Bonvanta Privacy Policy
Effective date: July 11, 2026
This Privacy Policy explains how Ukrainian Projects, L.L.C., doing business as Bonvanta ("Bonvanta," "we," "us," or "our"), collects, uses, discloses, stores, and protects personal information in connection with bonvanta.com and Bonvanta-branded admin, scanner, customer-card, billing, support, and related services.
This Policy also explains the different privacy roles of Bonvanta and the businesses that operate loyalty programs through Bonvanta.
1. Who we are
Ukrainian Projects, L.L.C.
Florida document number: L16000068958
59 SW 12th Ave, Suite 102, Dania Beach, FL 33004, United States
Privacy contact: support@bonvanta.com
2. Scope
This Policy applies to the public Bonvanta website, Business Accounts, dashboards, scanner interfaces, digital loyalty-card pages, billing and support interactions, and related Bonvanta services.
A Business Customer may publish its own privacy notice for a particular loyalty program. That business notice controls the business's own purposes and use of End User data, while this Policy explains Bonvanta's role and processing.
This Policy does not govern independent websites, products, services, or purchases offered by a Business Customer or other third party.
3. Privacy roles
Bonvanta is the controller or business for personal information used to operate the public website, register and manage Business Accounts, provide billing and support, prevent fraud and abuse, secure the Service, comply with law, and manage our commercial relationship with Business Customers.
Each Business Customer is generally the controller or business for the personal information of End Users in its own loyalty program. The Business Customer decides what data to collect, who may join, the loyalty and reward rules, the audiences for campaigns, and the purposes of customer communications.
For End User loyalty-program data processed on a Business Customer's instructions, Bonvanta acts as a processor, service provider, or contractor. Our Data Processing Addendum applies to that processing.
PayForSay s.r.o., operator of the 7stamp platform, provides the underlying loyalty technology and acts as Bonvanta's processor or subprocessor for relevant platform operations. PayForSay may also act as an independent controller for its own platform security, anti-abuse, administration, and legal compliance.
If you are an End User, direct a request about a specific loyalty program to the Business Customer that operates the program. Bonvanta will provide reasonable assistance to that Business Customer.
4. Personal information we collect
Account and identity information: name, email address, phone number if provided, login identifier, password or authentication information, account role, and permissions.
Business information: business name, location, website, industry, tax or registration information if provided, staff details, support contacts, plan, and account configuration.
Billing and transaction information: billing name and address, plan, price, currency, tax information, invoice and payment status, transaction identifiers, card brand, expiration information, and last four digits. Complete card numbers and security codes are processed by Stripe and are not stored by Bonvanta.
End User profile information: name, email address, phone number, date of birth, and location where the Business Customer chooses to collect it. Date of birth, phone, and location should be optional unless the Business Customer has a valid and disclosed reason to require them.
Loyalty information: card identifiers, program and business identifiers, stamps, points, visits, vouchers, rewards, redemptions, expiry information, card status, and loyalty-event history.
Consent and communication information: marketing choices, consent records, timestamps, sources of consent, unsubscribe or opt-out status, notification settings, message delivery status, and campaign interaction information.
Technical and usage information: IP address, approximate location derived from IP, browser, device type, operating system, language, referring page, timestamps, session information, security events, audit logs, and diagnostic data.
Support and communications: emails, support requests, attachments, feedback, and other communications with Bonvanta.
Public website analytics: page views, sessions, approximate geography, device and browser information, referrals, and interactions collected through Google Analytics only on the public bonvanta.com website and subject to consent requirements.
Bonvanta does not intentionally collect continuous GPS location. A Business Customer may collect a provided location or use the location of a participating business as part of a loyalty program.
5. Sources of information
We receive information directly from Business Customers, account users, End Users, and people who contact support.
We receive loyalty data from Business Customers, scanners, card interactions, integrations, Apple Wallet, Google Wallet, and the underlying platform.
We receive payment and fraud information from Stripe and other payment or verification providers.
We receive technical information automatically from browsers, devices, servers, security tools, and cookies or similar technologies.
6. How we use personal information
To create, authenticate, administer, and support accounts.
To issue and manage digital loyalty cards, stamps, vouchers, rewards, redemptions, scanner workflows, and related features.
To process Subscriptions, invoices, payments, taxes, billing disputes, refunds, and chargebacks.
To send transactional messages such as account, security, billing, card, stamp, voucher, reward, expiry, and service notices.
