Privacy Policy

Last updated: December 16, 2025

Your privacy matters to us.

TEN is operated by Tring One FZE, a company registered in the United Arab Emirates. We believe in being transparent about what data we collect, why we collect it, and how we use it. This Privacy Policy explains our practices in plain language.

By using TEN, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account Information

When you create a TEN account, we collect:

  • Mobile phone number (for authentication)
  • Name (optional, for personalization)
  • Email address (optional, for receipts and updates)

Usage Information

When you use TEN, we automatically collect:

  • Stamp collection history (which businesses, when, how many stamps)
  • Reward redemptions (what you claimed, when)
  • Device information (device type, OS version, app version)
  • Location data (only when scanning at a business, to prevent fraud)

Business Information (For Merchants)

If you are a business using TEN, we collect:

  • Business name, address, and contact information
  • Business owner details for account verification
  • Payment information for subscription billing
  • Customer transaction data (anonymized)

2. How We Use Your Information

We use the information we collect to:

  • Provide the service: Track stamps, deliver rewards, manage your account
  • Prevent fraud: Verify transactions are legitimate and prevent abuse
  • Improve TEN: Analyze usage patterns to make the app better
  • Send notifications: Alert you when you earn stamps or rewards (you can disable these)
  • Customer support: Help resolve issues with your account
  • Legal compliance: Meet legal obligations and enforce our Terms of Service

3. Information Sharing

We do not sell your personal information. Ever.

We only share your information in these limited cases:

  • With businesses you visit: When you collect a stamp, the business sees your name (if provided) and stamp count. They do not see your full purchase history.
  • With service providers: We use trusted third-party services to operate TEN:
    • AWS (Amazon Web Services) for secure cloud hosting and data storage
    • Stripe for secure payment processing
    • Resend.com for transactional email delivery
    • OpenAI for AI-powered features and customer intelligence
    These providers are contractually bound to protect your data and comply with applicable privacy laws.
  • For legal reasons: If required by law, court order, or to protect TEN and our users from fraud or harm.
  • In a business transfer: If TEN is acquired or merged, your information may transfer to the new entity (you will be notified).

4. Data Security

We take security seriously. Your data is protected with:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security audits and penetration testing
  • Access controls (only authorized employees can access user data)
  • Secure authentication (OTP-based, no passwords to leak)

However, no system is 100% secure. If we detect a data breach affecting your information, we will notify you within 72 hours.

5. Your Privacy Rights

You have the right to:

  • Access your data: Request a copy of all information we have about you
  • Correct your data: Update inaccurate or incomplete information
  • Delete your data: Request deletion of your account and all associated data
  • Export your data: Download your stamp history and rewards in a portable format
  • Opt out of marketing: Disable promotional notifications (transactional ones remain)
  • Object to processing: Request we stop processing your data for certain purposes

To exercise these rights, contact us at support@getten.app. We will respond within 30 days.

6. Data Retention

We keep your data as long as you have an active account. If you delete your account:

  • Personal information is deleted within 30 days
  • Anonymized usage data may be retained for analytics
  • Transaction records are kept for 7 years for accounting and legal compliance

Backup copies are deleted within 90 days.

7. Children's Privacy

TEN is not intended for users under 13 years old. We do not knowingly collect information from children. If we discover a child under 13 has created an account, we will delete it immediately.

8. International Data Transfers & Regional Compliance

TEN is operated by Tring One FZE, based in the United Arab Emirates. We serve customers globally across UAE, Europe, Australia, and the United States. Your data is securely stored on AWS servers and may be transferred internationally to provide our services.

We comply with regional data protection laws:

  • European Union: We comply with GDPR (General Data Protection Regulation). EU residents have enhanced rights including data portability, right to be forgotten, and the right to object to processing.
  • United States: We comply with CCPA (California Consumer Privacy Act) and other state privacy laws. US residents can opt out of data sales (though we do not sell data) and request disclosure of data collected.
  • Australia: We comply with the Australian Privacy Act. Australian residents have rights to access, correct, and delete their personal information.
  • United Arab Emirates: We comply with UAE data protection regulations and handle data according to local requirements.

9. Cookies and Tracking

Our website uses cookies to:

  • Remember your preferences
  • Analyze site traffic (via privacy-focused analytics)
  • Improve site performance

The TEN mobile app does not use cookies. We use device identifiers for authentication and fraud prevention only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via email or in-app notification at least 30 days before the changes take effect.

Continued use of TEN after changes go live means you accept the updated policy.

Questions About Privacy?

If you have questions, concerns, or want to exercise your privacy rights:

Email: support@getten.app
Company: Tring One FZE