Privacy Policy

This Privacy Policy explains how Turbopeace Apps Ltd collects, uses and protects information when people use Punchless.

Last updated: 11 July 2026

1. Who we are

Punchless is operated by Turbopeace Apps Ltd, a company based in the United Kingdom. Punchless helps small businesses replace paper punch cards, class cards and spreadsheets with digital member passes, package credits, loyalty cards, QR check-ins and simple business tools.

For privacy questions, contact us at support@turbopeaceapps.com.

2. Who this policy applies to

This policy applies to business owners, staff users, members, guardians, visitors to public pass pages, website visitors, trial users and subscribers.

When a business enters information about its members, staff, guardians or children, that business is normally the controller of that data. Turbopeace Apps Ltd usually acts as a processor for that business by hosting and operating Punchless.

When we collect information for our own website, account administration, billing, security, analytics or support, Turbopeace Apps Ltd is normally the controller of that information.

3. Information we collect

Business account information

Member, guardian and child profile information

Pass, package, loyalty and check-in information

Technical and usage information

4. Public pass pages and QR codes

Businesses can create public pass links for members who have not signed up for a Punchless account. A public pass page may show limited member/pass information such as the business name, member name, QR code, remaining credits, loyalty status or a call to create a Punchless account.

Anyone with a valid public pass link may be able to view that pass page. Businesses are responsible for sharing pass links with the correct person and for deciding whether public pass links are appropriate for their members.

5. Camera, QR scanning and device permissions

Punchless can request camera access so a business user can scan member QR codes. QR scanning happens through the browser, web app or native app wrapper. We do not intentionally record or store camera images or video from the scanner.

You can allow or deny camera access through your browser, operating system or device settings.

6. Notifications

Push notifications are currently marked as coming soon in the app. If notification features are enabled later, Punchless will ask for permission where required and may store notification tokens to send service messages, business alerts or member-related notifications.

7. How we use information

8. Legal bases

Where UK GDPR or similar laws apply, we rely on legal bases such as contract performance, legitimate interests, legal obligations and consent where required. For member data entered by a business, the business is responsible for identifying its lawful basis.

9. Payments and subscriptions

Paid subscriptions are handled through Revolut. Turbopeace Apps Ltd does not store full payment card details. We may store billing metadata such as subscription identifiers, status, currency, price tier, renewal dates, cancellation status and payment-related events.

Revolut processes payment information according to its own terms and privacy practices.

10. Children and guardians

Punchless may be used by businesses such as dance schools, tutoring providers, clubs or activity providers where children are members. Businesses are responsible for obtaining any required consent or permissions and for entering only information that is appropriate and lawful.

Punchless supports child profiles managed by guardians, but it is not a parental consent management system by itself.

11. Health, wellness and sensitive information

Punchless may be used by wellness, physiotherapy, training or similar businesses. Punchless is not designed to store formal medical records, diagnoses, treatment notes or highly sensitive records. Businesses should avoid entering sensitive information into member notes unless they are legally permitted to do so and it is necessary.

12. Third-party services

We use third-party services to provide Punchless, including where enabled:

13. Data retention

We retain account, business, member, pass, check-in, package, loyalty and audit records while they are needed to provide Punchless, support the business, maintain operational history, meet legal obligations, resolve disputes and protect the service.

Business owners can request deletion of their organisation data by contacting support. For now, deletion requests are handled manually. Some information may need to be retained for legal, accounting, tax, fraud prevention, security or backup reasons.

14. Access, correction and deletion requests

Business owners can contact us to request access, correction, export or deletion of organisation data.

If you are a member, guardian or staff user of a business using Punchless, please contact that business first about access, correction or deletion of your personal data. We may redirect requests to the relevant business because it controls the data it entered into Punchless.

15. Security

We use reasonable technical and organisational measures to protect data, including authentication, access controls, hosted cloud infrastructure, security rules and monitoring. No system is completely secure, so we cannot guarantee absolute security.

16. International processing

Our service providers may process data in countries outside the United Kingdom or European Economic Area. Where required, we rely on appropriate safeguards made available by those providers.

17. Your rights

Depending on your location and relationship with Punchless, you may have rights to access, correct, delete, restrict, object to processing or receive a copy of your personal data. You may also have the right to complain to a data protection authority.

18. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users or make the updated policy available on our website.

19. Contact

For privacy questions or requests, contact support@turbopeaceapps.com.