← mrmylo.comLegal

Privacy Policy

Last updated: 25 June 2026

1. Who we are

MYLO is a loyalty aggregation platform operated by MYLO Middle East FZE, registered in Dubai, UAE. When we say "MYLO", "we", "us", or "our" in this policy, we mean MYLO Middle East FZE. Our registered address and Data Controller contact: privacy@mrmylo.com.

2. What data we collect

We collect your name and email address when you join our waitlist or take the Loyalty Audit. When you add a loyalty program, we collect the program details, membership number, and points balance that you provide, entered manually or captured by scanning your card. We never collect passwords, financial account numbers, or payment card details.

3. How we use your data

We use your contact details to send you your beta invite and product updates. We use your loyalty program data solely to display your aggregated rewards balance within the MYLO app. We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.

4. Valuing your rewards in dirhams

To show your rewards in dirhams (AED) and remind you before they expire, MYLO processes the loyalty balances you add to your account. On our servers we apply a conservative, rounded-down conversion rate that MYLO maintains to produce an estimated value. These figures are estimates to help you understand and compare your rewards. They are not cash, are not redeemable through MYLO, the actual value you receive varies by program, and MYLO is not affiliated with or endorsed by any loyalty program. Where we do not hold a reliable rate, no value is shown. We process this balance data because it is necessary to provide the service you subscribe to (contractual necessity under the UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021). We do not share your individual balances with loyalty programs or partners; any reporting we provide to partners uses aggregated, non-identifying data only.

5. Expiry and reminder notifications

If you turn them on, MYLO sends reminders before your points or miles are due to expire, and occasional prompts to help you get value from your rewards. We send these on the basis of your consent: you can turn them off at any time in the app, and you control device notifications through your phone's settings. Turning them off does not affect the rest of the service.

6. Read-only access

MYLO does not connect to your bank accounts and holds no login credentials for your loyalty programs. The balances and expiry dates you add are stored read-only: MYLO cannot initiate transactions, redeem points, or make changes to any account on your behalf.

7. Data storage and security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your data is stored on Supabase infrastructure hosted in Singapore (AWS ap-southeast-1). Access to personal data is restricted to authorised MYLO personnel only.

8. International data transfers

MYLO Middle East FZE is established in Dubai Silicon Oasis and is subject to UAE Federal Decree-Law No. 45 of 2021 (PDPL). Your personal data is processed and stored on our behalf on infrastructure located in Singapore. Where we transfer personal data outside the UAE, we do so on a lawful basis under the PDPL, relying on an adequate level of protection in the destination jurisdiction and appropriate contractual safeguards with our processors, and, where required, your consent. Our principal sub-processors are listed below. For details of the safeguards applied, contact privacy@mrmylo.com.

  • Supabase Inc. (AWS) · database and authentication · Singapore (ap-southeast-1)
  • Resend · transactional email · EU (eu-west-1)
  • Brevo · marketing email · EU
  • Stripe · payment processing for subscriptions · EU / US

9. Data retention

We retain your data for as long as you hold a MYLO account, plus 90 days after account deletion. Waitlist data is retained until beta launch or until you unsubscribe.

10. Your rights

Under applicable UAE data protection law and GDPR (where applicable), you have the right to access, correct, delete, or export your personal data. To exercise these rights, email privacy@mrmylo.com. We will respond within 30 days.

11. Cookies

We use essential cookies only (session management, security). We do not use tracking or advertising cookies without your explicit consent. See our Cookie Policy for full details.

12. Changes to this policy

We may update this policy as our product evolves. We will notify waitlist members of material changes by email. Continued use of MYLO after notification constitutes acceptance.

13. Contact

Questions about this policy: privacy@mrmylo.com