Customer Loyalty Programs: A Legal And Practical Overview (2026 Updated)

A great customer loyalty program can turn a one-off purchase into a long-term relationship. Done well, it helps you grow repeat business, learn what your customers love, and stand out in a crowded market.

But there’s a catch: loyalty programs don’t just involve points and perks. They usually involve promises (your terms), marketing (your advertising claims), and data (customer info you collect and store). If any of those pieces aren’t set up properly, you can end up with customer complaints, regulatory risk, or a program that’s hard to enforce.

This guide is updated to reflect current expectations and enforcement focus in New Zealand, especially around privacy and marketing practices. We’ll walk you through the key legal issues and the practical steps that help your program actually work day-to-day.

What Is A Customer Loyalty Program (And Which Type Suits Your Business)?

A customer loyalty program is any structured arrangement where you give customers a benefit for engaging with your business (usually through purchases or other actions). That benefit might be discounts, points, cashback, early access, VIP perks, or something more creative.

In practice, most loyalty programs fall into a few common formats:

• Points-based programs: Earn points per dollar spent, redeem for rewards.
• Tiered programs: Customers move up levels (e.g. Silver/Gold/Platinum) with increasing benefits.
• Membership or subscription perks: A paid or free membership that unlocks discounts or benefits.
• Spend-and-save offers: “Spend $X and get $Y off” offers tracked through an account.
• Referral programs: A reward for referring friends (often involves marketing and privacy issues).
• Partner programs: Points or rewards across multiple businesses (more complex contracts).

Before you lock anything in, it helps to be clear on what your loyalty program is actually for. Are you trying to:

• Increase repeat purchases?
• Raise average order value?
• Encourage customers to shop across categories?
• Gather customer data to personalise marketing?
• Compete with larger brands (without racing to the bottom on pricing)?

Your legal setup should support that goal. For example, a simple “stamp card” at a café has a different risk profile to an app-based program that tracks purchase history and sends targeted offers.

Do Loyalty Programs Create Legal Obligations In New Zealand?

Yes. Even if your loyalty program is “optional” or “free”, once you offer it and people join, you’re creating expectations that can become legal obligations.

Most of the legal issues come from three places:

• Your terms: what you’ve promised members (points, expiry rules, eligibility, redemption limits).
• Your advertising: how you promote the program (and whether those claims are accurate).
• Your data handling: how you collect, store, use, and share member information.

Consumer Protection And Marketing Rules (Fair Trading Act 1986)

If you’re promoting a loyalty program, the Fair Trading Act 1986 is one of the main laws to keep in mind. It broadly prohibits misleading or deceptive conduct in trade, including misleading representations about pricing, discounts, benefits, and conditions.

Common loyalty program “trip hazards” include:

• Advertising “free rewards” without clearly stating the spend required or key exclusions.
• Promising “exclusive member pricing” where the same pricing is publicly available.
• Using “up to” discounts or “best value” language without the fine print being genuinely accurate.
• Not disclosing important restrictions (e.g. limited redemption periods, capped redemptions, excluded items).

A practical rule: if a condition would matter to a reasonable customer deciding whether to sign up or make a purchase, it should be easy to find and understand (not buried or confusing).

Consumer Guarantees Act 1993 Still Applies To Your Products And Services

Loyalty programs don’t replace your normal legal obligations. If you sell to consumers in NZ, the Consumer Guarantees Act 1993 may still apply to the goods or services you supply (depending on the context). That means you can’t use a loyalty program to “contract out” of basic consumer rights.

For example, if a product is faulty, you generally can’t insist the customer only receives points or store credit instead of the relevant CGA remedy (unless that’s genuinely allowed in the situation).

Your Loyalty Program Terms Can Be Enforceable (If They’re Clear)

Your loyalty program terms usually function like a set of conditions that apply to membership. If they’re drafted clearly and customers can access them (and you run the program consistently with those terms), they help you:

• manage disputes about points, expiry, and eligibility
• limit misuse and fraud
• update the program with proper notice
• reduce the chance of “but you promised…” situations

This is one of those areas where it’s tempting to DIY with a template, but small wording issues can create big headaches later.

Privacy And Data: What You Must Do When Collecting Loyalty Member Information

Most modern loyalty programs collect personal information, such as names, email addresses, phone numbers, birthdays, purchase history, store location, and preferences. In New Zealand, that means you need to think about the Privacy Act 2020 and good privacy practice from day one.

Even a simple “sign up with your email to get points” approach can trigger privacy obligations.

Start With A Privacy Policy (And Make It Match Reality)

If you’re collecting personal information through a loyalty program, you’ll usually want a Privacy Policy that explains, in plain language:

• what information you collect
• why you collect it (e.g. administering rewards, sending offers)
• how you store and protect it
• who you share it with (e.g. loyalty platform providers, email marketing tools)
• how customers can access or correct their information
• how customers can complain if something goes wrong

The key is accuracy. It’s not enough to post a generic privacy policy if it doesn’t reflect what your loyalty program actually does (especially if you’re tracking purchase behaviour or integrating with third parties).

Be Careful With Marketing Consent (Email And SMS)

Loyalty programs often blur the line between “account notifications” and “marketing”. A receipt or points balance update is one thing. Promotional emails, birthday offers, and “member exclusives” are another.

