Privacy Policy

Lifely Experience ("Lifely Experience," "we," "us," or "our") operates the Lifely mobile application and related member services. This Privacy Policy describes how we collect, use, disclose, and otherwise handle personal information in connection with the service. Last updated: April 12, 2026.

Application of this policy

This Privacy Policy applies to individuals who access or use Lifely as members. The service is currently intended primarily for users in Canada, including users in Montreal and the surrounding area, and may be expanded to other Canadian markets over time.

We are committed to handling personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25) and other applicable Canadian privacy legislation.

Eligibility and age verification

Lifely is intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal information from persons under 18. You are required to provide your date of birth at the time of registration, and we reserve the right to verify eligibility.

Some partner venues accessible through Lifely — including bars, licensed establishments, and other age-restricted businesses — may require in-person age verification before fulfilling a redemption. In such cases, the member is responsible for presenting valid government-issued identification upon request. A participating venue retains the right to decline or cancel a redemption if a member cannot verify that they meet the applicable age requirements, and Lifely Experience is not liable for redemptions refused on this basis.

Information we collect

We collect personal information reasonably necessary to establish and administer your account, provide membership services, process transactions, communicate with you, and operate the platform. Depending on your use of the service, this may include the categories described below.

Account and identity information

• Your full name, email address, and date of birth;
• Your city, province, and country of residence;
• A referral code used at registration, if applicable.

Membership, billing, and transaction information

• Subscription plan, status, activation and renewal dates, and cancellation information;
• Payment processing records, including transaction timestamps and amounts. Payment card details are handled directly by our payment processor, Stripe, and are not stored by us;
• Redemption history, including the offers redeemed, partner venues visited, savings amounts, party size, verification method used, and the date and time of each redemption;
• Booking details, including party size, date, and time slot where applicable.

Referral, guest pass, and social feature information

• Referral code usage, referral status, and milestone information, including whether you have reached referral thresholds that qualify you for rewards or a super referrer designation;
• Guest pass issuance, sharing, and redemption activity;
• A device identifier used solely to attribute referrals and prevent fraudulent referral activity.

Communications and feedback

• Support requests and correspondence with our team;
• In-app feedback submissions and venue suggestions;
• Any other information you voluntarily provide when interacting with us.

Technical, device, and session information

• IP address and device user-agent string, collected in connection with account sessions, login activity, and security monitoring;
• Push notification token (Expo push token), used to deliver notifications to your device, along with notification delivery records including delivery status and interaction events such as whether a notification was received or opened;
• In-app engagement data, including offer impressions, announcement views, activity timestamps, and saved venues, used to personalize venue and offer recommendations;
• Session metadata, including last login and last redemption timestamps.

Email engagement data

Links included in emails we send to you may route through a tracking redirect that records whether and when a link was clicked. This information is attributed to your account and is used to measure the effectiveness of our communications and to inform future outreach. If you prefer not to have your email engagement tracked, please contact us as described in the Contact section below.

Location and permission-based information

If you authorize location access on your device, we collect location information to support venue discovery, map features, and related location-based functionality. If location access is not granted, we rely on the city or regional information associated with your account. Camera access is used solely to support QR code scanning for redemption verification purposes.

How we use personal information

We use personal information for the following purposes:

• to create, maintain, and secure your account;
• to provide access to memberships, offers, redemptions, referrals, guest passes, saved venues, and related features;
• to process payments and manage your subscription status;
• to communicate with you regarding your account, transactions, service updates, and support matters;
• to send promotional and marketing communications, subject to your consent as described below;
• to personalize and rank content, including venue recommendations and offers, based on your in-app activity and preferences, as further described in the Personalization section below;
• to administer push notifications and manage your in-app notification preferences;
• to attribute referrals, calculate referral rewards, and detect referral fraud;
• to generate aggregated and anonymized analytics reports for partner venues, as further described in the Disclosure section below;
• to target and measure the performance of in-app announcements and marketing campaigns, including by tracking campaign delivery events, opens, and clicks, at an individual level where your consent has been obtained;
• to monitor, prevent, investigate, and address fraud, misuse, security incidents, and other prohibited conduct;
• to maintain audit records for accountability, dispute resolution, and legal compliance purposes;
• to comply with applicable legal obligations and enforce our contractual rights.

Personalization and automated content ranking

Lifely uses automated processes to personalize the venue recommendations, offers, and content displayed to you. This personalization is based on your in-app engagement activity, including offers you have viewed or redeemed, venues you have saved, your location or city, and other usage signals. The purpose of this processing is to surface experiences that are relevant to you and to improve the overall usefulness of the platform.

Personalization does not produce legally significant decisions about you and does not affect your eligibility for or access to the service, nor the terms of your membership. You may contact us at any time to learn more about how your information is used in this context or to request that your engagement data not be used for personalization purposes.

Marketing communications and consent

We send two categories of electronic messages:

• Transactional messages — including account verification, payment receipts, subscription confirmations, and similar service-related communications. These are sent as necessary to administer your membership and do not require separate marketing consent.
• Promotional messages — including new offers, venue announcements, and marketing campaigns. These are sent only where you have provided express consent, given by affirmatively and separately indicating your agreement to receive such messages at the time of account registration. You may withdraw that consent at any time, free of charge, by using the unsubscribe link included in every promotional email, by adjusting your notification preferences in-app, or by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of messages sent prior to withdrawal.

Push notifications are sent only where you have granted the necessary device permission. You may manage individual notification categories — including offers and new venues, re-engagement reminders, activity reminders, birthday notifications, and platform broadcasts — through your device settings and through the notification preferences section of your in-app profile.

