Privacy Policy (US)
Policy last updated on March 27, 2025
Article 1. Introduction
1.1 Purpose. This Privacy Policy (hereinafter the "Policy") sets forth the principles governing the collection, use, retention, and protection of the personal data of users of the Solution. Capitalized terms not defined herein have the meaning set forth in the Terms of Service. Personal Data refers to any information that directly or indirectly identifies a Member (hereinafter "Personal Data"). By using and/or accessing the Solution, Members accept the terms of this Policy.
1.2 Data Controller. The collection and processing of Personal Data is carried out by Joko USA Inc. and its affiliates (collectively, the “Company”), which can be contacted at:
Wylr
14 Avenue du Général de Gaulle, 94160 Saint-Mandé, FRANCE
Email: dpo@joko.com
Phone: +33 9 74 59 25 75
If Members have any questions or comments about this Policy, the ways in which the Company collects and uses their information, or Members’ choices and rights regarding such use, the Company can be contacted using the contact information above.
Article 2. Why is Personal Data Collected and Used?
The Company collects and processes Personal Data for specific and explicit purposes based on a legal foundation. The following table outlines the purposes of data collection and processing, along with their legal basis:
| Purpose | Legal Basis |
|---|---|
| Providing services through the Solution including Offers, Rewards, Coupons, Budgeting, Gift Cards, and all other services listed in the Terms of Service | Performance of the contract |
| Communicating essential information to the Member regarding their use of the Solution | Performance of the contract |
| Implementing tools to improve the services of the Solution to offer the best possible user experience | Legitimate business interest |
| Monitoring and analyzing trends, usage, and activities in connection with the Solution to customize each Member’s browsing experience | Legitimate business interest |
| Providing user support | Performance of the contract |
| Conducting marketing activities including sending marketing communications based on Member preferences and managing referral programs | User consent |
| Conducting statistics on the Company's usage and Offer performance to improve services and communicate insights on general Solution usage and Member shopping habits (in an aggregated and anonymized form). | Legitimate business interest |
| Detecting potential fraud and enforcing appropriate sanctions | Legitimate business interest |
| Complying with legal obligations such as accounting obligations, ensuring the security of Personal Data, responding to law enforcement. | Legal obligation |
| Maintaining the day-to-day operation and security of the Solution Protecting the integrity of the business, as well as for analytics, auditing, technical assistance, and other general business purposes. | Legitimate business interest |
| Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about the Members is among the assets transferred. | Legitimate business interest |
Article 3. What Types of Personal Data Are Collected?
The Company may collect various types of Personal Data for the purposes outlined in Article 2, including but not limited to:
Identification data, such as name, email, phone number, and login credentials;
Usage Data, such as:
Interactions with the Solution and the Online Offers, Card-Linked Offers, and Gift Card Offers;
Rewards history;
Coupons usage;
Products or Favorite Offers saved in the Solution;
Product pages visited by a Member who has installed the extension (to provide the Member with a history of visited pages within the Solution);
Referral program details.
Transaction data: This category includes Personal Data transmitted during purchases made through the Offers in the Solution, such as the Merchant’s name, order reference and amount, and the number of products/services purchased that may be eligible for Rewards.
Financial Data: Certain services of the Solution require the Member’s banking data collection to function. These services include:
Card-linked Offers and the Budgeting Feature, which require the collection of information on the connected bank(s), as well as the details of the Member’s banking transactions (transaction number, date and time, transaction description);
Gift Card Offers, which require the collection of the Member’s encrypted card numbers;
The transfer of the Member’s Balance to their bank account, which requires the collection of their account details.
Conversation Data: This category includes all data communicated by the Member to the Company’s customer support service or through the Shopping Assistant, including any information provided by the Member regarding the desired product, its characteristics, target audience, shopping habits, or family connections.
Technical Data: This category includes technical information collected during the use of the Solution, such as the platform (e.g., Android or iOS) used at registration, the Member’s IP address, operating system, or data related to potential malfunctions of the Solution.
This Personal Data is collected directly when the Member uses the Solution, such as when they enter their name during registration, or indirectly, for example, when the Member connects their bank account to the Solution. Additionally, certain Personal Data may be collected when the Member uses the Company’s extension and clicks the button to activate an Offer on a Merchant’s website.
Some Personal Data must be provided by the Member to subscribe to certain services, such as Card-Linked Offers, or the conversion of Rewards into money transferred to the Member’s bank account. The mandatory nature of the required Personal Data is indicated to the Member at the time of subscription.
Article 4. How Long Is Collected Personal Data Retained?
Members’ Personal Data is retained for as long as it is necessary to fulfill the purposes described in Article 2. Members may delete their Account at any time.
