How Loyalty Card Apps Compromise Your Privacy

James Frew 17-05-2017

Loyalty cards and their companion apps are aggressively pushed by supermarkets and stores — and cafes, florists, bookshops, computer gaming outlets, music stores, gas stations, and restaurants, of course.


The deal is simple: you give those businesses your personal information, and they give you discounts, bonuses, or even freebies for spending money with them.

The question is, what are you really trading for that free cup of coffee?

A Long-Term Privacy Battle

Concerns about loyalty cards are nothing new. Before smartphones and the proliferation of the internet, the loyalty card privacy debate was already brewing. In 2004, then U.K. Home Secretary David Blunkett compared the government’s proposed biometric ID cards to supermarket loyalty cards. He was trying to emphasize that the ID cards were safe and didn’t contain much personal information. To many though, his comparison worked the other way and compared loyalty cards unfavorably to the unpopular biometric ID cards.

While the plans for the ID cards were eventually shelved, loyalty cards have continued to proliferate. As its been cheaper and easier for companies to collect and store data about you they have found it profitable to do so How Shops Track You Using Your Smartphone How would you feel if a retail tracked your smartphone as you browsed their store? Would it be easier to palate if they offered you some discounts while breaching your privacy? Read More . Companies have adapted to the smartphone age and now use an app to bring you deals and promotions.

Invading Your Privacy

The entire purpose of a loyalty card is to inspire you to spend your hard-earned money with a particular retailer. While they take their name from the practice of trying to instill loyalty, they often are now used to exploit your data. As with most data collection, the companies aren’t usually totally upfront with their tactics — often obfuscating their techniques behind phrases like “offering you personalized deals” and “rewards for loyalty card holders”.


generic sale

It’s no secret that our smartphones are an incredibly effective data collection tool that we willingly carry around in our pockets everywhere we go. The vast amounts of data that we generate can be used for your benefit but apps will often request access to a wide range of permissions during installation. The Starbucks Android app is a good example of this. When you go to install the coffee chain’s app it requests:

  • Device & app history
  • Identity
  • Contacts
  • Location (approximate & fine)
  • Photos / Media / Files (read & modify)
  • Storage (read & modify)
  • View Wi-Fi connections
  • Receive data from internet
  • View network connections & full network access
  • Control vibration
  • Prevent device from sleeping

How They Use Your Data

Sure, a retailer’s smartphone app needs access to your location to help you locate your closest store. But do you know what the retailer then does with that information? The most likely case is that they store it and use it in order to better target products and services to you. They could also use it to profile an area to determine if they should build more stores, as some prominent U.K. retailers did with credit card data.

target store


In these cases the data collected from you definitely benefits the business but does very little for you. The most infamous demonstration of this was when it was revealed that U.S. retailer Target could identify when a woman was pregnant. This resulted in targeted coupons sent to a woman’s house where they were discovered by her father who didn’t take kindly to Target’s tactics. Although there is obvious benefit to offering new mothers discounts on childcare items, disclosing your sensitive data is not appropriate.

Where Does the Data Go?

Although a loyalty card app is associated with a store, the retailer themselves won’t often analyze the data themselves. Instead, they will employ third party companies to handle and analyze the data. Data transfer like this is usually protected under the retailer’s privacy policy as the transfer is required for their business operations. However, things get a little murkier when companies aim to sell your data How Health Data from Your Apps Is Being Bought and Sold The recent explosion in the number of health and fitness apps means that there's a lot of health data being collected by our devices - data that is being sold. Read More .

Before you consent to have your data collected by loyalty card apps, your first port of call should be their privacy policy. The privacy policy will explain how the company collects your data, how they store it, what they do with it, and your rights in relation to your data. Privacy advocates often criticize these policies as they are often writing in long-winded and technical language. This was underlined when artist Robert Sikoryak turned the iTunes Terms and Conditions into a 94-page graphic novel. However difficult the companies attempt to make their privacy policy it is in your interest to try and interpret how safe, secure, and private your data will be.

Terms and Conditions Terms and Conditions Buy Now On Amazon $14.95


Data sets are highly valuable in the information age, and are often used to profile us for mortgages, insurance, and even how long we are kept waiting on customer care lines. Let’s say you frequent a bar that has a loyalty card app. The app may collect data on when you visit, how long you are there for, and potentially link your spending directly to the app. An insurance company may be particularly interested Do Insurance Companies Breach Your Privacy? Insurance companies use increasingly invasive tactics to investigate and verify a potential claim, keeping fraudulent and other malicious claims low. How far do they go? Is it too far? And most importantly, is it legal? Read More in purchasing this data and use it to profile you when you renew your premium.

