Skip to main content

Data Privacy in LoyJoy

Data Storage and Encryption Introduction​

  • This document shall provide an overview of every possibility to store data in LoyJoy. At LoyJoy it is our goal to minimise the data privacy footprint of each experience built on the platform. If you have any questions please contact us via
  • LoyJoy may use database tables to store data, including personal identifiable information.
  • This data storage can be switched off or on based on the LoyJoy tenant usage profile.
  • Alternatively, LoyJoy can store data in the local storage of the end customer's device. If this is not sufficient, data from the local storage can be transferred to existing systems via an API. In this way, storage in LoyJoy can usually be avoided altogether.
  • We urge our customers to configure LoyJoy according to the principle of data minimisation.
  • Data is solely stored in the European Union with AES encryption.
  • Every data that might contain personal identifiable information has an automatic expiration. Additionally, data can be manually deleted at any time.

Overview of Personal Data Storage Options​

NoNameMandatoryFunctionalityAutomatic expiryExpiry based onPersonal data contained
1Chat messagesRequired when using the Live Chat moduleAllows you to access the list of recent conversations and read conversation messages in the LoyJoy manager in β€œLive”.7 daysCreated atChat messages (AES encrypted)
2Chat messages for Natural Language Understanding (NLU)No, suggested when using NLUStores free-text chat messages with their NLU classification as in Manager > NLU to review AI performance.30 daysCreated atChat messages from free text entries (AES encrypted)
3Messenger SessionsRequired if using Facebook Messenger, WhatsApp, WeChatStores chat sessions in case of Facebook, WhatsApp, WeChat, as those channels do not offer a session database comparable to LocalStorage7 daysCreated atCustomer ID by the external platform, personal data collected in chatbots
4Runtime logYesStores log entries as in Customers > Log E.g. if applicable customer authentication (fail, pass), external API errors (incl. HTTP body in debug mode)7 daysCreated atEmail address (AES encrypted), IP address, Message (AES encrypted)
5Customer databaseNoStores customer data with a flexible data model (based on key value data). Filled automatically and only in case the customer is authenticated, e.g. via process module Sign In.180 daysLast interacted atEmail address (AES encrypted), personal data collected in chatbots
6Manager logYesStores log entries as in Manager > Settings > Log E.g. data access by manager users180 daysCreated atLoyJoy manager user email addresses (AES encrypted)
7VariablesNoStores all process variables for export purposes as in Manager > Customers > Experience > Download variables60 daysExpires atVariable values, files (AES encrypted)
8Marketing ConsentsOnly when using process modules Newsletter Optin, Reminder Optin, Profiling Optin, WebPush Optin, can be disabledStores consents for export purposes.180 daysCreated atEmail address (AES encrypted), IP address (AES encrypted)
9Coupon codes redeemedOnly when using process modules Coupon or Codes, can be disabledStores coupon codes to be emitted to customers. A coupon code emitted to a customer is assigned to that customer, so that it cannot be emitted 180 days/ coupons 360 daysCreated atEmail address (AES encrypted)
10Loyalty transactionsOnly when using process modules Loyalty, LoyaltyReferral, LoyaltySharing, can be disabledStores loyalty transactions which in the chat UI are represented as coins. E.g. a customer can retrieve 10 coins in a loyalty transaction, spend 2 coins in another loyalty transaction for a reward, leaving the customer with 8 coins and a reward redemption.180 daysCreated atEmail address (AES encrypted)
11Loyalty redemptionsOnly when using process module Rewards, can be disabledStores reward redemptions by customers originating from loyalty transactions60 daysCreated atEmail address, firstname, last name, postal address, phone (all AES encrypted)
12Raffle ParticipationsOnly when using process module Giveaway Participation or Instant Win, can be disabledStores raffle participations, from which a participant randomly can be chosen. Might also store a manually picked random list of participants as a copy of the corresponding participation entry60 daysCreated atEmail address, firstname, last name, postal address, phone (all AES encrypted)

Data at Rest​

Data at rest is encrypted according to the database schema

  • Properties with suffix _aes are AES-encrypted with AES/CBC/PKCS5Padding and key size 128. A migration to AES/GCM/NoPadding is planned in 2022.
  • Properties with suffix _bcrypt are hashed with bcrypt with cost 11 and are used for lookup
  • Data at rest is automatically deleted after the expiry date occurs

Data in Transit​

  • Data in transit is encrypted with TLS.
  • All services are hosted on Google Cloud Run, thus the Google Load Balancer certificate management applies.
  • LoyJoy GmbH does not manage TLS certificates, this is automated based on LetsEncrypt by Google Cloud Platform.