1. Who we are
Punchless is operated by Turbopeace Apps Ltd, a company based in the United Kingdom. Punchless helps small businesses replace paper punch cards, class cards and spreadsheets with digital member passes, package credits, loyalty cards, QR check-ins and simple business tools.
For privacy questions, contact us at support@turbopeaceapps.com.
2. Who this policy applies to
This policy applies to business owners, staff users, members, guardians, visitors to public pass pages, website visitors, trial users and subscribers.
When a business enters information about its members, staff, guardians or children, that business is normally the controller of that data. Turbopeace Apps Ltd usually acts as a processor for that business by hosting and operating Punchless.
When we collect information for our own website, account administration, billing, security, analytics or support, Turbopeace Apps Ltd is normally the controller of that information.
3. Information we collect
Business account information
- Owner and staff names, email addresses and account identifiers
- Business name, business type, role, staff permissions and workspace settings
- Timezone, currency, trial status, subscription status and billing metadata
- Support messages and operational notes you send to us
Member, guardian and child profile information
- Names, display names, email addresses and phone numbers
- Guardian contact details for child profiles where a business chooses to record them
- Membership status, linked Punchless account status and attribution such as signup QR, invite link or added by business
- Notes entered by the business
Pass, package, loyalty and check-in information
- QR pass tokens, public pass links and account-linked pass records
- Packages, credits, loyalty card stamps, expiry dates and remaining balances
- Check-in history, recent activity, audit events, timestamps and staff/user names where available
- Signup QR and invite link usage, including whether an invite has been sent or accepted
Technical and usage information
- Device, browser, app version, operating system and approximate location derived from technical information such as IP address
- Log data, request data, security events, diagnostics, performance information and crash reports
- Analytics showing how the website and app are used
- Local storage, session storage and similar browser/app storage used to keep you signed in and remember app state
4. Public pass pages and QR codes
Businesses can create public pass links for members who have not signed up for a Punchless account. A public pass page may show limited member/pass information such as the business name, member name, QR code, remaining credits, loyalty status or a call to create a Punchless account.
Anyone with a valid public pass link may be able to view that pass page. Businesses are responsible for sharing pass links with the correct person and for deciding whether public pass links are appropriate for their members.
5. Camera, QR scanning and device permissions
Punchless can request camera access so a business user can scan member QR codes. QR scanning happens through the browser, web app or native app wrapper. We do not intentionally record or store camera images or video from the scanner.
You can allow or deny camera access through your browser, operating system or device settings.
6. Notifications
Push notifications are currently marked as coming soon in the app. If notification features are enabled later, Punchless will ask for permission where required and may store notification tokens to send service messages, business alerts or member-related notifications.
7. How we use information
- To create and manage Punchless accounts, workspaces and roles
- To provide member, staff, package, loyalty card, QR pass, signup QR and check-in features
- To let members view their passes and linked businesses
- To help businesses invite members and staff
- To manage trials, subscriptions, renewals, cancellations and access status
- To provide support, troubleshoot issues and respond to requests
- To monitor security, reliability, abuse, fraud and performance
- To improve Punchless and understand product usage
- To comply with legal, accounting and tax obligations
8. Legal bases
Where UK GDPR or similar laws apply, we rely on legal bases such as contract performance, legitimate interests, legal obligations and consent where required. For member data entered by a business, the business is responsible for identifying its lawful basis.
9. Payments and subscriptions
Paid subscriptions are handled through Revolut. Turbopeace Apps Ltd does not store full payment card details. We may store billing metadata such as subscription identifiers, status, currency, price tier, renewal dates, cancellation status and payment-related events.
Revolut processes payment information according to its own terms and privacy practices.
10. Children and guardians
Punchless may be used by businesses such as dance schools, tutoring providers, clubs or activity providers where children are members. Businesses are responsible for obtaining any required consent or permissions and for entering only information that is appropriate and lawful.
Punchless supports child profiles managed by guardians, but it is not a parental consent management system by itself.
11. Health, wellness and sensitive information
Punchless may be used by wellness, physiotherapy, training or similar businesses. Punchless is not designed to store formal medical records, diagnoses, treatment notes or highly sensitive records. Businesses should avoid entering sensitive information into member notes unless they are legally permitted to do so and it is necessary.
12. Third-party services
We use third-party services to provide Punchless, including where enabled:
- Firebase Authentication, Cloud Firestore, Firebase Hosting, Cloud Functions and Cloud Run
- Firebase Analytics, Google Analytics, Firebase Crashlytics and logging/diagnostic tools
- Google Cloud infrastructure and security services
- Revolut for subscription payments
- Google Play and Apple services for native app distribution, where applicable
- Browser, device, SMS, email or messaging apps when a business chooses to share a pass or invite through them
13. Data retention
We retain account, business, member, pass, check-in, package, loyalty and audit records while they are needed to provide Punchless, support the business, maintain operational history, meet legal obligations, resolve disputes and protect the service.
Business owners can request deletion of their organisation data by contacting support. For now, deletion requests are handled manually. Some information may need to be retained for legal, accounting, tax, fraud prevention, security or backup reasons.
14. Access, correction and deletion requests
Business owners can contact us to request access, correction, export or deletion of organisation data.
If you are a member, guardian or staff user of a business using Punchless, please contact that business first about access, correction or deletion of your personal data. We may redirect requests to the relevant business because it controls the data it entered into Punchless.
15. Security
We use reasonable technical and organisational measures to protect data, including authentication, access controls, hosted cloud infrastructure, security rules and monitoring. No system is completely secure, so we cannot guarantee absolute security.
16. International processing
Our service providers may process data in countries outside the United Kingdom or European Economic Area. Where required, we rely on appropriate safeguards made available by those providers.
17. Your rights
Depending on your location and relationship with Punchless, you may have rights to access, correct, delete, restrict, object to processing or receive a copy of your personal data. You may also have the right to complain to a data protection authority.
18. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users or make the updated policy available on our website.
19. Contact
For privacy questions or requests, contact support@turbopeaceapps.com.