Privacy Policy
Last updated: March 1, 2026
Scorii is committed to protecting your privacy. This policy describes what data we collect, why we collect it, and how we keep it safe. Please read it carefully.
1. Overview
Scorii ("we", "us", or "our") operates a loyalty rewards platform available via mobile application and web services. This Privacy Policy explains how we collect, use, store, and share information about you when you use Scorii as a customer or as a registered business partner.
By downloading the app or accessing our services, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.
2. Information We Collect
2.1 Information you provide directly
- Phone number — used for OTP-based authentication
- Full name and email address — provided during profile setup
- Shipping address — optional, provided when redeeming physical products
- Receipt images — uploaded when submitting purchase receipts for bonus points
- Review content — ratings and comments left on business profiles
2.2 Information collected automatically
- Location data — collected at the moment of a QR scan to verify proximity to a business (within 200 metres). We do not track your location continuously.
- Device information — device model, operating system version, and push notification token for delivering in-app notifications
- Usage data — pages visited, features used, and scan activity within the app
- IP address — collected for security and fraud prevention
2.3 Information from business partners
- Business name, logo, address, and GPS coordinates
- Subscription and billing information
- Offer and promotion content
3. How We Use Your Information
- To create and manage your Scorii account
- To process QR scans, calculate points, and deliver rewards
- To verify your proximity to a business at scan time
- To send transactional notifications (points earned, rewards won, receipt status)
- To process product redemptions and physical deliveries
- To calculate and upgrade your loyalty tier
- To provide business partners with anonymised analytics about customer activity
- To detect and prevent fraud, abuse, and duplicate scans
- To improve the app based on aggregated usage patterns
- To comply with applicable laws in Iraq and the Kurdistan Region
4. Location Data
We collect your device location only at the point of a QR scan. This is used exclusively to confirm you are physically present at the business (within a 200-metre radius). We do not store a continuous location history. The scan coordinates are stored with your scan record for audit and fraud-prevention purposes only.
You may deny location permissions in your device settings, but this will prevent you from earning points via QR scan.
6. Data Retention
- Account data is retained for as long as your account is active
- Scan and transaction records are retained for 3 years for audit purposes
- Receipt images are retained for 12 months after upload
- Deleted accounts are purged within 30 days, except where retention is required by law
- Push notification tokens are deleted when you log out or uninstall the app
7. Data Security
We implement industry-standard security measures to protect your data:
All data is encrypted in transit using TLS 1.2 or higher. Passwords are not used — authentication is via OTP only. Our database enforces Row Level Security (RLS). Access to production systems is restricted to authorised personnel only.
Despite these measures, no system is completely secure. We will notify you promptly in the event of a data breach that affects your personal information.
8. Your Rights
You have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request deletion of your account and associated data
- Portability — request your data in a machine-readable format
- Objection — object to certain processing activities
- Notification opt-out — disable push notifications at any time from your profile settings
To exercise any of these rights, contact us at privacy@scorii.app. We will respond within 14 business days.
9. Children's Privacy
Scorii is not intended for users under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Third-Party Links
The app may contain links to third-party websites or services. We are not responsible for the privacy practices of those services and encourage you to review their privacy policies independently.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you via in-app notification if the changes are material. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:
ScoriiEmail: privacy@scorii.app Location: Iraq