The Importance of Data Protection as a Key Driver of Customer Loyalty

By: Punchh


As a company that has its roots in loyalty, Punchh believes that data security and compliance are critical components to fostering loyalty among today’s customers. And we’re not the only ones. According to recent Lynchpin findings, 64% of enterprise business data leaders believe improving customer loyalty is the top benefit to using data privacy and security tools.

That’s why Punchh’s commitment to data protection includes allocating resources, maintaining certifications, auditing and reporting by third-parties, providing industry-standard protection agreements and helping clients strengthen their businesses’ compliance.

Our diligence to stay complaint has helped us achieve CCPA, GDPR, PCI, ISO 27001, ISO 27007 and SSAE 18 (SOC 1 & SOC 2) compliance, in an effort to make compliance easier for you. Punchh’s goal as a strategic partner is to maintain your trust and help you maintain your customers’ trust through our reliable business practices and data safeguards. Here’s a quick look at our certifications and their value to you.


The California Consumer Privacy Act (CCPA) went into effect January 1, 2020, and gives enhanced privacy and consumer protection rights for residents of California. CCPA has three consumer rights functions that businesses must accommodate: consumers’ right to know what data you have collected, the right to request restriction of use of the data and the right to request deletion of the stored data. 

Punchh provides two processes to support clients with the CCPA regulations, which are accessible via the Punchh Platform or our API’s, depending on the client’s preference. Under CCPA, businesses have 45 days to comply with a consumer request for access or deletion.


The General Data Protection Regulation (GDPR) has been effective since May 25, 2018. The GDPR defines specific requirements for businesses and organizations who are established in Europe or who serve users in Europe, regarding the collection, use and storage of personal data. Punchh adheres to the GDPR guidelines to responsibly process and store data for our European clients.


Punchh is Payment Card Industry (PCI) compliant, adhering to the specifications developed by the PCI Security Standards Council, which are aimed at improving payment security throughout the industry. Our PCI compliant cloud platform ensures for our ecommerce and retail clients that their customers’ payment and sensitive personal data is being stored in a responsible way. Punchh’s approach to security also helps our clients to meet all their PCI compliance requirements.

ISO 27001 & 27007

The ISO 27001 framework provides a number of control objectives and controls to ensure that businesses are addressing the security of the information they’re storing, regardless of what form it’s in – printed, email, stored electronically, etc. Punchh’s information security management practices have achieved certification, along with ISO 27007 certification, which requires auditing of the management system for compliance with the ISO 27001 standard. 

Following these guidelines ensures the confidentiality, integrity and availability of information, which is vital to the compliance, profitability and growth of the businesses we work with. 

SSAE 18 (SOC 1 Type 2 and SOC 2 Type 2)

Punchh’s auditing completion for Statement on Standards for Attestation Engagements (SSAE 18) compliance, demonstrates our commitment to having the proper controls and safeguards in place to support and deliver our clients’ data. Punchh’s System and Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 reports are from a qualified CPA firm, and provide our clients with the assurance that we have applied the same stringent risk assessment standards we uphold to the vendors we work with. The designation distinguishes Punchh as being built upon a reliable set of operational controls and business processes.

 As customers’ expectations continue to expand around the concept of data protection, businesses that offer transparency and earn customers’ trust through adherence to evolving guidelines and regulations will be better positioned to deliver a data-driven, customer experience that provides a high level of personalization and ROI. Explore Punchh’s capabilities to deliver dynamic loyalty for your business.  

Stay in the know. Subscribe to our bi-monthly newsletter to receive proven loyalty strategies, offer management techniques, and new trends in your industry. Sign up today!

More Blog Posts from Punchh