When a Member’s Account is deleted, their Personal Data is erased. However, the Company may retain certain Personal Data beyond the deletion of the Member’s Account to comply with its legal obligations, under the following conditions:
Usage, transaction, and financial data, including purchases made through the Solution, is retained as required by law (e.g., for fraud prevention and financial record-keeping).
Marketing preferences data is retained until the user opts out.
Some Personal Data that the Company deletes upon Account deletion may be retained for a longer period by the Solution’s third-party providers, particularly those handling Gift Cards and open-banking services used for bank connections.
Article 5. Who Has Access to the Collected Personal Data?
5.1. Internal Personal Data Sharing. Within the Company, access to Personal Data is strictly regulated. Authorized teams within the Company (including marketing, commercial, data, user support, product, and technical teams) may access Members' Personal Data.
To ensure Personal Data security, the Company implements necessary measures and establishes strict access rules based on the type of Personal Data collected. Only teams with a legitimate need to access Personal Data (for example, to resolve a bug or respond to a Member’s request) are granted access.
Only the Company’s legal representatives have full access to Personal Data, and they access it only occasionally.
5.2. External Personal Data Sharing. The Company shares Personal Data–only when necessary–with the following third parties for the purposes described in Article 2 and in accordance with the security measures outlined in Article 6:
Business partners: Merchants and affiliate platforms involved in Rewards management, as well as partners handling Gift Cards.
Payment and financial service providers
Service providers offering tools and services to the Company, including:
Marketing tools;
Performance analysis tools;
Customer support providers;
Operational management tools;
Technical, storage, and data processing providers.
The table below details the external recipients of the different categories of collected Personal Data:
| Category of Third Party | Type of Personal Data Shared | Purpose of Sharing |
|---|---|---|
| Business Partners | Transaction Data | To facilitate services such as Offers, Rewards processing and distribution. |
| Payment & Financial Service Providers | Transaction Data, Financial Data | To process payments and prevent fraud. |
| Marketing Partners | Identification Data, Usage Data, Transaction Data, Financial Data | To manage transactional communications, serve personalized ads, and measure marketing effectiveness. |
| Performance analysis tools | Usage Data, Transaction Data, Technical Data | To analyze the Solution’s services performance and improve them. |
| Customer support providers | Identification Data, Usage Data, Transaction Data, Financial Data, Conversation Data | To provide support to Members. |
| Operational management tools | Identification Data, Usage Data, Transaction Data, Financial Data, Technical Data | To facilitate the services of the Solution. |
| Technical, storage, and data processing providers | Identification Data, Usage Data, Transaction Data, Financial Data, Conversation Data, Technical Data | To store and process Data, resolve potential technical issues, and prevent fraud or security threats. |
Personal Data may also be made available to competent public authorities when required by law or upon request. The Company may also provide the Members’ Personal Data in situations where the Company believes disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud, or other wrongdoing, to protect and defend the rights, property, or safety of the Company, its consumers, its employees, or others, or to enforce its agreements or policies.
In the event there is a change in the corporate structure of the Company including, without limitation, by merger, consolidation, sale, liquidation, transfer of substantial assets, or in the unlikely event of bankruptcy, the Company may, in its sole discretion, transfer, sell or assign Members’ Personal Data collected on and through the Solution to one or more affiliated or unaffiliated third parties or successor in interest. The Personal Data can be used only in accordance with this Policy after any such corporate event unless the Members otherwise agree.
The Company may disclose Members’ Personal Data to its legal, financial, insurance and other professional advisors where necessary to obtain advice or otherwise protect and manage its business interests.
Certain very specific Personal Data may also be shared with other Members. For example, if a Member refers a new Member, the referrer’s first name is shared with the referred Member.
For more information, Members can review the privacy policies of the Company’s service providers on their respective websites.
Article 6. How Is the Security of Collected Personal Data Ensured?
The Company implements technical and organizational measures to ensure the protection of Personal Data against any unauthorized access, alteration, loss, or disclosure.
These measures include, in particular:
Data encryption: Personal Data is stored in an encrypted format, including when transmitted over networks such as the Internet (for example, when it travels from the Member's device, such as their smartphone, to the Solution's servers).
Confidentiality: Employees are bound by a confidentiality agreement.
Account protection: Monitoring and secure authentication measures are in place to prevent fraud and protect account access.
Commitment of third parties: Our partners apply strict security measures to ensure data protection.
Incident notification: The Company is committed to notifying, as soon as possible but subject to applicable law and any instructions or directives communicated by law enforcement, in the event of a significant risk to the Member's privacy, any attempt at intrusion, disclosure, unauthorized access, or alteration of the Solution, or any malicious act against Personal Data.
The Company applies the necessary precautions to guarantee the confidentiality and security of the Members’ Personal Data and asks its partners to maintain a similar level of protection.
While the Company makes reasonable efforts to ensure Members’ Personal Data is processed and stored in a secure manner, the Company cannot guarantee the security of the Personal Data transferred over the Internet, and the Members assume the risk of any such transfer.