To send or enable marketing communications where valid consent or another lawful basis exists and the relevant Business Customer has configured the campaign.
To operate, maintain, troubleshoot, test, secure, protect, and improve the Service.
To prevent fraud, abuse, spam, unauthorized access, misuse, and violations of terms or law.
To provide customer support, respond to requests, and communicate about the Service.
To analyze the public website through Google Analytics after any required consent.
To comply with legal, tax, accounting, regulatory, court, and law-enforcement requirements and to establish, exercise, or defend legal claims.
7. Legal bases for EEA and UK processing
Contract: processing needed to provide the Service, manage an account, process a Subscription, or take steps requested before entering into a contract.
Legitimate interests: securing and improving the Service, preventing fraud and abuse, maintaining records, supporting customers, protecting legal rights, and conducting limited B2B administration, where those interests are not overridden by individual rights.
Legal obligation: tax, accounting, compliance, sanctions, fraud-prevention, court, regulatory, and other legal duties.
Consent: optional marketing, non-essential analytics cookies, and other processing where consent is required. Consent may be withdrawn at any time without affecting prior lawful processing.
Where Bonvanta acts as processor, the relevant Business Customer determines the lawful basis for End User data.
8. Loyalty programs and Business Customer control
Each Business Customer is responsible for providing End Users with an accurate privacy notice and loyalty-program rules at or before collection.
The Business Customer decides whether to collect name, email, phone, date of birth, location, and other optional fields and is responsible for data minimization and lawful use.
The Business Customer is responsible for End User requests to access, correct, delete, restrict, export, or object to use of loyalty-program data. Bonvanta will assist the Business Customer using available tools and support.
The Business Customer is responsible for the legality and content of promotional messages, offers, rewards, consent language, and campaign audiences.
9. Marketing and communications
Transactional communications are messages needed to operate an account or loyalty program, including security alerts, billing notices, stamp updates, issued rewards, vouchers, and important service notices.
Marketing communications include promotions, discounts, birthday offers, win-back campaigns, personalized offers, and other commercial messages.
Where required by law, marketing consent must be voluntary, specific, informed, and separate from acceptance of terms or a privacy notice. An End User must be able to use a loyalty card without agreeing to optional marketing, unless a different arrangement is lawful and clearly disclosed by the Business Customer.
Email recipients may use the unsubscribe link or contact the relevant Business Customer. Wallet notifications can normally be managed in Apple Wallet or Google Wallet settings. SMS recipients should be offered a recognized opt-out such as STOP. WhatsApp messages may be sent only to users who have opted in under applicable rules.
Important account, security, legal, billing, and service communications may still be sent where necessary even after a marketing opt-out.
10. Cookies and Google Analytics
The public bonvanta.com website uses Google Analytics to understand website traffic and performance. Google Analytics is not intended to be installed in the Bonvanta admin dashboard, scanner, or customer loyalty-card pages.
In the EEA, UK, Switzerland, and other jurisdictions where consent is required, Google Analytics should remain disabled until the visitor accepts analytics cookies. Visitors must be able to reject non-essential cookies and change their choice later.
Bonvanta service domains may use strictly necessary cookies, session identifiers, local storage, security tools, and operational logs to authenticate users, maintain sessions, prevent fraud, remember essential preferences, and provide the requested service.
More information is available in the Bonvanta Cookie Policy.
11. How we disclose personal information
Business Customers and authorized staff: to operate the relevant loyalty program and customer relationship.
PayForSay s.r.o.: to provide the underlying 7stamp loyalty platform, digital cards, scanner, notifications, hosting, security, and platform operations.
Stripe and payment partners: to process payments, subscriptions, invoices, taxes, fraud checks, refunds, disputes, and chargebacks.
Apple and Google: where necessary for Apple Wallet, Google Wallet, account services, public website analytics, or other enabled services.
Hosting, authentication, database, email delivery, domain, DNS, security, logging, customer-support, and professional service providers: to operate and protect the Service.
Authorities and advisors: when required by law, court order, regulation, or legal process, or when reasonably necessary to protect rights, safety, security, and the integrity of the Service.
Corporate transactions: in connection with a merger, financing, acquisition, restructuring, bankruptcy, or sale of all or part of the business, subject to appropriate safeguards.
We require service providers to process information for limited purposes and under appropriate confidentiality and data-protection obligations.
12. No sale, targeted-advertising sharing, or AI training
Bonvanta does not sell personal information.
