Legal

Privacy Policy

Effective Date: May 1, 2025

1. Who We Are & Scope

Redeema, LLC ("Redeema," "we," "us," or "our") is a FinTech platform incorporated in Puerto Rico that operates a Community Operating System β€” enabling organizations such as sports leagues, graduating classes, and schools to manage dues, fundraising campaigns, sweepstakes, and memberships. This Privacy Policy governs all personal data collected through our mobile applications, web portals, and business-facing tools across Puerto Rico and the United States.

  • End users of the Redeema mobile application
  • Organization administrators (leagues, schools, classes)
  • Business partners accessing the Business Portal
  • Parents and guardians who interact on behalf of minor participants

We adhere to the principle of Privacy by Design: data collection is limited strictly to what is necessary for platform functionality.

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration: name, email address, phone number
  • Organization profile: organization name, logo, administrator contact information, EIN (for business accounts)
  • Participant data entered by authorized organization administrators: participant first name, last name, group assignment, and Parent/Guardian name and email (for minor participants)
  • Payment initiation: processed entirely by Stripe β€” Redeema does not store card numbers, bank accounts, or full payment credentials
  • Communications: messages submitted via support channels or contact forms

2.2 Information Collected Automatically

  • Device identifiers and IP addresses (used for fraud prevention and audit log integrity)
  • Session data and usage logs (pages visited, actions taken, timestamps)
  • AWS CloudWatch performance and error logs
  • Google Analytics aggregate traffic data (no cross-site behavioral tracking)

2.3 Receipt & OCR Data (Global Scan)

When a user participates in a receipt-based sweepstakes campaign via our Global Scan feature:

  • The receipt image is temporarily cached on secure AWS S3 servers for validation and fraud prevention purposes only.
  • Amazon Textract (OCR) extracts specific fields: Merchant Name, Purchase Date, and Total Amount. Sensitive fields such as partial card numbers, signatures, or personal identifiers are automatically ignored or redacted.
  • Once validation is complete, the original receipt image is permanently deleted from active servers.
  • Redeema retains only anonymized, aggregated transactional metadata for analytics. No Personally Identifiable Information (PII) is linked to these datasets.
  • Redeema does not sell or share individual receipt data with any third party.

3. How We Use Your Information

We use collected data solely to operate and improve the Redeema platform:

  • Create and authenticate user and organization accounts
  • Process campaign participation and attribute entries to the correct participant or organization
  • Generate and deliver tamper-evident audit records and financial reports
  • Send transactional communications: payment confirmations, campaign updates, entry receipts, and winner notifications
  • Detect and prevent fraudulent activity, duplicate entries, and abuse of the sweepstakes system
  • Comply with applicable law, including tax reporting obligations and sweepstakes regulations
  • Improve platform performance and resolve technical issues

We do NOT use your data for cross-context behavioral advertising, sale to data brokers, or any purpose beyond operating and improving Redeema.

4. Children's Privacy & Minor Participants (COPPA Compliance)

Redeema is NOT directed to children under the age of 13, and we do not knowingly collect personal information directly from any individual under 13. If you are under 13, do not use the Redeema App or submit any personal data. For organizations that manage minor participants (youth sports leagues, schools, K-12 programs):

  • All participant data for minors is entered exclusively by authorized organization administrators β€” never collected directly from the minor.
  • Data is limited to: first name, last name, group assignment, and the Parent/Guardian's name and email address for communications.
  • Organization administrators represent and warrant that they have obtained verifiable parental consent before submitting any minor's information to the platform.
  • Minor participant pages (Member Pages) are non-indexed, non-discoverable, and accessible only via a private, unique URL shared by the organization.
  • We recommend that organizations set all groups containing minors to PRIVATE within Redeema Group Settings.
  • If Redeema learns that personal information has been collected directly from a child under 13 without verifiable parental consent, we will delete that information immediately.

To report a potential COPPA violation or request deletion of a minor's data, contact us at: legal@redeema.io

5. Social Login

If you register or log in via Apple ID or Google:

  • We receive: name, email address, and profile picture (as permitted by those platforms).
  • This information is used solely to create and authenticate your Redeema account.
  • We do not post to your social media accounts.
  • Apple "Hide My Email": fully supported β€” we will only store the masked relay address provided by Apple.
  • You may revoke access at any time through your Apple or Google account security settings.