Protecting Your Data

Everyone has a different threshold of what they consider acceptable privacy Why Have Americans Given Up On Privacy? A recent study by the University of Pennsylvania's Annenberg School for Communication concluded Americans are resigned to giving up data. Why is this, and does it affect more than just Americans? Read More . If you are comfortable with retailers collecting data through their smartphone app, do you know how they are protecting that data? As technology has become more pervasive in our lives, retailers have had to partly become technology companies. You would be hard pushed to find a store that doesn’t accept credit cards, or use digital accounting software as a minimum.


Almost every day there is news of another data breach, and these aren’t coming exclusively from tech companies. The problem is so pervasive that there is even a Wikipedia list of known high-profile data breaches. Included in the list are British Airways, Gap, Starbucks Should You Dump Your Loyalty Cards After the Starbucks Hack? As criminals look for increasingly sneaky ways to grab data and get their hands on anything with value, loyalty cards and gift cards are in danger of becoming the latest proxy in the ongoing war. Read More , and Target Target Pays for Data Breach, PlayStation Vue Challenges Cable [Tech News Digest] Target targets compensation, viewing PlayStation Vue, silencing Facebook, playing Chromecast tennis, using Netflix God Mode, and flying a speeder bike drone. Read More , all of which provide loyalty card apps.


While financial data is often protected under stringent laws, the same isn’t true for the type of data collected from smartphones Privacy In The UK: The Data Retention And Investigation Powers Bill Read More . Unfortunately these risks aren’t just hypothetical. Major retailers have been targets of data theft and large scale hacks. Many of these retailers are unprepared to protect themselves and your data, as they are not technology companies. A recent blog post on password security by researcher Troy Hunt highlighted this problem.

Is the Trade-Off Worth It?

Loyalty cards may not inspire customer loyalty in the same way as they used to. Companies are now profiting in a new way: with your data. The level of data collection you are comfortable with will depend on how you view the benefit of that app. If you use the retailer frequently, and would like to save some money 5 Tools to Help You Make the Most of Your Rewards Accounts Many companies offer rewards programs — not just airlines. It can be difficult to keep track of them all. Here are five tips that will help you make the most of your rewards accounts. Read More then they might be right for you.

A recent advertising campaign in the UK by the fast-food chain KFC encourages you to download their loyalty card app. In return you receive two free chicken wings, valued at just £0.99 ($1.28). When a company is so determined to have you download their app you have to wonder who benefits. It likely isn’t you.

Do you use store loyalty cards? Are they useful? Do you worry about the privacy of these apps? Have you changed your mind? Let us know in the comments below!

Related topics: Online Privacy, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Roger Thornhill
    August 17, 2019 at 2:05 am

    Really! Nobody cares if they are collecting data and using it to make more profit. So what?

    • James Frew
      August 17, 2019 at 7:08 am

      Digital companies trade in data. But you aren't rewarded for it. They take your data without making it explicitly clear what they are doing with it, and who they give it to. This data is usually sold to third parties who use it to create profiles of us that we have no control over.

      These profiles inform the type of insurance we get offered, the adverts we see, and could even influence the healthcare we receive. You should you be able to make an informed choice about whether you want this.

      That said, your comment sounds as though you don't have much of an issue with this type of behavior. I'm curious then why you'd read, and then comment, on an article that is titled "How Loyalty Card Apps Compromise Your Privacy ."

  2. Brian Wheatley
    June 10, 2019 at 12:11 am

    Hi guys I've installed the StoCard app which lets me digitise my loyalty cards. To me this addsa lot of convenience but also another level of surveillance; I can create a StoCard account using my Google or Facebook ID. Does this mean that Google and/or Facebook now know when I use my loyalty cards and what do they do with the information?

    • James Frew
      June 10, 2019 at 12:18 am

      Those kinds of apps do seem convenient as they pull all your various cards into one app. However, you are quite right to be concerned about the data sharing. StoCard's Privacy Policy ( doesn't explicitly say which data is transferred, but Facebook certainly gets some.