Privacy Policy
Effective date: April 30, 2026
Barbridge ("we", "us", "our") operates the website at www.barbridge.io and provides a customer-loyalty platform for hospitality venues. This policy explains what information we collect, how we use it, who we share it with, and the choices you have.
This policy applies to two distinct groups: account holders (the venues using Barbridge) and customers (the patrons of those venues who scan a QR code and sign up for a coupon). Where a section applies to one group and not the other, we say so.
1. Information we collect
From customers (patrons of participating venues):
- Phone number
- First and last name
- Email address
- Date of birth (used solely to confirm you are 21 or older, as required to receive offers from licensed alcohol-serving venues)
- The venue you signed up at and the offer associated with your signup
- Whether you opted in to receive future marketing messages from that venue
- Redemption records — when you use your coupon at the venue, we receive a record of that transaction from Square (see Section 3 below) so we can attribute the redemption to your signup
- Limited technical data (IP address, user agent) collected automatically when you use our website
From account holders (venues):
- Business contact information (name, address, phone, email)
- Authentication information when you sign in (handled by AWS Cognito and any third-party identity provider you choose, such as Apple, Google, Amazon, or Microsoft)
- Square account credentials (you connect your Square account to Barbridge so we can create customers and apply loyalty rewards on your behalf)
- Activity data within the Barbridge platform (venues created, offers configured, dashboard usage)
2. How we use information
We use the information we collect to:
- Operate the Barbridge service for you and the venue you are interacting with.
- Send the one-time SMS containing your magic-link claim URL when you sign up at a venue.
- Email you a backup copy of your wallet pass.
- Generate and sign your Apple Wallet card.
- Pass your customer record to Square so the venue can apply the loyalty reward when you redeem.
- Track aggregate analytics for the venue's dashboard (number of new customers, redemption rates, average same-night spend).
- Comply with legal obligations and respond to lawful requests.
- Detect and prevent fraud, abuse, and security incidents.
We do not use the information we collect for advertising or sale to third parties. We do not currently send marketing SMS to customers; if and when we do, it will only be to customers who explicitly opted in via the marketing-consent checkbox at signup.
3. How we share information
We share customer information in three ways:
- With the venue you signed up at. Your information is associated with that venue's Square customer record so the venue can recognize you when you return and apply the loyalty reward. Information you give to one venue is not shared with other venues using Barbridge.
- With Square, our point-of-sale partner. Your customer record is stored within the venue's Square account and processed under Square's privacy policy. Square is the processor of your loyalty redemption transactions.
- With our cloud-infrastructure providers. Barbridge runs on Amazon Web Services. AWS hosts our data, sends our verification SMS (via AWS SNS), and delivers our transactional email (via AWS SES). AWS processes data on our behalf under AWS's privacy policy and a Data Processing Addendum. Apple receives the pass file you choose to add to Apple Wallet.
We do not sell your personal information. We do not share your information with advertisers or data brokers. We do not share your information across venues without your consent.
4. Data retention
We retain customer information for as long as your relationship with the venue is active. If you ask us to delete your information, or if we close the venue's account, we delete or de-identify your data within 30 days, except where we are required to retain it longer to comply with a legal obligation.
The pending-signup record created while you wait to click the magic-link in your SMS is automatically deleted within minutes if you don't click the link.
5. Your rights and choices
You have the right to:
- Access the information we hold about you.
- Correct inaccurate information.
- Delete your information, subject to legal-retention exceptions.
- Opt out of SMS at any time by replying STOP to any message from us. (In MVP we send only a single one-time verification SMS, so STOP applies to any future messages we may send.)
- Withdraw marketing consent by contacting us — even if you opted in at signup, you can change your mind.
- If you are a California resident, the additional rights granted by the California Consumer Privacy Act (CCPA), including the right to know what we collect and the right to delete.
To exercise any of these rights, email hello@barbridge.io. We respond within 30 days.
6. Children's privacy
Barbridge is not directed at children. The signup flow requires confirmation that you are 21 years of age or older. We do not knowingly collect information from anyone under 18. If we discover we have collected information from someone under 18, we delete it.
7. Security
We use industry-standard practices to protect your information, including encryption at rest, encryption in transit (TLS), access controls based on least privilege, and audit logging of administrative actions. No system is perfectly secure; we will notify you and the venue without unreasonable delay if we discover a security incident affecting your information.
8. Cookies and tracking
The Barbridge marketing site (www.barbridge.io) does not use cookies or third-party tracking. The customer signup app at public.barbridge.io uses only the cookies strictly necessary to complete your signup (e.g., a short-lived session identifier). The account-holder application at admin.barbridge.io uses cookies necessary for authentication.
9. International users
Barbridge currently operates in the United States only. If you are accessing Barbridge from outside the US, your information will be transferred to and processed in the US.
10. Changes to this policy
We may update this policy from time to time. If we make material changes, we will announce them by updating the effective date at the top of this page and, where appropriate, contacting you directly. We encourage you to review this page periodically.
11. Contact us
Questions, requests, or concerns: