Privacy
Privacy Policy
Effective July 12, 2026
At a glance
Locale is a verified student deals marketplace operated by Locale Technologies LLC in Ithaca, NY. This policy describes the personal data we collect from students who use the Locale mobile app and the localecard.com website, how we use it, who we share it with, and the choices you have.
The short version: we collect what we need to verify you are a student, show you local deals, let you redeem them in person, and give you a working account. You can delete your account at any time from the app and the deletion runs immediately.
Who this policy applies to
This policy applies to students who sign up for Locale through the mobile app, and to visitors of localecard.com. A separate policy governs business accounts used by partner businesses through business.localecard.com.
Locale is intended for verified college students. We do not knowingly collect personal information from anyone under 13 years old. If you believe we have collected information from a child under 13, email us at support@localecard.com and we will delete it.
What we collect
Account information
When you create an account, we collect:
- The email address you use to create your Locale account.
- A verified .edu school email address. This may be the same as your account email or a separate student email.
- A password you choose. Passwords are hashed and stored by our authentication provider, Supabase. We never see your password.
- A confirmation that your email was verified through the link we send you.
Required student profile information
To verify student eligibility and activate a Locale membership, we require:
- Your full name.
- Your graduation year.
School
We infer your school from the domain of your .edu email when it matches a school we already support. For example, an email ending in cornell.edu links your account to Cornell. We do not ask you for your school separately, and we do not look up any information about you from your school.
Activity
As you use the app, we record:
- Offers you save.
- Offers you tap to redeem, and redemptions confirmed by business staff at the counter (used to count how many discounts each business has given out).
- Analytics events tied to your account while your account exists, such as offer views, saves, unsaves, redeem taps, and confirmed redemptions. We use these to understand which deals work and to give partner businesses high-level stats about their own offers.
- If you enable notifications, an Expo push token, native device token, device platform, and notification delivery status. We use these only to deliver Locale notifications to your device.
We do not collect your precise device location, your contacts, your browsing history outside the app, microphone data, camera images or video, or any payment information. Camera access is used only on your device to scan a business checkout QR code. Locale does not process payments. Discounts are applied by the business directly at the register.
Account deletion records
When you delete your account, we keep a small audit record so we can prove the deletion happened. This record does not contain your name, email address, school, or any of your activity. It contains a one-way hash of the email you used at the time, the date the deletion request was made, the date the deletion ran, and the result (completed or failed).
How we use this information
- Verify that you are a student so you can browse offers limited to verified students.
- Show your required name and graduation year on your membership card.
- Let you save deals and redeem them at participating businesses.
- Confirm in-person redemptions using a QR code or redemption code owned by the participating business.
- Help partner businesses understand how their offers perform (aggregated views, saves, and confirmed redemptions per offer).
- Send transactional emails such as account confirmation, student verification codes, and password reset.
- Send occasional deal alerts when you choose to enable notifications. Locale limits deal push campaigns to at most one per day.
- Improve the app, fix bugs, and prevent abuse.
- Process your account deletion when you request one.
We do not sell your personal information, and we do not share it with advertisers.
Who we share data with
We work with the following service providers to operate Locale. They process data on our instructions and are bound by their own terms and security commitments.
- Supabase (database, authentication, server functions). Used to store and read all account data and to run the in-app account deletion function.
- Resend (transactional email). Used to send account-confirmation emails, student verification codes, and password-reset emails.
- Vercel (web hosting). Hosts localecard.com and the email-confirmation bridge pages at /confirm and /reset-password.
- Expo (mobile app builds and push delivery). Used to build the app, generate device push tokens, and deliver notifications you enable.
- Sentry (application diagnostics). Used to receive crash and performance information so we can diagnose reliability problems. Locale does not attach your name or email address to Sentry events.
- Apple (mobile app distribution and notifications). Apple distributes the iOS app and delivers enabled notifications through Apple Push Notification service. Apple may collect crash reports and basic device information under its own privacy policy.
We may share information about specific offers and their performance with the partner business that created the offer, such as the number of times their offer was viewed, saved, or redeemed. We do not share your name or email with businesses.
We may also disclose information when required to comply with law, to enforce our Terms of Service, or to protect the safety of our users or others.
How long we keep it
We keep account and activity data while your account is active. If you delete your account from the app, the underlying account and personal data is removed immediately as described below.
We may retain a small audit record of completed deletions (see above) and certain transactional records for as long as we reasonably need them for legal, fraud-prevention, accounting, or security reasons. These records do not contain directly identifying profile data.
Deleting your account
You can delete your Locale account at any time from inside the app: open Profile, tap Delete account, read the confirmation, and tap Delete my account.
When you tap that button, Locale immediately runs a server function that:
- Deletes your authentication record so you can no longer sign in.
- Deletes your profile, student membership, saved deals, push tokens, redemption intents, and redemption history.
- Keeps offer analytics events only as non-identifying business metrics by removing the link to your account.
- Writes a small audit record (described above) confirming the deletion happened, with no directly identifying information.
In rare cases the deletion may fail (for example, because of a temporary service issue). If that happens you will see an error inside the app and the audit record will be marked as failed. We review failed deletions and complete them manually. If your deletion does not appear to complete, email support@localecard.com and we will resolve it.
Your choices and rights
You can:
- Sign in to the app at any time to see what is on your membership card.
- Contact us to correct your full name, graduation year, or verified student email.
- Choose whether to enable device notifications. You can turn them off at any time in your device settings.
- Delete your account in the app (see above).
- Email us with any other privacy request.
California residents
If you live in California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the right to know what personal information we collect about you, to delete it, and to correct it. You can exercise these rights by using the in-app deletion flow described above, or by emailing support@localecard.com.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
International users
Locale is operated from the United States, and our service providers are primarily based in the United States. By using Locale you understand that information will be processed in the United States.
Locale is currently focused on college students in the United States. We are not actively serving users in the European Union, United Kingdom, or other jurisdictions that have their own data protection rules. If you contact us from one of those regions, we will work in good faith to honor reasonable privacy requests.
Security
We use industry-standard practices to protect your information, including TLS in transit, encryption at rest by our database provider, hashed passwords, row-level security on account data, hashed business redemption codes, and server-validated redemption limits. No system is perfectly secure, and we cannot guarantee absolute security, but we treat your data with care and we keep our infrastructure up to date.
Children
Locale is intended for verified college students. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, email support@localecard.com and we will delete it.
Changes to this policy
We may update this policy from time to time as the product evolves. When we make a material change, we will update the effective date at the top of this page and, when appropriate, notify you inside the app or by email. Your continued use of Locale after a change takes effect means you accept the updated policy.
Contact
For any privacy question or request, email support@localecard.com or write to:
Locale Technologies LLC
Ithaca, NY
United States
Note
This is the V1 launch version of Locale's privacy policy. It is intended to honestly describe how the current product handles student data. It has not been reviewed by counsel. Before broad public launch, Locale Technologies LLC should have a privacy attorney review and update this policy.
Last updated July 12, 2026.