<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2750159335126703&amp;ev=PageView&amp;noscript=1">

Privacy Policy


We’re Reward Cloud Limited (CRN: 10051136) trading as Tillo. You can find us at Unit 14 Hove Business Centre, Fonthill Road, Hove, England BN3 6HA.

We provide on-demand access to gift cards from the broadest selection of the world’s favourite brands and always strive to deliver more rewarding experiences for customers everywhere. As a result, we collect personal data about you to provide our service, and we want to be clear and transparent as to what we do with it.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at privacy@tillo.io.

How do we use your data?

When you submit a form on Tillo’s website or on our Platform we will collect your name, company details, phone number and email address. We do this in order to perform our obligations under the contract we enter with you and allow for you to use and access Tillo’s platform. 


When you use Tillo to redeem a gift  we collect your name, address details, phone number and email address. We do this in order to provide the service and allow for you to use and access Tillo’s platform.


When you request a demo, report or white paper via our Platform we will collect your name, company name, email address and contact number. We do this under our legitimate interest to respond to your request quickly and efficiently. 


When you contact us either by phone, email or via social media with general queries, we will usually collect your name, social media handle and contact details, because it’s in our legitimate interest to make sure we can properly respond to your query.


When you receive our news updates. We use your name and email address to provide you with our news updates in line with any preferences you’ve told us about including to provide you with white papers and other reports.

If we send you our news updates because you have opted-in to receive them, we rely on your consent to do so. If you have not opted-in and we send you our news updates, we do this because of our legitimate interest to promote our business.

You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any of our emails, or by emailing privacy@tillo.io.


Technical information when you use the Tillo Platform. When you consent, we collect information about how you use our Platform. We use this information to improve our Platform and to better understand how people use it. More detail on this is set out in our cookie policy.


When you attend one of our events or a third party event we also attend (including virtual events via video conferencing providers including Zoom), we will usually collect your name, company details, phone number and email address (we may also collect your address to send you goodies depending on the event!). At our own events we collect this information because it’s in our legitimate interests to know who’s attending our events; and at third party events, we collect this information because it is in our legitimate interests to promote our business. 


When you apply for a job with us. When you enter into the recruitment process with us we may collect your name, contact details, recruitment information (e.g. right to work documentation and references), qualifications, accreditations, test results (inc. technical tests and coding exercises) and any additional information we may receive from our recruitment partners. We will also undertake background screening checks via our third party provider Vero Screening, we do this in order to take steps to enter into an employment contract with you and assess your suitability for a role with us.


If our business is sold. We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you. 

Who do we share your data with?


Business partners, suppliers and subcontractors where you have provided us with your consent to do so including with our third party lead generation platform provider.


Regulators/ Authorities/ Enforcement Agencies if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.


Promotional events and marketing organisations, we do not sell data for marketing purposes, but may share your data with an event organiser including where we run workshops with co-presenters. We will always tell you before (usually on the event registration form) and you will be given the chance to opt-out before we do this.


Prospective buyers of our business under our legitimate interest to ensure our business can be continued by the buyer.

Where is my data stored?


We store your data in the European Union, primarily in the Republic of Ireland.
Whenever we transfer your personal information outside of the UK and the EU, we ensure it receives additional protection as required by law. You can contact us at privacy@tillo.io for more detail on this.

How long do we keep your data for?

We will only retain your personal information for as long as we need it unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to analyse our programmes and support other similar programmes around the world.

What are your rights under data protection laws?

Access your personal data (also known as a “subject access request”);

Correct incomplete or inaccurate data we hold about you;

ask us to erase the personal data we hold about you;

ask us to restrict our handling of your personal data;

ask us to transfer your personal data to a third party; 

Object to how we are using your personal data; and

Withdraw your consent to us handling your personal data.

You also have the right to lodge a complaint with your relevant supervisory authority, you can find which one applies to you here.

We will always aim to comply with these requests unless there is a legal reason why we cannot do so.


Questions, Comments and More Detail

Your feedback and suggestions on this policy are welcome.

We’ve worked hard to create a policy that’s easy to read and clear. But if you feel that we have overlooked an important perspective or used language which you think we could improve, please let us know by email at privacy@tillo.io.

Our Information Security Policy is available on request - If you require a copy, please email privacy@tillo.io.

This privacy policy was last updated on 31 March 2021.

Cookie Policy

Cookies or Browser Cookies: A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service. Unless you have adjusted your browser setting so that it will refuse cookies, our service may use cookies.

Web Beacons: Certain sections of our service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and/or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).






Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries

1 month


LinkedIn: This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media.

1 year


Used by the social networking service, LinkedIn, for tracking the use of embedded services.

1 year


Used by Meta/Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

3 months


Google Analytics

24 months


This cookie is set by Google Analytics. It stores and update a unique value for each page visited and is used to count and track pageviews.

1 day

__hstc & hubspotuk


13 months

__hssrc &   __cfruid

Session tracking



Heap - User cookie (stores user_id, identity, other ids)

13 months 


Session properties cookie (stores timestamp and cookie domain/path)

30 minutes


Event properties cookie (stores properties set by addEventProperties API)

13 months


Used to determine which domain a cookie can be set on (since public suffix domains block setting cookies on the top level)

Should not persist


User attribution 

365 days


User attribution - ensures data from subsequent visits are attributed to same user ID

365 days


Session tracking - identifies a new user’s first session



User attributes sent through to Hotjar Identify API that are cached



Stores user attributes sent through to Hotjar Identify API whenever not in the sample - collected attributes saved following interaction with Hotjar feedback tool



Stores user viewport details such as size and dimensions



Session data 

30 minutes


Session data - stops collecting if session becomes too large 



Session data - rejected sessions due to server overload



Session data - set when a session is reconnected to Hotjar servers after a break in connection 



Session data - checks if Hotjar Tracking Code can use local storage, which is deleted almost immediately after it is created

Under 100ms 

_hjIncludedInPageviewSample, _hjIncludedInSessionSample

Session data - set to determine if a user is included in data sampling defined by pageview limit or daily session limit

30 minutes


Session data - pageview

30 minutes


Session - determines most generic cookie path to use to share cookies across subdomains where applicable 



Session recordings 



Session recordings - set in session storage as opposed to cookies



Feedback tool - Set when a user interacts with a link survey invitation modal

365 days


Feedback tool - set when a user completes an on-site survey

365 days


Feedback tool - set when a user minimises an on-site survey and ensures the survey stays minimised when navigating through the site

365 days


Feedback tool - set when a user minimises a feedback widget and ensures the widget loads as minimised when navigating to another page

365 days


LinkedIn: This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.

1 day


LinkedIn: Used to store guest consent to the use of cookies for non-essential purposes

6 months


LinkedIn: This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.

1 day


Customer support widget - stores visitor ID for widget authentication

365 days


Customer support widget - store’s visitor’s decision on CookieLaw Javascript API

365 days 



24 months



24 months