Service providers and third-party processors

We engage third-party service providers who may receive personal information to the extent necessary to perform services on our behalf. Our primary service providers include:

• Stripe — payment processing and subscription management. Payment card details are transmitted directly to and stored by Stripe, and are governed by Stripe's privacy policy and its PCI-DSS compliance program;
• Resend — transactional and marketing email delivery;
• Expo — mobile application infrastructure, push notification delivery, location services, and device permission handling.

We also engage hosting, database, and infrastructure providers used to operate the platform. All service providers receive personal information only to the extent necessary for the services they perform and are subject to contractual obligations consistent with this policy.

Cross-border data transfers

Some of our service providers, including Stripe, Resend, and Expo, are headquartered or operate infrastructure in the United States. As a result, personal information may be transferred to and processed in the United States, where privacy laws may differ from those in Canada or Quebec. When we transfer personal information outside Canada, we take reasonable steps to ensure that it receives a comparable level of protection, including through contractual safeguards with our service providers. By using the service, you acknowledge that your personal information may be processed outside Canada.

Disclosure of personal information

We do not sell personal information. We may disclose personal information in the following circumstances:

• Service providers — to the providers described above, as necessary to operate the platform;
• Partner venues — we may share aggregated and anonymized analytics with partner restaurants and venues, including general information about the characteristics and activity patterns of members who have redeemed offers at their establishment. This information is presented in aggregate form and is not intended to identify any individual member. We do not provide partner venues with your name, contact details, or any personally identifiable account information;
• Legal and regulatory requirements — to comply with applicable law, a court order, regulatory requirement, or legal process;
• Protection of rights and safety — to protect the rights, property, safety, or security of Lifely Experience, our members, our partners, or the public;
• Business transactions — in connection with a merger, acquisition, financing, or sale of all or a portion of our business, where personal information may be transferred as part of that transaction, subject to confidentiality obligations.

Data retention

We retain personal information for as long as is reasonably necessary to fulfill the purposes for which it was collected. The following general retention principles apply:

• Active account data — retained for the duration of your membership and for a reasonable period thereafter to allow for account reactivation, dispute resolution, and legal compliance;
• Financial and transaction records — retained for a minimum of seven years following the relevant transaction, as required for accounting and tax compliance;
• Authentication and session records — refresh tokens expire after seven days; session security records are retained for a reasonable period for fraud and security purposes;
• Audit and security logs — retained for up to three years to support accountability, dispute resolution, fraud investigation, and legal compliance;
• Email and notification engagement data — retained for up to two years for analytics and personalization purposes;
• Deleted or anonymized accounts — upon account deletion, personal information is anonymized as described below, and anonymized data may be retained for the periods set out above.

Account deletion and anonymization

When you request deletion of your account, we anonymize the personal information associated with it by removing or replacing identifying fields so that the information can no longer reasonably be attributed to you. Anonymized records may be retained for aggregate analytics purposes. Certain records — such as financial or transaction data required for legal compliance — may be retained in anonymized form for the minimum period required by applicable law.

If you wish to request erasure of specific records beyond standard anonymization, please contact us at [email protected] and we will assess your request in accordance with applicable law.

Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission, hashed credential storage, token-based authentication with rotation and revocation controls, rate limiting, and access controls that restrict personal information to personnel who require it to perform their functions. Internal administrative access to account data is subject to role-based restrictions and is logged for accountability purposes.

While we take security seriously, no system is completely secure. We encourage you to use a strong and unique password and to contact us immediately if you believe your account has been compromised.

Privacy incidents

In the event of a privacy incident involving personal information that creates a real risk of significant harm, we will notify affected individuals and the relevant regulatory authority — including the Office of the Privacy Commissioner of Canada and, where applicable, the Commission d'accès à l'information du Québec (CAI) — in accordance with applicable legal requirements and within the timeframes prescribed by law. Notifications will describe the nature of the incident, the categories of information involved, the steps taken or planned to address the incident, and recommended steps individuals may take to reduce potential harm.

Your rights

Subject to applicable law, you may have the following rights with respect to your personal information:

• Access — the right to request a copy of the personal information we hold about you;
• Correction — the right to request correction of inaccurate or incomplete personal information;
• Deletion or anonymization — the right to request deletion of your account and anonymization of associated personal information, subject to our retention obligations as described above;
• Portability — where required by applicable law, including Quebec's Act Respecting the Protection of Personal Information in the Private Sector, the right to receive certain personal information in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another organization where technically feasible;
• De-indexation — where applicable under Quebec law, the right to request that personal information published or made available online be de-indexed or that its dissemination be stopped, where such dissemination contravenes applicable law or a court order;
• Withdrawal of consent — the right to withdraw consent where processing is based on consent, including consent to receive promotional communications, without affecting the lawfulness of processing conducted prior to withdrawal;
• Objection to personalization — the right to request that your engagement data not be used to personalize recommendations or to build targeted campaign audiences, as described in the Personalization section above.

To exercise any of these rights, please contact our Privacy Officer as described below. We may require reasonable verification of your identity before processing a request and will respond within the timeframes required by applicable law.

Privacy Officer

Lifely Experience has designated a Privacy Officer responsible for overseeing compliance with this policy and applicable privacy legislation. Privacy-related questions, requests, or complaints may be directed to:

Privacy Officer, Lifely Experience
[email protected]

If you are not satisfied with our response, you may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or, if you are a Quebec resident, the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.

Changes to this policy

We may amend this Privacy Policy from time to time. Any updated version will be posted with a revised "Last updated" date. Where required or appropriate, we will provide advance notice of material changes by email, in-app message, or other reasonable means. Continued use of the service following notice of a material change constitutes your acceptance of the updated policy.

Contact

All questions or requests concerning this Privacy Policy should be directed to our Privacy Officer at [email protected].

Terms of Service