Privacy Policy

Resyno is operated from The Netherlands. Company registration and VAT details are available on request unless separately published in an invoice, checkout, contract, or legal notice.

Resyno is B2B SaaS for merchants, brands, webshops, and business users who create, test, publish, distribute, update, and manage Apple Wallet passes.

For privacy, deletion, export, legal, or support requests, contact resyno.support@gmail.com.

Account data may include email address, name, timezone, authentication status, account settings, and security-related events. Authentication and session data is handled through Supabase.

Company and workspace data may include business name, website URL, public URL, historical public URL aliases, brand settings, role data, membership data, billing settings, and workspace preferences.

Pass content may include pass title, subtitle, text fields, offers, discounts, promo codes, campaign terms, QR destinations, links, images, logos, colors, contact details, and Apple Wallet settings.

Generated preview data may include the website URL submitted by a merchant, publicly available website metadata, page titles, descriptions, images, icons, colors, and generated pass suggestions.

Wallet operational data may include pass serial numbers, Pass Type IDs, certificate metadata, Apple device library identifiers, APNs push tokens, install, register, update, unregister events, timestamps, pass status, revision data, and delivery state.

Public link and QR data may include generated links, historical aliases, QR destinations, link status, installation URLs, and technical access records where implemented.

Billing data may include Stripe customer ID, subscription ID, plan, price, invoice, tax status, payment status, trial status, cancellation metadata, usage count, renewal preferences, and checkout or portal session metadata.

Support data may include email address, name, workspace name, support message, topic, browser or route context where provided, and related technical context.

Technical and security data may include logs, IP address where processed by infrastructure, browser metadata, request metadata, rate-limit data, error logs, webhook events, and security events.

We use data to create accounts, manage authentication and sessions, operate workspaces, and provide company-scoped access.

We use pass and Wallet data to create, test, sign, host, publish, distribute, update, register, maintain, and troubleshoot Apple Wallet passes.

We use generated preview data to create draft pass suggestions from merchant-submitted websites and to improve the reliability of the generate flow.

We use Wallet operational data to provide public pass links, QR distribution, Wallet push updates, registration handling, update checks, pass maintenance, and abuse prevention.

We use billing data to process checkout, invoices, subscriptions, free trials, usage limits, cancellation state, billing status, plan changes, taxes, and entitlement checks.

We use support, technical, and security data for transactional email, support, troubleshooting, abuse prevention, reliability, security, legal compliance, and limited operational analytics for product reliability, usage limits, billing enforcement, and security.

The MVP does not use advertising pixels, remarketing, or non-essential tracking cookies.

Where GDPR applies, we process data to perform our contract with merchant users and their workspaces.

We may process data based on legitimate interests, including service operation, security, abuse prevention, troubleshooting, product reliability, billing enforcement, fraud prevention, platform improvement, and communication about service functionality.

We may process data to comply with legal obligations, including tax, accounting, fraud prevention, dispute, regulatory, and law-enforcement obligations where applicable.

We rely on consent where consent is required, and on merchant instructions for processor activities involving merchant-controlled end-customer data.

The merchant is controller for merchant-provided end-customer data and pass content. Resyno acts as processor where it creates, delivers, updates, registers, or maintains Wallet passes on the merchant's behalf.

Resyno acts as controller for account, billing, support, security, legal, and platform operations data.

Merchants must have the legal basis, notices, permissions, rights, and consents needed for the data, brands, offers, links, and content they place on or connect to passes.

Merchants must not place sensitive personal data, payment card data, government ID numbers, passwords, medical data, biometric data, precise location history, or other high-risk data in pass fields.

End customers who receive or install a pass should contact the merchant for questions about the offer, campaign, customer relationship, or merchant-controlled personal data.

Resyno operates Apple Wallet-related infrastructure as part of providing the service. This may include Pass Type IDs, Apple Wallet certificates, signing infrastructure, pass packages, manifests, signatures, serial numbers, Apple device library identifiers, APNs push tokens, Wallet web service endpoints, registration, update, unregister records, technical logs, and operational records.

Resyno operates this infrastructure only as part of providing, securing, maintaining, supporting, and improving the service. This does not mean a merchant receives its own Apple Developer Account through Resyno.

Apple does not endorse, sponsor, approve, or take responsibility for Resyno or merchant passes. Merchants remain responsible for brand, content, offers, links, QR destinations, customer data, and legal compliance.

Some Wallet identifiers and push tokens are technical identifiers needed to install, register, update, or unregister passes. They are not intended to identify a person directly by themselves, but they may be personal data where applicable law treats them as such.

Current subprocessors include Supabase for authentication, database, storage, and security; Stripe for billing, checkout, invoices, subscriptions, tax, fraud prevention, and payment workflows; Apple Wallet/APNs for Wallet pass delivery, registration, and updates; Resend for transactional email; and Vercel for hosting, deployment, security, edge routing, and scheduled jobs where deployed.

These providers process data only as needed to provide, secure, support, bill, deliver, or operate the service.

Resyno may update subprocessors as the service changes. Material changes will be reflected in these legal pages, the app, or other reasonable notice where required.

Data may be processed outside the European Economic Area, including by infrastructure and payment providers.

Where required, international transfers may rely on Standard Contractual Clauses, adequacy decisions, Data Privacy Framework participation where applicable, or equivalent safeguards.

See the Cookie Policy at /cookies for more detail.

For the MVP, Resyno uses only necessary and functionality cookies or browser storage for authentication, security, billing, preferences, generated preview continuity, and core app operation.

We keep account, company, pass, Wallet, billing, support, and operational records for as long as needed to provide the service, comply with law, resolve disputes, enforce agreements, and maintain security.

Billing, tax, invoice, abuse-prevention, legal, and security records may be kept longer where required or reasonably necessary.

For the MVP, deletion and export requests are handled through support at resyno.support@gmail.com.

Some data may remain in backups, logs, billing records, historical public URL aliases, audit records, or legal and security records for limited periods.

Existing passes already added to Apple Wallet may remain on recipient devices unless removed by the user or technically invalidated or expired where supported.

Resyno does not guarantee remote removal from end-user Apple Wallet devices.

Resyno uses security measures appropriate for the MVP service, including authenticated access, company scoping, database RLS where implemented, restricted service-role usage, encrypted secrets and certificates where implemented, least privilege where implemented, validation at mutation boundaries, audit logging for sensitive operations where implemented, backups where applicable, abuse prevention, dependency updates, and security monitoring or incident response where applicable. No internet service can be guaranteed to be absolutely secure.

Merchants are responsible for keeping their credentials secure, limiting workspace access, using accurate account information, and promptly reporting suspected misuse.

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data.

You may withdraw consent where processing relies on consent. If GDPR applies, you may also complain to a supervisory authority.

Contact resyno.support@gmail.com to exercise privacy rights. End customers of merchants may be directed to the merchant where the merchant controls the relevant data.