6. How We Share Your Information

Redeema does not sell, rent, or trade personal information. We share data only as described below:

6.1 Service Providers (Data Processors)

We share information with trusted vendors who process data solely to provide services to Redeema:

  • Amazon Web Services (AWS) β€” Encrypted cloud hosting, OCR processing (Textract), fraud detection (Rekognition), notifications (SNS/SES)
  • Stripe β€” PCI-DSS compliant payment processing. Stripe Connect is used to facilitate direct payouts to organizations.
  • Google Analytics β€” Aggregate, anonymized platform usage analytics

All service providers are contractually prohibited from using your data for any purpose other than providing services to Redeema. Full list: redeema.io/subprocessors

6.2 Legal Disclosure

We may disclose personal data if required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of Redeema, our users, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. We will provide notice of such transfers in accordance with applicable law.

7. Data Retention

  • Account Data: Retained while your account is active. Deleted within 30 days of a verified account closure request, subject to legal exceptions.
  • Financial & Transaction Records: Retained for 7 years to comply with tax regulations, audit obligations, and Stripe reconciliation requirements.
  • Tamper-Evident Participation Logs: Retained in append-only format to maintain the integrity of the SHA-256 audit chain. Deletion requests may be declined where removal would compromise the legal integrity of a financial audit trail.
  • Receipt Images: Permanently deleted from active servers upon completion of OCR validation.
  • OCR Metadata: Retained in anonymized, aggregated form for analytics β€” not linked to any individual user.

8. Security

Redeema implements industry-standard security measures appropriate to the sensitivity of the data we process:

  • Encryption in transit (TLS 1.2+) and at rest (AWS KMS)
  • Role-based access controls β€” only authorized platform roles may access sensitive reports
  • PCI-DSS compliance via Stripe (Redeema maintains SAQ-A certification annually)
  • Tamper-Evident Audit Chain: all financial participation records are secured with SHA-256 hash chaining β€” records cannot be altered or deleted without detection
  • Bot detection and anti-fraud controls on all sweepstakes entry points

No system is completely secure. If you believe your account or data has been compromised, contact us immediately at: security@redeema.io

9. Cookies & Tracking Technologies

We use the following technologies:

  • Essential Cookies: Required for authentication, session management, and platform security. Cannot be disabled without breaking core functionality.
  • Analytics (Google Analytics): Aggregate, anonymized usage data. No cross-site behavioral profiling.
  • AWS CloudWatch: Server-side performance and error monitoring β€” not user-facing tracking.

We do NOT use third-party advertising cookies or tracking pixels that follow your activity across unrelated websites.

10. Your Privacy Rights

Regardless of your state or territory of residence, Redeema provides the following rights to all users:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Update inaccurate information via your account profile or by contacting us.
  • Right to Deletion: Request deletion of your account and associated data, subject to legal retention obligations.
  • Right to Opt-Out of Marketing: Unsubscribe from promotional communications at any time. Transactional communications (payment receipts, security alerts, campaign confirmations) are not affected.

10.1 California Residents (CCPA)

Redeema does not 'sell' or 'share' personal information for cross-context behavioral advertising or monetary consideration. California residents have additional rights under the CCPA, including the right to know, delete, and opt out of sale. To exercise these rights, contact: legal@redeema.io

10.2 Puerto Rico (Ley 81-2012)

Redeema complies with Puerto Rico's Digital Commerce Act and applicable data protection obligations, including notification of security breaches within 72 hours of discovery. Puerto Rico residents may exercise the rights described above by contacting us at the address below.

11. Data Transfers

Redeema operates primarily within the United States. By using our platform, you consent to the processing and storage of your data on servers located in the United States, which may have different data protection standards than your country of residence.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our services, legal requirements, or data practices. We will notify you of material changes via:

  • In-app notification within the Redeema platform
  • Email to your registered address

Continued use of the platform after the effective date of any update constitutes acceptance of the revised Policy.

14. Contact Us

Redeema, LLC

CanΓ³vanas, Puerto Rico

Privacy & Legal: legal@redeema.io

Security Reports: security@redeema.io

Subprocessor List: redeema.io/subprocessors

Β© 2026 Redeema LLC. All rights reserved.

πŸ’¬ Help