Article 7. Where Does the Company Store Personal Data?
The Members’ Personal Data will be collected and stored in Ireland.
Article 8. Cookies and Tracking Tools Notice
The Company and its partners may use cookies and tracking tools, which will be stored on Members’ devices when they use the Solution.
Cookies are small text files placed on a Member’s device (computer, smartphone, tablet) when they use the Solution. These files collect information about the Member’s browsing activity to enhance their experience, personalize content, and analyze service usage.
Tracking tools are technologies similar to cookies, but they are not limited to files stored on the Member’s device. They can take various forms, such as invisible pixels, web beacons, or identifiers embedded in applications.
The Company uses the following categories of cookies and tracking tools:
Essential Cookies: These cookies are necessary for the proper technical functioning of the Solution, as they optimize content display on different devices. For example, they allow Members to stay logged into the Solution between sessions.
Analytical and Audience Measurement Cookies: These cookies track Member navigation to optimize performance.
Functional Cookies: While not essential to the Company’s operation, these cookies enhance the user experience, help detect fraud, and provide support through the Company’s services.
Advertising Cookies: These cookies collect data on the performance and visibility of advertising campaigns and help optimize advertisements.
The Company may use its own tracking tools, such as navigation cookies and certain analytical or advertising cookies, or cookies from third-party service providers. Below is a list of cookies provided by third parties within the Solution, categorized by type:
| Cookie Name and/or Provider | Cookie Category | Purpose |
|---|---|---|
| Apple Sign-In / Facebook Sign-In / Google Sign-In | Functional | Managing the Member's login to their Apple, Facebook, or Google account when they choose to create an account using Apple, Facebook, or Google. |
| CodePush from Microsoft | Functional | Updating the app, it does not collect any Personal Data. |
| Intercom | Functional | Providing user support. |
| Branch | Functional | Creating deep links between different Joko applications to streamline the user experience. |
| Sentry | Analytical and Audience Measurement | Monitoring and reporting errors and crashes in the Solution. |
| Facebook Ads / Google Ads | Advertising | Displaying targeted advertisements based on the Member’s interests and actions within the Solution. |
| Adjust | Advertising | Analyzing and managing advertising campaigns. |
| OneSignal and Firebase | Advertising | Managing the delivery of push notifications to Members on the Solution. |
For more information on how these service providers handle Personal Data, Members can refer to the privacy policies of these providers, available on their respective websites.
Members can accept or refuse all or some of these cookies or tracking tools using the banner provided for this purpose when they access the Solution. They can modify their choices at any time. However, refusing cookies may affect the functionality of the Solution.
These cookies and tracking tools do not allow for the direct identification of the Member. The information collected through cookies and tracking tools is retained for thirteen (13) months, while the Member’s preferences are stored for six (6) months.
Article 9. Links to Third-Party Sites
The Solution may contain links to third-party websites. The Company does not operate, control, monitor, endorse, or guarantee those third-party websites. This Policy does not apply to the collection and use of information by such third-party websites. The Company suggests that Members carefully read the privacy policy and other policies of all third-party websites.
Article 10. Member Rights
Members may update, correct, or remove their Personal Data at any time and free of charge by sending an email to dpo@joko.com. The Company may ask that the Members identify themselves and the information they wish to access, change, or delete for security purposes. The Company will comply with Members’ requests as soon as reasonably practicable. By removing some of the Members’ Personal Data, Members may not be able to access some of the Solution’s features. The Company may keep some of the Members’ Personal Data required by law and/or for recordkeeping purposes.
Article 11. Opting Out of Marketing Communications
Members may unsubscribe from any marketing email communications by clicking on the “Unsubscribe” button included in all marketing communications. Members will continue to receive transaction-related emails regarding products or services they have requested. The Company may also send Members certain non-promotional communications regarding the Company and its services, and, to the extent permitted by law, Members will not be able to opt out of those communications (e.g., communications regarding updates to the Company’s policies).
Article 12. Do Not Track Settings
The Solution does not recognize Do Not Track signals. Some third parties may collect aggregate information about the Members’ online activities over time and across websites when they use the Solution. While this information does not include personally identifiable information, certain processing activities that combine aggregate information with other information in possession of such third parties could result in the identification of Members.
Article 13. Rights of California Residents
Pursuant to California Civil Code Sec. 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834; or by telephone at (800) 952-5210; or by email to dca@dca.ca.gov. For more information about protecting their privacy, Members may wish to visit: www.ftc.gov.
Article 14. Policy Updates
The Company reserves the right to modify this Policy. The Company will inform Members of any significant changes to the Policy. If the Member does not agree with the changes, they may delete their account at any time. Continued use of our services after an update constitutes acceptance of the revised policy. The “Policy last updated” date at the top of this page reflects the most recent changes.