FENLORA LOYALTY FOR CLOVER — PRIVACY POLICY

Effective Date: February 19, 2026

This Privacy Policy explains how Fenlora LLC (“Fenlora,” “Company,” “we,” “us,” or “our”) collects, uses, shares, and otherwise processes personal data in connection with our application “Fenlora Loyalty” (the “App”) that runs on the Clover point of sale platform (“Clover POS”).

This Privacy Policy applies only to the App and related services provided in connection with the App (the “Services”). It does not apply to Fenlora’s privacy practices in any other context (for example, our marketing website), unless explicitly stated.

TERMS OF SERVICE
The terms governing the App are available at:
https://fenlora.com/fenlora-loyalty-for-clover-eula-terms-of-service

Merchants who install and use the App (“Merchants”) determine how they use the App and the scope of personal data processed through their Clover POS and the App. For most processing of customer and transaction data, the Merchant acts as the “controller” (or similar role under applicable law), and Fenlora acts as a “processor/service provider” processing personal data on behalf of the Merchant to provide the Services. Clover may also act as a controller in some circumstances. You may view Clover’s privacy notice at: https://www.clover.com/privacy-policy

This Privacy Policy is not a substitute for any privacy policy that a Merchant may be required to provide to their customers, personnel, or other individuals.

We may collect personal data from or on behalf of Merchants. Merchants determine the scope of personal data transferred to us or that we collect, and the information we receive may vary by Merchant, by Clover permissions granted, and by how the Merchant configures the App.

A. Information we receive from Clover POS / Clover APIs
Depending on permissions granted by the Merchant, we may receive:
- Transaction and order data: date/time, order totals, taxes, discounts, tips (if applicable), line items (product names/SKUs, quantities), and other order metadata needed for loyalty accrual/redemption and reporting.
- Customer data associated with a Merchant’s customers: identifiers such as customer ID, name (if provided), email, phone number, loyalty identifiers, and customer purchase history within the Merchant account.
- Merchant and store data: merchant ID, store/location identifiers, business name, and configuration settings needed to operate the Services.
- Personnel data (Merchant staff) if applicable: employee identifiers and limited activity metadata needed for App access control, auditing, and fraud prevention.
Payment data note: Fenlora does not request, store, or process full payment card numbers, CVV, magnetic stripe data, or PIN data. Any payment card processing is handled by Clover/Fiserv and is subject to their terms and policies.

B. Information customers provide outside the Clover device (Wallet / loyalty enrollment)
Depending on the Merchant’s configuration, customers may enroll in a Merchant’s loyalty program through Fenlora-managed flows (e.g., QR link / wallet pass installation). In that case, we may collect:
- Contact details such as phone number and/or email address (as configured by the Merchant).
- Optional profile fields if enabled by the Merchant (e.g., name, birthday).
- Loyalty program data: loyalty card ID, points/balance, tier/status, rewards eligibility, redemption history.
- Wallet/pass technical identifiers necessary to deliver the pass and updates (e.g., pass serial number / device token required for Apple Wallet / Google Wallet updates).

C. Device and security data
To keep the App and Services secure and reliable, we may collect:
- Technical logs (timestamps, error logs, API request IDs).
- Limited device/app information from the Clover device or our services (e.g., device model/OS version, App version) strictly for troubleshooting and security.
We do not collect precise geolocation from customers via the App unless required for a specific feature and disclosed/consented where required.

D. Data minimization
We only collect the minimum amount of personal data reasonably required to operate the App and provide the Services to the Merchant.

