🎉⭐ Shop Smarter. Save More. Earn Every Time.

🎉⭐ Turn your shopping into real rewards with Cashivo.

Register
Login

Privacy Policy

Last updated: 2nd September 2025

Applies to: www.cashivo.com, the Cashivo mobile app (Android/iOS), and any services linking to this notice.

Redstone Consultants OÜ (Trading as “Cashivo”) any reference to Redstone Consultants OÜ or Cashivo within this Privacy Policy should be considered interchangeable takes data protection and privacy responsibilities seriously. This notice explains how we protect, process, and share your personal data when you visit our website or app, and outlines your rights as a data subject. We may amend this notice from time to time to reflect changes in law or our operations. Any updates will be posted here and, where appropriate, notified to you.

1. Who we are
Controller: Redstone Consultants OÜ
Registry code: 17291792
Registered office: Harju County, Tallinn, Mustamäe District, Karsti Street 4-13, 11625
Website: www.cashivo.com
Contact email: privacy@cashivo.com

If appointed, our Data Protection Officer (DPO) is responsible for overseeing compliance with this privacy notice. Contact details: Silver Karutoom, Managing Director, silver@cashivo.com.
Supervisory authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), Tatari 39, 10134 Tallinn, Estonia. Email: info@aki.ee. Website: www.aki.ee/en.

2. Information we may collect and how it’s collected
We may collect, use, and store the following categories of personal data:
Referral data*: if you refer someone, we collect limited details to confirm sign-up and rewards. Basis: legitimate interests in growing our business.
Registration data*: name, mobile number, email, device ID, operating system/version, app version, login activity, referral tracking. Basis: performance of a contract.
Biometric data: if you use fingerprint or facial recognition on your device. We do not access or store this data; we only receive confirmation from your device provider. Basis: consent.
Purchase & transaction data*: company, amount, payment method, time, rewards, purchase ID, access to gift card. Basis: performance of a contract. Includes sharing with regulated payment providers (e.g., Apple Pay, Google Pay, Open Banking).
Analytics & insights: purchase trends, device ID, to personalise offers. Basis: legitimate interests.
Identification & verification data*: ID documents, photos, or video for Know Your Customer (KYC) checks under the Estonian Money Laundering and Terrorist Financing Prevention Act. Basis: legal obligation and legitimate interests.
Cash-out data*: bank account details to process payouts. Basis: performance of a contract.
Refunds data*: stored and shared with payment providers/banks to complete refunds. Basis: contract, legal obligation, legitimate interests.
Marketing data: email, SMS, push notifications if you opt in (or as permitted by law for existing customers). Basis: consent or legitimate interests.
General communications*: name, email, and correspondence if you contact us. Basis: contract or legitimate interests.
Survey data: anonymised feedback for service improvement. Basis: legitimate interests.
Operational data*: location, device type, OS version, crash logs, diagnostics, and cashback model adjustments. Basis: contract and/or legitimate interests.
App data*: camera and location data for loyalty verification and location-based offers, collected via device permissions. Basis: contract.
Cookies & technologies: via our website/app, including analytics, crash reporting, and (with your consent) marketing cookies. See our Cookie Policy.

Services are not intended for anyone under 18 years of age. If we become aware of an under 18 user, we will delete associated data.

3. Lawful bases for processing
We rely on the following legal bases under Article 6 GDPR:
Consent (e.g., marketing, cookies, biometric login)
Contract (e.g., account creation, purchases, payouts)
Legal obligation (e.g., KYC/AML checks, financial record-keeping)
Legitimate interests (e.g., fraud prevention, analytics, customer service)

4. Automated decision making
We may use automated decision-making and profiling (e.g., for fraud prevention or personalised offers). Where such decisions have legal or similarly significant effects, you have the right to request human review and contest the decision. Basis: contract, legal obligation, or consent.

5. Data sharing and processors
We only share your data with third parties necessary to provide our services, under contract:
• Open Banking providers (bank transfer processing)
• Fraud/KYC providers (identity verification)
• Payment providers (card payments)
• Cloud hosting providers (servers, storage)
• Analytics providers (usage, crash logs)
• Customer support tools (help desk, communications)
• Email/SMS/push providers
• Social media platforms (engagement)

6. International transfers
Your data may be transferred outside the EEA. Where no adequacy decision exists, we use Standard Contractual Clauses (SCCs) with supplementary safeguards. Transfers to the UK currently rely on the EU’s adequacy decision (valid until at least 27 December 2025).

7. Third-party links
Our website or app may link to other websites/apps outside our control. We are not responsible for their privacy practices.

8. Data retention
We retain personal data as long as necessary for the purpose collected. For AML/KYC, we keep data for at least 5 years after the relationship ends, as required by law. Some data may be retained for up to 6 years to defend legal claims. Specific retention policies are available on request.

9. Account deletion
To delete your account, please log in and use the in-app deletion option. Account deletion does not automatically erase personal data required by law. To request erasure, contact privacy@cashivo.com.

10. Your rights
Under EU GDPR and Estonian law, you have the right to:
• Access your data
• Be informed about how your data is used
• Rectify inaccuracies
• Request erasure (subject to conditions)
• Restrict or object to processing (including marketing)
• Data portability (machine-readable format)
• Withdraw consent (where relied upon)

To exercise your rights, contact privacy@cashivo.com. You may also lodge a complaint with the Estonian Data Protection Inspectorate (AKI).

11. Security
We apply appropriate technical and organisational measures, including encryption, access controls, monitoring, and incident response.

12. Contact points
Privacy team: privacy@cashivo.com
Supervisory authority: Estonian Data Protection Inspectorate (www.aki.ee/en)

13. Jurisdiction
This privacy notice applies to www.cashivo.com and Cashivo’s services in Estonia and the EU.