Privacy Policy

Who we are

Our website address is:

What we do.

We provide businesses with an easy way to operate a loyalty program and collect customer feedback using Messenger.

What we don’t do

We do not run the various reward programs themselves and we do not provide the points or the rewards for each business.

How we provide the service

We combine a number of services to work with Facebook Messenger and operate the service. These include companies like ActiveChat to create the flow along with AWS and MongoDB to store the information, including your points balance and transaction history.

What Information We Collect

In order to provide the service we have access to a Facebook generated ID which is solely for use in our service. Tis does not give us information on your Facebook Profile.

As per your agreement with Facebook we also have access to your name and gender.

We also record the businesses from whom you collect points, and any feedback you provide.

Who sees your details

In this section we outline the individual information available to each party…

The Business

Each business owner runs their own program. They system is designed so that they cannot access your individual details. When they award or redeem the points or you check your balance, your name is displayed on your phone.

We provide reports to the business showing them generic information such as number of transactions in a week etc. We do not currently provide individual information on each customer. Though it is possible this may change in the future, the only information will be your name.

Occasionally you may be asked to provide feedback on your visit. This is provided anonymously unless you specifically agree to provide your details for follow-up. This is asked on a per-transaction basis.

Your Facebook identity is never provided to the business.


At present the only person operating Zapacard is Brian O’Connell. I have access to all the information in the database.

In future should other employees be take onboard we will implement processes and systems to ensure this information is controlled.


Since all activity is taking place on Facebooks Messenger platform it is to be assumed that they have the ability to see all the information.

ActiveChat, MongoDB and AWS

The transactions are filtered through ActiveChats interface and stored on a MongoDB on AWS servers in Ireland. In theory these companies can view the data but there is neither the incentive for them to do so nor the context to make sense of it.

Data Removal

If you wish to have your account closed and all data removed you can request this through Messenger.

How long we retain your data

We retain the data indefinitely. This includes each transaction and we feel it is necessary to provide assurance in case of any dispute on points balances.

You can request the removal of all data through Messenger.


We do not show any advertising through the platform. This may change in the future. If it does we will not share your information with any third-party. We may however use information such as your location, gender or the type of premises you frequent to provide relevant adverts.