Effective date: 4th March 2026
Controller & contact
Love Cashback is the data controller for the processing of personal data in the EU. Contact our DPO/Privacy Team at [email protected].
What we collect
- Account data: name, email, password hash, preferences.
- Cashback data: click IDs, retailer, order ID, basket value, currency, timestamps, and reward status.
- Technical data: IP address, device/browser information, diagnostics.
- Cookies/identifiers for attribution, analytics, and fraud prevention.
- Customer support/claims records and evidence.
Purposes & legal bases (EU GDPR)
- Service delivery & cashback tracking – performance of a contract.
- Payments & accounting – legal obligation and contract.
- Customer support – legitimate interests or contract.
- Fraud prevention & security – legitimate interests and legal obligation.
- Analytics & product improvement – legitimate interests (minimal, aggregated where possible).
- Marketing communications – consent (you can withdraw at any time).
Recipients
- Retailers and affiliate networks to validate and attribute transactions.
- Processors providing hosting, analytics, fraud detection, support, and payout services under DPAs.
- Public authorities where legally required.
International transfers
Where we transfer data outside the EEA, we use Standard Contractual Clauses (SCCs) and additional safeguards as appropriate.
Retention
We retain personal data for the duration of your account and for a period necessary to meet legal/accounting obligations and resolve disputes.
Your EU rights
- Access, rectification, and erasure.
- Restriction and objection to processing.
- Data portability.
- Withdraw consent at any time (for marketing).
- Complain to your local Data Protection Authority.
Cookies & consent
We use necessary cookies for cashback attribution and functionality, and non-essential cookies for analytics/marketing with your consent. You can adjust preferences in our cookie settings or your browser.
Children
Our services are not intended for anyone under the age of 18.
Security
We apply appropriate technical and organisational measures, including encryption in transit, access controls, monitoring, and regular reviews.
Browser extension
We offer the Love Cashback browser extension for Google Chrome. The extension detects when you visit a cashback-eligible store and lets you activate cashback with one click. In addition to the data described above, the extension processes the following:
- Authentication token – when you sign in via the extension, an API token is stored locally in your browser (using Chrome's storage API) to keep you signed in. No passwords are handled by the extension.
- Tab URL matching – the extension reads the URL of your active browser tab to check whether the website you are visiting is a cashback-eligible store. URLs are compared in-memory against a locally cached list of stores and are not recorded, stored, or transmitted.
- Cached store data – a list of participating store domains is cached locally in your browser and refreshed periodically. This data contains no personal information.
- Profile display – your first name and cashback balance are fetched from the Love Cashback API and displayed within the extension popup. No additional personal data is collected beyond what is already held by the platform.
All extension code runs locally in your browser. No browsing history, page content, or personal information is collected or transmitted by the extension beyond the authenticated API requests described in this policy. You can remove the extension and its locally stored data at any time via your browser settings.
Updates
We may update this policy and will post changes with a new effective date.