelled) to manage access to plan features. By subscribing, you also agree to Stripe's terms and privacy policy at stripe.com.
We collect information:
We do not purchase personal information from data brokers or receive personal data from third parties for marketing purposes.
We treat location data with particular care. Here is a precise and complete account of how location works in NOMI Stamps:
5.1 When location is accessed
When you first install the NOMI Stamps app, you are asked once by the iOS system dialog whether to allow location access. If you grant it, your GPS coordinates are read in two situations: (1) each time you open the app (to keep nearby deal and notification eligibility current), and (2) each time you open the Map tab (to centre the map on your position). The app also registers a periodic background refresh task — iOS may wake the app approximately every 12 hours to silently update your location without any action from you. This background refresh is subject to iOS scheduling and battery optimisation; it is not guaranteed to run at exact intervals. We do not request "always on" background location access. Mapbox (our mapping provider) receives your coordinates while the Map tab is open to render the map; this is governed by their privacy policy at mapbox.com/legal/privacy.
5.2 Location data retention
Each location read results in a new GPS coordinate point being stored alongside a timestamp. We retain all points recorded within the past 12 hours; points older than 12 hours are automatically deleted after each new update. There is no long-term movement history — the maximum window of stored location data at any moment is 12 hours. Server logs (maintained by Vercel) may contain IP addresses that could approximate a general location; these are retained for a maximum of 30 days.
5.3 Geo-reach push notifications
If a shop on NOMI Stamps publishes a deal with geo-reach enabled, NOMI Stamps checks whether any of your GPS coordinates stored within the past 12 hours places you within 5km of that shop. If so, you may receive a push notification for that deal — provided you have also granted push notification permission. This check uses only your stored location points. You can opt out of push notifications at any time in iOS Settings.
5.4 Revoking location access
You can revoke location permission at any time in iOS Settings → Privacy & Security → Location Services → NOMI Stamps. If you revoke permission: the Map tab will display a "location disabled" banner and your location will no longer be updated; the "Deals near you" section will be hidden from the Deals tab; background location refresh will stop. All other features (loyalty cards, stamps, promos) continue to work normally without location access.
6.1 Providing the service
6.2 Personalisation
6.3 Analytics and improvement
We do not use individual behavioural data to build advertising profiles. All analytics that inform product decisions are aggregated and cannot identify you.
6.4 Security and fraud prevention
6.5 Legal obligations
We may use or disclose your information to comply with a legal obligation, court order, or enforceable government request, or to protect the rights, property, or safety of NOMI Stamps, our users, or the public.
6.6 What we do not do
We do not sell your personal information to any third party. We do not share your data with advertisers. We do not use your data to serve you targeted advertising outside of the NOMI Stamps Platform. We do not use your data for any purpose not listed in this policy without your separate, explicit consent.
7.1 With shops (anonymised only)
Shop owners can see aggregated analytics for their loyalty programme — total stamps issued, redemption counts, and promo performance. They cannot see individual customers' names, email addresses, or account details through the Platform.
7.2 With service providers
We share the minimum necessary personal information with the following trusted third-party providers to operate the Platform:
All third-party providers are contractually required to use your data only for the purpose of providing their service to us and to maintain appropriate security standards.
7.3 Legal disclosures
We may disclose personal information if we believe in good faith that disclosure is necessary to: comply with applicable law or legal process; protect the rights, property, or safety of NOMI Stamps, our users, or others; prevent fraud or security threats; or respond to an enforceable government request. Where legally permitted, we will notify affected users before making such a disclosure.
7.4 Business transfers
If NOMI Stamps is involved in a merger, acquisition, asset sale, or restructuring, your personal information may be transferred as part of that transaction. We will notify you via the app or email before your information is transferred and becomes subject to a different privacy policy.
7.5 What we do not do
We do not sell, rent, or trade your personal information to any third party for their own commercial purposes. We do not share your information with social media platforms or advertising networks without your explicit consent.
NOMI Stamps is operated from Australia. Your data is primarily stored in Australia and the European Union via Supabase. Certain service providers (Vercel, Expo, Resend) operate globally and may process data in the United States or other jurisdictions.
When your personal information is transferred outside Australia, we take steps to ensure it is protected to a standard comparable to the APPs, including by using providers who are subject to equivalent data protection laws (e.g. GDPR) or who have entered into Standard Contractual Clauses or equivalent contractual protections.
By using NOMI Stamps, you consent to the transfer of your information as described in this section.
We retain personal information only for as long as necessary for the purposes set out in this policy, or as required by law.
Account and loyalty data — customers
Retained while your account is active. Deleted permanently within 30 days of account deletion, except where retention is required by law.
Account and loyalty data — shop owners (businesses)
When a shop owner cancels their subscription or deletes their account, all shop data (profile, loyalty programme, customer cards, settings, stamp history) is retained for 60 days. During this period the account is inactive but the data is preserved so the owner can return and resume without any loss. If the account is not reactivated within 60 days, all associated data is permanently deleted. Stripe billing records are retained separately in accordance with Australian tax law (see below).
This 60-day retention also applies when a shop owner on a multi-location plan removes an individual location. The location is deactivated immediately but all associated data (loyalty cards, stamp history, customer records) is held for 60 days and can be restored from Settings within that window. If not restored, the data is permanently deleted at the end of the 60-day period.
