Question 1

What privacy regimes does Loyalife cover?

Accepted Answer

Loyalife supports major privacy regimes and sectoral regulator requirements through configurable consent, residency, access, erasure, and audit controls. Every guarantee is enforced in code, not in a policy PDF.

Question 2

How does the consent model work?

Accepted Answer

Consent is a structured object: channel by purpose by moment, with a proof artefact attached to every state change. Per-channel (WhatsApp, Email, SMS) and per-purpose (transactional, marketing) consent captured with timestamp, status (GIVEN, WITHDRAWN, EXPIRED), and proof-of-capture URL.

Question 3

How does data residency work?

Accepted Answer

Each tenant chooses one or more approved regions at provisioning. Member data pins to its region for the lifetime of the program. Cross-region reads are purpose-scoped, consented, and audited. Sub-processors are disclosed per region with 30-day change notice.

Question 4

What does the audit trail capture?

Accepted Answer

Every read (member ID, reader role, reason code, timestamp, source IP), every write (event ID, writer service, idempotency key, before/after state), every config change (RBAC, consent rule, residency rule with structured diff and approver), all exportable to Splunk, Datadog, S3, or Snowflake.

Question 5

How does lineage tracing work?

Accepted Answer

Every datapoint carries a full lineage graph: source channel, source system, capture timestamp, consent state at capture, processing chain (validate, normalize, enrich, land), and downstream uses. Queryable at runtime via a lineage(record_id) API and emitted to your SIEM on every read.

Privacy controls built into member data

Consent, residency, subject rights, audit

Consent by channel and purpose

Member data pinnedregion-wise

Accessible audit trails for every change

Privacy by design FAQ