Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: May 2026

TL;DR — We collect only what we need to run your loyalty account. We never sell your data. You can access, correct, or delete your data by emailing privacy@flousback.com.

1. Introduction

FlousBack SAS ("FlousBack", "we", "us", or "our") operates the flousback loyalty platform — a coalition rewards programme that lets members earn and redeem points across a network of partner merchants throughout Tunisia. Our registered office is in Tunis, Tunisia.

This Privacy Policy explains what personal data we collect when you use our website, mobile application, and services (collectively, the "Service"), why we collect it, how we use and share it, and the rights you have over your data.

By creating a flousback account or otherwise using the Service, you acknowledge that you have read and understood this policy. This policy is governed by and construed in accordance with the laws of the Republic of Tunisia.

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name, date of birth.
  • Contact data: email address, phone number, and city of residence.
  • Account credentials: hashed password (we never store your password in plain text).
  • Transaction history: records of points earned and redeemed at partner merchants, including the merchant name, date, and point value of each transaction.
  • Device and usage data: IP address, browser type, operating system, pages visited, and session duration, collected via standard server logs and session cookies.
  • Communications: messages you send us via contact forms or support channels.

We do not collect payment card numbers or banking details. Purchases are made directly with partner merchants and only aggregated point values are reported to us.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your loyalty account and verify your identity.
  • To operate the loyalty programme — recording points earned and redeemed across partner merchants.
  • To send you transactional notifications (e.g. points credited, redemption confirmations) via email or SMS.
  • To send you marketing communications about new partners, promotions, and platform updates — you may opt out at any time.
  • To detect and prevent fraud, abuse, and multiple-account violations.
  • To analyse aggregate usage patterns and improve the Service.
  • To comply with our legal obligations under Tunisian law.

We rely on your consent (for marketing) and our legitimate interest in operating a secure and effective loyalty programme (for all other purposes) as the legal bases for processing your data.

4. Data Sharing

We do not sell your personal data to third parties under any circumstances.

We share your data only in the following limited circumstances:

  • Partner merchants: when you earn or redeem points at a partner location, we share your membership ID, first name, and the transaction details with that merchant solely to process the loyalty transaction.
  • Service providers: we use carefully vetted third-party providers for hosting, email delivery, and analytics. These providers act as processors on our behalf and are contractually prohibited from using your data for their own purposes.
  • Legal requirements: we may disclose data to Tunisian authorities when required by law or valid legal process.
  • Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to the same privacy protections.

We require all partners and processors to handle your data in accordance with applicable Tunisian data protection law.

5. Data Retention

We retain your personal data for as long as your account remains active. If you close your account, we will retain your data for two (2) years after account closure in order to comply with legal obligations, resolve disputes, and enforce our agreements.

Transaction records may be retained for up to five (5) years to satisfy fiscal and legal record-keeping requirements under Tunisian law.

After the applicable retention period, your data is securely deleted or anonymised.

6. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right of rectification: you may ask us to correct inaccurate or incomplete data.
  • Right of deletion: you may ask us to delete your personal data, subject to our legal retention obligations.
  • Right to object: you may object to processing of your data for marketing purposes at any time.
  • Right to portability: you may request your data in a structured, machine-readable format.

To exercise any of these rights, please contact us at privacy@flousback.com. We will respond to your request within thirty (30) days.

7. Cookies

We use a minimal set of cookies necessary to operate the Service:

  • Session cookies: set when you log in, used to keep you authenticated during your session. These expire when you close your browser or log out.
  • Security cookies: short-lived tokens used to protect against CSRF attacks.

We do not use third-party advertising or tracking cookies. We do not work with any advertising networks. You can disable cookies in your browser settings, but doing so will prevent you from logging in to the Service.

8. Contact

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Privacy Team:

  • Email: privacy@flousback.com
  • Company: FlousBack SAS
  • Address: Tunis, Tunisia

If you are not satisfied with our response, you have the right to lodge a complaint with the competent Tunisian data protection authority.

Questions about your data?

Our privacy team is here to help. Reach out and we'll respond within 30 days.

privacy@flousback.com