Bonvanta does not share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined by applicable U.S. state privacy laws.
Bonvanta does not use Business Customer or End User loyalty data to train general-purpose artificial intelligence models.
We may use aggregated or de-identified information that cannot reasonably identify a person to measure, secure, and improve the Service, subject to applicable law.
13. International data transfers
Bonvanta is operated from the United States, while the underlying PayForSay platform is operated from Slovakia in the European Economic Area. Other service providers may process information in the United States, EEA, United Kingdom, or other countries.
Where required, we and our providers use lawful safeguards such as adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum or other UK mechanisms, Data Privacy Framework participation where applicable, or another valid transfer mechanism.
Privacy and data-protection laws in a receiving country may differ from those in your country.
14. Data retention
We retain personal information while an account or loyalty program is active and for as long as needed to provide the Service, maintain loyalty records, preserve consent and opt-out evidence, prevent fraud, resolve disputes, enforce agreements, and comply with law.
After a Business Account is cancelled, Bonvanta may retain the account and associated customer data for up to 12 months to allow reactivation, recovery, export, dispute handling, security review, and legal compliance. The account holder may request earlier deletion by emailing support@bonvanta.com, subject to legal and operational exceptions.
After the retention period, information is deleted, de-identified, or anonymized where reasonably practicable. Backup copies may remain until overwritten or securely deleted through normal backup cycles.
Payment, invoice, tax, consent, opt-out, fraud, and legal records may be retained longer when required or reasonably necessary for compliance and claims.
15. Data export and account deletion
Business Customers can export available customer and loyalty data using the export tools in the dashboard.
To request deletion of a Business Account and associated data, email support@bonvanta.com from the account email address. We may verify identity and authority before completing the request.
End Users should submit requests concerning a particular loyalty profile to the Business Customer operating that program. Bonvanta will assist that Business Customer where required.
16. Your privacy rights
Depending on your location and the context, you may have rights to request access, correction, deletion, restriction, portability, or a copy of personal information; object to processing; withdraw consent; opt out of certain processing; appeal a refusal; and lodge a complaint with a supervisory authority.
To exercise rights concerning a Bonvanta Business Account, public website, billing, or support data, email support@bonvanta.com. We may request information reasonably necessary to verify identity and authority.
To exercise rights concerning a specific loyalty program, contact the Business Customer first. If you cannot identify or reach the Business Customer, contact Bonvanta and identify the loyalty card and business.
We will not discriminate against a person for exercising a privacy right. Some rights are subject to exceptions, verification, and legal thresholds.
17. California and other U.S. state disclosures
Where the California Consumer Privacy Act or another U.S. state privacy law applies, eligible residents may have rights to know, access, correct, delete, obtain a portable copy, opt out, limit certain sensitive-data uses, and appeal certain decisions.
Bonvanta does not sell personal information or share it for cross-context behavioral advertising. Where Bonvanta processes End User information for a covered Business Customer, the parties intend Bonvanta to act as a service provider or contractor and to use the information only for limited and specified business purposes.
Because these laws apply only when statutory thresholds and other conditions are met, particular rights may not apply in every situation.
18. Children
Bonvanta is not directed to children under 13 and does not knowingly collect personal information directly from children under 13.
Business Accounts and paid Subscriptions require a user who is at least 18. End Users must be at least 16 or the minimum age required by applicable law.
If we learn that personal information was collected from a child in violation of applicable law, we will take reasonable steps to delete it. A parent or guardian may contact support@bonvanta.com.
19. Security
We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication, encryption in transit where supported, logging, backup, vendor controls, and incident-response procedures.
No method of transmission or storage is completely secure. Account users are responsible for protecting credentials and devices and for promptly reporting suspected unauthorized access.
20. Automated decision-making
Bonvanta does not currently use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
The Service may use automated tools for fraud detection, security, spam prevention, usage limits, and message delivery. Affected account users may contact support for review where required by law.
21. Changes to this Policy
We may update this Policy to reflect changes in the Service, providers, legal requirements, or data practices. The updated Policy will show a new effective date.
We will provide additional notice of material changes where required by law.
22. Contact and complaints
Ukrainian Projects, L.L.C.
59 SW 12th Ave, Suite 102, Dania Beach, FL 33004, United States
Email: support@bonvanta.com
Individuals in the EEA or UK may also lodge a complaint with the data-protection authority in their country of residence, place of work, or place of the alleged infringement.