Last Updated: March 31st, 2026
This Privacy Policy describes how Tesoro XP, Inc. and our subsidiaries and affiliated companies (collectively, “Tesoro,” “we,” or “us”) collect, use, disclose, and otherwise process information about you.
Tesoro offers rewards experiences and other features within third-party mobile game applications powered by our retail marketing platform (the “Platform”). The Platform integrates with participating third-party mobile applications (each, a “Game”) and gives you the opportunity to earn in-Game rewards such as in-Game virtual currency (“Rewards”) when you participate in challenges (“Missions”) by making purchases from participating third-party retailers and merchants (each, a “Merchant”) using a connected payment method. Participation is optional.
This Privacy Policy applies to information we collect if you interact with the Platform, when you access our website, mobile application, or other online products and services that link to this Privacy Policy (collectively, the “Services”), and when you otherwise interact with us, such as through customer support channels or social media. We may provide different or additional notices of our privacy practices for certain offerings, in which case those notices will supplement or replace the disclosures in this Privacy Policy.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
Targeted Advertising and Analytics
Additional Information for Specific Jurisdictions
The information we collect about you depends on how you interact with us and our Services. In this section, we describe the categories of information we collect and the sources of this information.
We collect information you provide directly to us. For example, we collect information directly from you when you register with the Platform, participate in a Mission, fill out a form, sign up for marketing communications from us, request customer support, or otherwise communicate with us. The types of information that we collect directly from you include your name, email address, postal address, phone number, linked payment card details, and any other information you choose to provide.
Information We Collect Automatically
We automatically collect information about your interactions with us or our Services, including:
Information We Collect from Other Sources
We obtain information from other sources. For example, we may collect information from Games and Merchants you interact with, as well as data brokers, advertising networks, data analytics providers, and mailing list providers. This information includes, for example, the Games you play, Missions you activate, and contact information.
If you participate in a Game that collects precise geolocation data, you may be asked to consent to the app’s collection of this information. Tesoro may also seek your consent to share such precise geolocation data from the Games with our Services if you wish, including, for example, to show you nearby Missions.
Additionally, if you create or log into your Tesoro account through a third-party platform (such as Facebook or Google), we will have access to certain information from that platform, such as your name, birthday, profile picture, username, and any other information the third-party platform discloses about you, in accordance with the authorization procedures determined by such platform.
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are interested in certain Games or Missions based on your prior interactions with the Platform.
We use the information we collect to operate the Platform including to offer and administer Missions and issue Rewards. We may also use the information we collect to:
We may engage others to provide analytics services, serve advertisements, and perform related services across third-party sites and services. To do this, Tesoro and these partners may use cookies, pixels, SDKs, and similar technologies to collect information about your use of our Services and other websites and mobile apps, including your device and advertising identifiers, IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, order information, and conversion information. This information may be used to deliver advertising targeted to you on our Services, other companies’ websites and mobile apps, understand the effectiveness of this advertising, analyze and track data, determine the popularity of certain content, and better understand your activity.
You can learn more about our current targeted advertising practices and how to opt out here https://privacy.tesoroxp.com/targeted-ads.
The activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under certain privacy laws. See the Additional Information for Specific Jurisdictions section below for details.
We disclose information about you in the following scenarios:
We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.
Participating in any Mission is up to you. You can withdraw from Missions at any time and you may also cancel your registration with the Platform whenever you wish within your Platform account settings.
If you consent to sharing precise geolocation data collected by Games you play with the Platform, you can withdraw this consent at any time in your Platform account settings.
You may opt out of receiving promotional emails from Tesoro by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about our ongoing business relationship.
With your permission, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Some U.S. states have enacted privacy laws that grant their residents certain rights and require specific disclosures (“State Privacy Laws”). To the extent these laws apply to Tesoro, if you reside in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, this section applies to you. This section also serves as our California notice at collection.
Additional Disclosures
Our Privacy Policy explains how we collect, use, and disclose information about you as well as our targeted advertising and analytics practices. As required by certain State Privacy Laws, we use the tables below to explain this same information.
