Privacy Notice

Last updated: June 19, 2026. Ver en español.

In compliance with Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, "LFPDPPP") and its Regulations, FideCard provides you with the following privacy notice. This is a courtesy translation; in case of any discrepancy, the Spanish-language version shall prevail.

1. Identity and address of the data controller

FideCard (hereinafter, the "Controller") is responsible for the processing of the personal data collected through the platform fidecard.com.mx and its associated domains.

Address for notices: Av. Insurgentes Norte 259, Col. Buenavista, Cuauhtémoc, C.P. 06350, Mexico City, CDMX, Mexico.

Privacy contact e-mail: privacidad@fidecard.com.mx.

2. Personal data we collect

We collect the following personal data depending on the type of user:

If you are a business owner: business name, e-mail address, encrypted password, establishment details (business type, country, state), and optionally billing data (tax ID / RFC, legal name, tax address, tax regime, postal code).

If you are an employee: name, username, encrypted password (assigned by the business owner).

If you are an end customer enrolling in a loyalty program: name, mobile phone number (in international format), e-mail address, number of accumulated stamps, redeemed rewards, date of last visit, and, optionally, approximate geolocation data when you authorize its use from your browser.

3. Purposes of processing

Primary purposes (without these we cannot provide the service):

• Operate the loyalty program: record stamps, calculate rewards and issue redemption receipts. • Authenticate users and verify their identity. • Send you notifications by e-mail, SMS or WhatsApp about your stamps, available rewards or visit reminders. • Process the business owner's subscription billing (where applicable). • Comply with applicable tax and legal obligations.

Secondary purposes (you may object to these):

• Send you promotional communications about newly affiliated businesses or platform features. • Perform aggregate statistical analysis to improve the service. • Display proximity notices when you are within range of a branch where you hold an active card.

4. Transfers and data processors

To operate the service, your personal data may be processed by technology providers acting as processors on behalf of the Controller. Each one processes solely the data necessary for the stated purpose and under contractual obligations of confidentiality and security. The categories of processors we use are:

Database and authentication provider (United States): storage of service information and user authentication.
Transactional e-mail provider (European Union): delivery of service e-mails (account confirmation, password reset, stamp and expiration notifications).
Web hosting and content delivery provider (United States): website hosting and content delivery through its distribution network, as well as e-mail routing for @fidecard.com.mx mailboxes.
SMS and messaging provider (United States): delivery of verification and notification SMS and WhatsApp messages, when the business plan includes them.
WhatsApp Business messaging provider (United States): delivery of operational WhatsApp messages when enabled on your plan.
Payment processing provider (Mexico and/or United States): subscription billing when the business owner selects a paid plan. Bank card details are captured directly on the processor's platform; FideCard does not store full card numbers.
Mexican or foreign competent tax, administrative or judicial authorities, where there is a duly founded and substantiated request under applicable law.

Some of these transfers involve sending data to countries other than Mexico (mainly the United States and the European Union). In all cases we require processors to offer protections equivalent to those established by the LFPDPPP. We do not transfer your data to third parties for commercial purposes without your express consent.

You may request the specific identity of each processor by writing to privacidad@fidecard.com.mx.

5. ARCO rights

You have the right to Access, Rectify, Cancel (delete) or Object to the processing of your personal data (ARCO rights), as well as to revoke your consent.

Self-service (recommended and immediate): visit 🛡️ ARCO Rights and identify yourself with your phone number and password. From there you can download your data, correct it, configure your communication preferences or delete your account instantly.

By e-mail: if you prefer, write to privacidad@fidecard.com.mx including: your name, a copy of your official ID, a clear description of the right you wish to exercise and the data your request refers to. We will respond within a maximum of 20 business days.

6. Limiting the use or disclosure of your data

You may request that your data not be used for secondary purposes (promotional, geolocation) by writing to privacidad@fidecard.com.mx. This will not affect the core loyalty-program service.

7. Use of cookies and similar technologies

We use local storage (localStorage) in your browser to remember your session and preferences (language, last selected business, card settings). We do not use advertising tracking cookies, nor do we sell data to third parties for marketing purposes.

8. Geolocation

If you authorize the use of your location in your browser, we use it solely to show whether you are near a branch of a business whose loyalty card you are enrolled in. Your location is not stored on our servers; the calculation happens on your own device. You may revoke this permission at any time from your browser settings.

9. Data security

We implement reasonable administrative, physical and technical measures to protect your personal data against unauthorized access, loss, alteration or destruction. This includes: encryption in transit (HTTPS), row-level security policies in the database, authentication with encrypted passwords, and per-business data isolation.

To strengthen account security, we require all passwords (owners, employees and end customers) to have a minimum of 8 characters and include at least one number and one symbol. We never store passwords in plain text: they are saved encrypted via hash functions. We recommend using a unique password and not sharing it with third parties.

10. Data retention period

We keep your personal data only for as long as necessary to fulfill the purposes described in this Notice and applicable legal obligations. For reference:

Business owner account data (e-mail, encrypted password, establishment details): while the account is active and up to 12 months after its cancellation, unless tax obligations require a longer period (up to 5 years under Mexico's Federal Tax Code).
Business employee data: until the owner deletes them from their panel or cancels the account, and up to 12 months afterward as an audit backup.
End customer data (name, phone, e-mail, stamps): while the customer's card with a business is active and up to 24 months after the last recorded visit, unless the data subject has previously requested cancellation.
Records of notifications sent (e-mail, SMS, WhatsApp): up to 6 months for support and delivery-proof purposes.
Billing and payment data: for the time required by applicable tax law (typically 5 years).
Access and security logs: up to 90 days for audit and incident-detection purposes.

Upon expiration of the above periods, data is irreversibly deleted or anonymized, unless the data subject has previously exercised an ARCO right or a current legal obligation requires it to be retained longer.

11. Changes to this privacy notice

We reserve the right to modify this notice. Any change will be published on this same page along with the update date. We recommend reviewing it periodically. Substantive changes will be notified to your registered e-mail at least 15 days in advance.

12. Supervisory authority

If you believe your personal-data protection rights have not been adequately addressed, you may turn to the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) at home.inai.org.mx.

🛡️ Exercise your ARCO rights Access · Rectification · Cancellation · Objection. For loyalty-card customers only.
Go to self-service →

← Back to home