We use personal data for or on behalf of Merchants to provide the Services and App functionality, including:
- Loyalty program operations: creating/updating loyalty profiles, issuing digital loyalty cards, tracking visits/purchases, calculating and granting points/stamps/cashback (as configured), and processing redemptions.
- Transaction linkage: associating eligible orders with loyalty accounts to prevent duplicate credits and support accurate reporting.
- Communications initiated by the Merchant: sending receipts or loyalty-related messages/updates where enabled and lawful (e.g., pass update notifications, transactional notifications).
- Reporting and analytics for the Merchant: dashboards and insights about loyalty performance, enrollment, and redemptions.
We may also use personal data for related internal purposes:
- To provide updates about the App, including security alerts and important changes.
- To measure performance of and improve the App and Services (primarily using aggregated/de-identified analytics where feasible).
- To respond to inquiries, complaints, and requests for customer support.

We may use personal data as we believe necessary or appropriate to:
(a) comply with applicable laws and lawful requests and legal processes;
(b) enforce terms that govern the App/Services;
(c) protect rights, privacy, safety, or property of Fenlora, Merchants, customers, or others; and
(d) protect, investigate, and deter fraud, harmful, unauthorized, unethical, or illegal activity.

We may share personal data that we collect with:
- The Merchant from whom or on whose behalf we collected the personal data (including via Merchant dashboards and exports).
- The platform on which our App runs, Clover POS, as required for operation of Clover apps and APIs.
- Third parties as a Merchant may direct (e.g., integrations explicitly enabled by the Merchant).
- Service providers (processors/sub-processors) that help us operate and improve the Services, such as:
 - Cloud hosting and infrastructure providers
 - Database/backup providers
 - Monitoring, logging, and error-tracking providers
 - Messaging/pass delivery providers (for wallet pass updates) where applicable

These providers are authorized to process personal data only as necessary to provide services to Fenlora and are subject to contractual confidentiality and security obligations.
- Company affiliates and subsidiaries, only for purposes described in this Privacy Policy.

We do not sell personal data. We do not use Clover-derived customer/transaction data for third-party advertising, cross-context behavioral advertising, or data brokering.

We may disclose personal data to government or law enforcement officials or private parties as required by law and as necessary for the purposes described above. We may also transfer personal data as part of a corporate transaction (e.g., merger, acquisition), subject to appropriate protections.

We maintain administrative, technical, and organizational safeguards designed to protect personal data, including access controls, encryption in transit, and other measures appropriate to the nature of the data processed. No method of transmission or storage is 100% secure; however, we work to protect data using commercially reasonable safeguards.

Subject to our agreement with a Merchant, we retain personal data for as long as necessary to:
(a) provide the Services;
(b) comply with legal obligations;
(c) resolve disputes; and
(d) enforce agreements.

When a Merchant requests deletion, or when the Merchant uninstalls the App and requests data removal, we will delete or de-identify personal data associated with that Merchant within a reasonable period, unless retention is required by law or for legitimate security/fraud prevention needs.

A. Requests from customers / individuals
To the extent that applicable law provides individuals with rights pertaining to their personal data (access, correction, deletion, objection, portability, etc.), individuals should contact the Merchant with any requests pertaining to the Merchant’s use of the App and loyalty program.
Fenlora will assist the Merchant (or Clover, as applicable) in responding to such requests subject to our contract and applicable law.

B. Consent and marketing preferences
Where required, the Merchant is responsible for obtaining any necessary notices and consents from customers. Customers may opt out of Merchant marketing communications through the mechanisms provided by the Merchant or as required by law.

If personal data is transferred outside the country/region where it was collected (including outside the EEA/UK where applicable), we use appropriate transfer mechanisms as required by law, such as Standard Contractual Clauses or other lawful mechanisms.

The App is intended for use by Merchants and their customers in a commercial context and is not directed to children. If a Merchant enrolls a child under the age where parental consent is required by law, the Merchant is responsible for obtaining any required consent.

We may update this Privacy Policy from time to time. We will indicate changes by updating the Effective Date. Material changes may be communicated through the App or via Merchant-facing channels.

Fenlora LLC
20 Trafalgar Sq. Ste. 485, Nashua, NH 03063-1985
Email: privacy@fenlora.com
Support: support@fenlora.com
Phone: +1 (603) 802-7710