QR nonces
Retained for 90 days after the stamp event, then deleted. Retained only to prevent replay attacks; not used for any other purpose.
Location data (GPS coordinates)
Stored as a rolling 12-hour history — each app open and each Map tab visit appends a new point; points older than 12 hours are automatically deleted on the next update. Used for geo-reach eligibility (5km window) during the 12-hour retention period. Deleted permanently when your account is deleted. Server access logs (containing IP addresses) retained for a maximum of 30 days.
Suburb preference
Retained as part of your profile until you update or delete it, or until your account is deleted.
Push notification tokens
Retained while your account is active or until you revoke notification permission. Deleted when your account is deleted.
Technical and error logs
Retained for a maximum of 30–90 days depending on the logging system. Not linked to identifiable user accounts.
Subscription and billing records (shop owners)
Stripe retains billing records in accordance with their policies and applicable financial record-keeping laws. We retain subscription status records for 7 years to comply with Australian tax law.
Anonymised aggregate data
Aggregated, non-identifiable statistics (e.g. total stamps issued in a suburb) may be retained indefinitely. This data cannot be used to identify you.
Backup data
Database backups are retained for up to 30 days before being automatically overwritten. Backups are encrypted and stored in the same regions as primary data.
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights regarding your personal information.
10.1 Right to access
You may request a copy of the personal information we hold about you. We will provide this within 30 days of a verified request. We may charge a reasonable fee to cover administrative costs in exceptional cases.
10.2 Right to correction
If you believe information we hold is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request correction. You can update most profile information directly within the app. For other corrections, contact us.
10.3 Right to deletion
You may delete your account at any time via Settings → Delete account.
Customers: All personal information is permanently removed within 30 days of account deletion, except where retention is required by law (e.g. financial records).
Shop owners (businesses): On account deletion or subscription cancellation, your shop data is held for 60 days to allow for reactivation. If you do not reactivate within that period, all data is permanently deleted. The same 60-day retention applies when you remove an individual location on a multi-location plan — the location can be restored from Settings within that window. If you wish to be deleted immediately without the 60-day window, contact us at hello@nomistamps.com.
10.4 Right to data portability
You may request a copy of your personal data in a portable, structured format (JSON or CSV). Contact us at hello@nomistamps.com with your request. We will respond within 30 days.
10.5 Right to restrict processing
In certain circumstances you may request that we restrict how we process your data (for example, while a correction request is being assessed). Contact us to make such a request.
10.6 Right to withdraw consent
Where we rely on your consent to process personal information (e.g. push notifications, location access), you may withdraw consent at any time without affecting the lawfulness of prior processing. To withdraw push notification consent, use your device settings. To withdraw location consent, use your browser or device location settings.
10.7 Shop owners — additional rights
10.8 How to exercise your rights
Use the in-app account deletion feature in Settings, or email hello@nomistamps.com. We will verify your identity before acting on requests. We will respond within 30 days.
We take the security of your personal information seriously and implement the following measures:
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at hello@nomistamps.com.
Data breach notification
In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify affected users and, where required, the Office of the Australian Information Commissioner (OAIC) as soon as practicable and in any case within 30 days of becoming aware of the breach, in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988.
NOMI Stamps is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use NOMI Stamps or provide any information through the Platform.
If you are a parent or guardian and believe your child under 13 has created a NOMI Stamps account or provided personal information without your consent, contact us at hello@nomistamps.com and we will promptly delete the account and associated data.
Users aged 13–17 should use NOMI Stamps with the knowledge and consent of a parent or guardian.
The Platform may contain links to third-party websites or services (for example, a shop's Instagram page). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing personal information.
Shops listed on NOMI Stamps are independent businesses. Any direct interactions you have with a shop outside of the NOMI Stamps Platform are not governed by this policy.
NOMI Stamps does not use tracking cookies. We do not use advertising cookies or analytics cookies that report your behaviour to third parties.
We use browser local storage to store your session authentication token (necessary to keep you logged in), your dark mode preference, and certain UI state (such as your last active tab). This data remains on your device and is not shared with third parties.
Mapbox, which powers the Map tab, may set its own cookies or use local storage for map tile caching. This is subject to Mapbox's privacy policy.
No cross-app tracking: NOMI Stamps does not track you across other apps or websites for advertising purposes. We do not participate in any advertising network data sharing. No App Tracking Transparency (ATT) prompt is shown because no tracking of this kind occurs.
If you believe we have handled your personal information in a way that does not comply with the Australian Privacy Act 1988, please contact us first so we can attempt to resolve the issue:
We will acknowledge your complaint within 5 business days and endeavour to resolve it within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or for other reasons. When we make significant changes, we will notify you via the app or by email to the address on your account. The date at the top of this policy shows when it was last updated.
Your continued use of NOMI Stamps after any changes to this policy constitutes your acceptance of the updated policy. If you do not agree to the changes, please stop using NOMI Stamps and delete your account.
For any privacy questions, requests, or concerns:
We aim to respond to all privacy enquiries within 5 business days.
© 2026 NOMI Stamps. All rights reserved.