Use and Disclosure of Personal Information for Business Purposes
| Category of Personal Information | Categories of Recipients | Use of Personal Information |
|---|---|---|
| Identifiers (such as your name, postal address, email address, and IP address) Account information (such as your username and password when you register with our Platform) Commercial information (such as participating Merchant, transaction amount, Rewards earned, and the date and location of the transaction) Internet and electronic network activity information (such as information about your activity on the Platform, within Games or with online Merchants) Depending on your settings for the Games you play, precise location data and approximate location information (such as your city or zip code) Inferences (such as your inferred location based on your IP address) Audio information (such as phone recordings if you contact customer service by phone) | Games you play Participating Merchants where you participate in Missions Vendors and service providers that provide administrative, analytics, fulfillment, customer service, and assist us with events or promotions Other users and the public if you choose to post content publicly on our Services, such as product reviews Tesoro affiliates and other companies that are under common control with us Legal authorities, if we believe that disclosure is in accordance with, or required by, any applicable law or legal process or others for the purpose of protecting the rights of Tesoro, the public, or others Lawyers and professional advisors Others in connection with a merger, acquisition, or sale of assets, in accordance with applicable privacy laws | Operate the Platform including to offer and administer Missions and issue Rewards; Provide, maintain, improve and develop our Services and develop new products and services; Personalize your experience with us; Send you technical notices, security alerts, support messages, and other transactional or relationship messages; Send you marketing communications (see the Your Choices section below for information about how to opt out of these communications at any time); Monitor and analyze trends, usage, and activities in connection with our products and services; Facilitate contests, sweepstakes, and promotions; Detect, investigate, respond to, prosecute, and help protect against security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect the rights and property of Tesoro and others; Comply with our legal and financial obligations; and To create de-identified and aggregate data that cannot reasonably be linked to you. |
As described in the Collection of Information section above, we collect personal information from various sources, including directly from you, automatically when you access or use our Services, and from third-party sources.
If you consent to our receipt of precise geolocation data from certain Games you play, we will use this information, including to show you nearby Missions. You can withdraw this consent at any time using your Platform account settings. We do not otherwise collect information that is considered “sensitive” under State Privacy Laws and we do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.
We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Privacy Policy. In determining the period of time consumer personal information will be retained, we consider legal and contractual record retention requirements, consumer experience and expectations, our operational needs, and other factors.
Sales, Sharing, and Targeted Advertising Activities
We may disclose certain categories of personal information to personalize the ads we show you on our Services and to advertise Tesoro to you on third-party sites and services. These activities may be considered “sales,” “sharing,” or use of personal information for “targeted advertising” under State Privacy Laws, and the table below covers the categories of personal information we may disclose for these purposes and the categories of third parties that receive it.
| Category of Personal Information | Category of Third Parties |
|---|---|
| Identifiers (such as your name, postal address, email address, and IP address) | Social networks, advertising and marketing networks, and companies that advertise on our Services |
| Internet and other electronic network activity (such as information about your activity on the Platform and actions you take on our Services, Merchants where you shop, and Games you play) | Social networks, advertising and marketing networks, and companies that advertise on our Services |
| Commercial information (such as participating Merchant, Games played, Rewards earned, transaction amount, items purchased, and the date and location of the transaction) | Social networks, advertising and marketing networks, and companies that advertise on our Services |
We do not engage in sales, sharing, or targeted advertising using personal information about consumers we know to be under the age of 18.
Your Rights under State Privacy Laws
Opt Out of Sales, Sharing, and Targeted Advertising
You can learn more about our current targeted advertising practices, including how to opt out here https://privacy.tesoroxp.com/targeted-ads. You can also opt out by visiting our Services with a legally recognized opt-out mechanism, such as the Global Privacy Control, enabled.
Access, Correction, and Deletion
You have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.
To request access, correction, or deletion of your personal information, please contact us at privacy@tesoroxp.com. To authenticate your request, we may ask you to provide certain information about your account or activity on the Platform.
Nonretaliation
We will not retaliate against you for exercising any of your privacy rights.
Appeals
If we deny your request, you may appeal our decision by contacting us at privacy@tesoroxp.com. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
If you reside in California, you may also designate an authorized agent to submit an access, deletion, or correction request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make an access, correction, or deletion request on behalf of a California resident, please contact us at privacy@tesoroxp.com.
Notice of Financial Incentives
If you choose to create a Tesoro account to earn Rewards in the Games you play, this may constitute a “financial incentive” or “bona fide loyalty program” under certain State Privacy Laws (for simplicity, we refer to these offerings as financial incentives throughout this Privacy Policy). If you choose to participate, we collect relevant personal information from you, described in this Privacy Policy, which we use and disclose for the purposes described above, including to operate the Platform embedded within Games to issue Rewards following completed Missions with Merchants.
You can opt in by creating an account with the Platform and choosing to participate in Missions. You can always choose not to participate in Missions or close your Platform account. If you request that we delete personal information that is essential to powering your Platform account or Mission participation, we will not be able to provide you with such benefits going forward. For example, if you ask us to delete your linked payment card, we will no longer be able to facilitate your participation in Missions or corresponding receipt of Rewards. The value of your personal information is reasonably related to the value of the Rewards you earn.
If you have questions about this Privacy Policy, please contact us at privacy@tesoroxp.com.