Legal

URBN (“we”, “us”) operates a cross-merchant loyalty program. By creating an account you agree to these Terms and acknowledge our Privacy Policy below.

You must be at least 18 years old (or the age of majority in your jurisdiction) and provide accurate information. You are responsible for safeguarding your credentials.

Points have monetary value: 1 point ≈ $0.01 USD. Estimated annual benefit: ~$50–$250 depending on activity. We offer this incentive in exchange for limited data needed to operate the program.

• Method: point value × estimated qualifying spend, less platform fees.
• You may withdraw from the incentive program at any time without losing previously earned redemptions.
• Participation is opt-in and revocable.

• Account: email, full name, ZIP code, citizenship status (self-declared).
• Transactions: receipt totals, merchant name, points earned.
• Verification (when you opt in): government ID document, selfie, benefit card image.
• Device & log data limited to security and fraud prevention.

We share only an anonymous, rotating token(e.g. 9e3a-4f81-bc22-71ae) with participating merchants — never your name, email, phone, or government ID. You may rotate this token at any time from the Privacy Choices screen.

Cross-context behavioral advertising is off by defaultand requires explicit opt-in (CCPA/CPRA, VCDPA, GDPR Art. 6(1)(a)).

• Right to know what data we hold about you.
• Right to correct inaccurate data.
• Right to delete — see Section 7.
• Right to opt out of sale/sharing and behavioral advertising.
• Right to non-discrimination for exercising any right.
• Right to data portability on request.

EU/UK residents additionally have GDPR Articles 15–22 rights.

When you request deletion, we:

1. Mark your account for purge and queue downstream notifications to every merchant that has touched your token.
2. Send a signed Right-to-Delete webhook to each merchant’s registered endpoint (or log a simulated purge if none is registered).
3. Once all merchant confirmations are received (or terminally failed), we erase your authentication record and personal data from our systems.
4. An immutable audit log of every step is retained for compliance review.

We use Row-Level Security on all user data, encryption in transit, tamper-evident audit chains for verification events, and least-privilege access for staff. No system is perfectly secure — please report suspected vulnerabilities to security@example.com.

The service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect their data.

We will publish a new version number and effective date when these Terms change. Continued use after changes means acceptance.

Privacy requests: privacy@example.com · Mailing address available on request. For California residents: you may also contact us via our toll-free number listed on the website.