🌊 SarandaPulse/ Privacy Policy

Privacy Policy

Last updated: March 19, 2026

1. Who We Are

SarandaPulse ("we", "us", "our") is a local tourist guide platform for Saranda, Albania, operated at sarandapulse.com. We help tourists discover local businesses, earn loyalty rewards, and navigate the city.

For privacy questions, contact us at: privacy@sarandapulse.com

2. Data We Collect

We collect only what is necessary to provide the service:

DataWhy we collect itHow long we keep it
Device ID (generated anonymously)To track loyalty points and prevent duplicate receipt submissionsDuration of your session + 12 months
GPS locationTo show nearby businesses and calculate distances on the mapNever stored — used in-memory only
Receipt photosTo extract transaction amounts via OCR for loyalty point calculation90 days, then deleted
Push notification subscription tokenTo send you deal alerts and event notifications (only if you opt in)Until you unsubscribe
Chat messagesTo answer your questions about Saranda via our AI assistantStored anonymously for 30 days for quality improvement
Saved places (localStorage)To remember your favourite businesses across visitsStored locally on your device only — never sent to our servers

We do not collect your name, email address, payment information, or any account credentials. No user registration is required.

3. How We Use Your Data

  • To calculate and track loyalty points earned by scanning receipts at partner businesses
  • To show you nearby partner businesses and deals on the interactive map
  • To send push notifications about deals and events (only if you explicitly opt in)
  • To generate AI-powered local suggestions tailored to your location and time of day
  • To prevent fraud and duplicate receipt submissions
  • To improve our AI chat assistant using anonymised query data

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following third-party services to operate the platform:

  • Supabase (supabase.com) — cloud database and storage. Data may be stored on servers in the EU or US. Supabase is GDPR-compliant.
  • OpenAI (openai.com) — powers the AI chat assistant. Chat messages are sent to OpenAI's API. See OpenAI's privacy policy at openai.com/privacy.
  • Protomaps / MapLibre — provides map tiles. Your approximate location is used to request relevant map tiles; no personal data is stored by the map provider.

5. Location Data

SarandaPulse requests access to your device's GPS location to show nearby businesses and calculate distances. Location data is:

  • Used only while the app is open (no background tracking)
  • Never stored on our servers in identifiable form
  • Used in anonymised, aggregated form only for our tourist activity heatmap feature

You can deny location access at any time in your device settings. The app will still function with reduced features (no distance sorting, no nearby search).

6. Receipt Images

When you scan a receipt to earn loyalty points, the receipt photo is uploaded to our secure cloud storage (Supabase Storage). The image is:

  • Processed by OCR software to extract the total amount and date
  • Reviewed by our admin team only in cases of suspected fraud
  • Automatically deleted after 90 days
  • Never shared with the business or any third party

7. Push Notifications

If you opt in to push notifications, your browser's push subscription token is stored in our database. This token allows us to send you notifications about deals and events.

  • You can unsubscribe at any time from the app's settings or your device's browser/app settings
  • We will never send more than a few notifications per week
  • Your token is deleted automatically when it expires or when you unsubscribe

8. Cookies & Local Storage

SarandaPulse does not use tracking cookies. We use your browser's localStorage to store:

  • Your loyalty point balance and receipt history
  • Your saved/favourite businesses
  • Your app settings (dark mode, max distance, language preference)
  • Your anonymous device ID

This data lives entirely on your device and is never transmitted to our servers (except the device ID used for deduplication).

9. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

  • Right to access — you can request a copy of any data we hold about you
  • Right to deletion — you can request that we delete your data
  • Right to object — you can object to processing of your data
  • Right to portability — you can request your data in a machine-readable format

To exercise any of these rights, email us at privacy@sarandapulse.com. Because we do not collect your name or email, please include your anonymous device ID (visible in the app settings) so we can locate your data.

10. Data Security

We take reasonable technical measures to protect your data:

  • All data is transmitted over HTTPS (TLS encryption)
  • Our database uses Row-Level Security (RLS) to prevent unauthorised access
  • Receipt images are stored in private buckets accessible only to our admin
  • Admin access to the platform requires a PIN known only to authorised staff

11. Children's Privacy

SarandaPulse is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has submitted data to our platform, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of SarandaPulse after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or data requests:

Email: privacy@sarandapulse.com
Website: sarandapulse.com
Location: Saranda, Albania

← Back to SarandaPulse|Saranda Travel Guide