Privacy Policy

1. Introduction

OofRewards ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the OofRewards website and services (the "Service").

We operate from the United Kingdom and act as the data controller for the personal data we process. This Policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect and process the following categories of personal data:

• Identity Data: Name, username, date of birth, and other identifiers you provide.
• Contact Data: Email address and any other contact details you provide.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access the Service.
• Usage Data: Information about how you use our Service, including task completion history, offer interactions, Coin balances, and reward redemptions.
• Profile Data: Your preferences, feedback, and survey responses.
• Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties.

3. How We Collect Your Data

We collect data through:

• Direct interactions: when you register, complete forms, or communicate with us.
• Automated technologies: as you interact with our Service, we may automatically collect Technical Data using cookies, server logs, and similar technologies.
• Third parties: we may receive data from analytics providers, advertising networks, search information providers, and fraud prevention services.

4. How We Use Your Data

We use your personal data only where permitted by law. The legal bases we rely on include:

• Performance of a contract: To provide the Service, process your tasks, manage your Coin balance, and fulfil reward redemptions.
• Legitimate interests: To improve our Service, prevent fraud, ensure network security, and enforce our Terms of Service.
• Legal obligation: To comply with applicable laws, regulations, court orders, or lawful requests from public authorities.
• Consent: Where you have given explicit consent, such as for marketing communications.

Specifically, we process your data to: authenticate your identity; track task completions and award Coins; detect and prevent fraud and abuse; communicate with you about your account; comply with legal obligations; and improve our Service.

5. Fraud Detection & Security

We take fraud prevention seriously. To protect the integrity of our Service and our users, we employ third-party fraud detection and verification services.

5.1 IP Quality Score

We use IP Quality Score to analyse your IP address for fraud detection purposes. This helps us identify VPNs, proxies, TOR nodes, and other high-risk connections that may indicate fraudulent activity.

When you access the Service, your IP address may be shared with IP Quality Score to determine a "risk score" associated with your connection. This processing is necessary for our legitimate interest in preventing fraud, abuse, and multi-accounting.

For more information about how IP Quality Score processes data, please review their Privacy Policy at https://www.ipqualityscore.com/privacy-policy.

5.2 Twilio

We use Twilio for SMS verification and identity confirmation as part of our fraud prevention measures. If required, we may send a one-time verification code to your mobile phone number to verify your identity and prevent fraudulent account access.

Your phone number, if provided, will be transmitted to Twilio solely for the purpose of delivering verification messages. We do not use your phone number for marketing purposes without your explicit consent.

For more information about how Twilio processes data, please review their Privacy Policy at https://www.twilio.com/legal/privacy.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to distinguish you from other users, understand how you use our Service, and improve your experience.

The types of cookies we use include:

• Essential cookies: Necessary for the Service to function, such as authentication and security.
• Analytical cookies: Help us understand how visitors interact with the Service by collecting and reporting information anonymously.
• Functional cookies: Enable enhanced functionality and personalisation, such as remembering your preferences.

You can set your browser to refuse all or some browser cookies, but this may prevent parts of the Service from functioning properly.

7. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with:

• Service providers: Companies that provide services on our behalf, such as hosting, analytics, customer service, fraud prevention (IP Quality Score, Twilio), and email delivery (Resend).
• Partner networks: When you complete an offer through a third-party Partner, limited information (such as your user ID) may be shared with that Partner to track completion and award Coins.
• Legal authorities: Where required by law, regulation, or legal process, or to protect our rights, property, or safety.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Generally, we will retain your account data for as long as your account is active, plus a reasonable period thereafter to resolve disputes, enforce our agreements, and comply with legal obligations.

If you request deletion of your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

10. Your Rights

Under UK data protection law, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data in certain circumstances.
• Right to restrict processing: Request that we limit the processing of your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@oofrewards.com. We will respond within one month of receiving your request.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you believe your rights have been violated.

11. International Transfers

Some of our service providers (such as Twilio and IP Quality Score) are based outside the UK. When we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK government, to protect your data in accordance with UK GDPR.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete the information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.