As a practical best practice, give members a clear way to:

• opt in to marketing (where appropriate)
• unsubscribe easily
• stay in the program even if they opt out of marketing (unless your program genuinely requires marketing messages, which is uncommon)

If you’re doing email marketing, it’s also smart to align your program with the rules around electronic promotions. An Email Disclaimer won’t replace proper consent processes, but it can be part of a broader compliance approach depending on how you communicate.

Data Minimisation: Only Collect What You Actually Need

A common mistake is collecting lots of information “just in case” (date of birth, gender, address, detailed preferences), then never using it. That increases your risk if you have a privacy incident, and it can also undermine customer trust.

Try this practical test:

• If you can’t explain why you need a data field, don’t collect it.
• If you only need it occasionally (e.g. identity verification for high-value redemptions), collect it at that point instead.

Third-Party Platforms And Overseas Providers

Many loyalty programs run through third-party platforms (POS systems, apps, email/SMS tools, CRM systems). If those providers store data offshore or use subcontractors, you should understand:

• where the data is stored
• who can access it
• what happens if the provider has a breach
• what contractual protections you have

This is also where your customer-facing privacy messaging should match the behind-the-scenes reality.

Terms And Conditions: How To Make Your Loyalty Program Clear (And Less Disputable)

Your loyalty program should have terms that are easy to find and easy to understand. This can be a dedicated web page, in-app terms, or a sign-up flow with a link.

From a legal and practical perspective, strong terms help you avoid misunderstandings like “I didn’t know points expired” or “I thought I could redeem anytime”. They’re also essential if you ever need to suspend an account for fraud or misuse.

What Should Loyalty Program Terms Cover?

While every business is different, most loyalty program terms should address:

• Eligibility: age requirements, residency, one account per person, employee eligibility (if relevant).
• Sign-up process: how customers join, what details are required.
• Earning points or rewards: what qualifies, excluded purchases, returns/refunds impact.
• Redemption rules: minimum points, redemption windows, exclusions, whether rewards can be combined.
• Points expiry: expiry timeframes, inactivity rules, and how you notify members.
• Program changes: your right to vary benefits, points rates, or partners (and notice process).
• Account suspension/termination: for fraud, abuse, or breaches (and what happens to points).
• Liability limits: reasonable limits and exclusions (carefully drafted).
• Privacy and communications: how you handle data and contact members.

If you also run giveaways or points-based “challenges” (e.g. “complete X purchases this month to win”), you may also need Competition Terms & Conditions so the rules are transparent and enforceable.

Can You Change Your Loyalty Program Terms Later?

Most businesses need flexibility to adjust a loyalty program as costs change or as the program evolves. The key is to build that flexibility in upfront and handle changes fairly.

Practically, that means:

• including a clear variation clause (your right to change the program)
• setting out how you’ll notify members (e.g. email, app notification, website notice)
• avoiding changes that feel like a “bait and switch” (especially if customers have been building points based on earlier promises)

If you’re unsure whether a change is reasonable, it’s worth getting advice before you roll it out, because it’s usually the communication (and not the change itself) that triggers complaints.

Make Sure Your Website Terms Match The Program

If your loyalty program is run online, your broader website terms and customer-facing policies should align with what you’re promising. That might mean having clean Website Terms & Conditions and consistent purchase/refund language.

Consistency matters. If one page says “points never expire” and another says “points expire after 12 months”, you’re setting yourself up for disputes (and potential regulatory attention).

Practical Risks: Fraud, Staff Training, And Customer Complaints

A loyalty program can create operational headaches if it isn’t designed with real-life behaviour in mind. The legal side is important, but so is the practical side.

Fraud And Misuse: Build Rules That Are Easy To Enforce

Loyalty programs can be abused in ways you might not expect, such as:

• customers creating multiple accounts to claim sign-up bonuses
• points being transferred or sold (if not allowed)
• staff members applying discounts inappropriately (sometimes to friends or family)
• returns being used to “game” points, then refunding purchases after redemption

Your terms should let you pause or cancel points where there’s suspected misuse, and your internal process should support that (so your team knows what to do).

Train Your Team So Promises Stay Consistent

A lot of loyalty program disputes don’t start with the terms - they start with an offhand promise at the counter. If a staff member says “sure, we can extend that reward” or “don’t worry, points don’t expire”, you may be stuck managing the fallout.

Consider putting a simple internal playbook in place that covers:

• how to explain the program in one or two sentences
• where to direct customers for full terms
• what staff can and can’t promise
• who handles escalated complaints

If you have employees administering the program, make sure your internal expectations and confidentiality are clear in an Employment Contract and workplace policies (especially if staff can access customer data or apply discretionary credits).

Have A Clear Complaints Process (And Use It)

Loyalty program disputes are usually manageable if you handle them early and consistently. Common disputes include:

• missing points
• points expired unexpectedly
• reward not honoured at checkout
• member-only pricing not applied
• account locked or suspended

Have a process for investigating and responding, including how to correct errors quickly (and when to offer goodwill). That approach protects your brand and reduces the risk of issues escalating.

Key Takeaways

• A loyalty program can be a powerful growth tool, but it also creates real promises to customers that you’ll need to honour consistently.
• In New Zealand, loyalty programs commonly touch the Fair Trading Act 1986 (marketing and representations) and the Privacy Act 2020 (customer information).
• Your loyalty program terms should clearly cover earning and redemption rules, expiry, excluded items, account misuse, and how you’ll make changes to the program.
• If your program collects personal information, a clear and accurate Privacy Policy is essential, and you should only collect data you genuinely need.
• Operational details matter: staff training, fraud controls, and a clear complaints process can prevent small issues turning into bigger disputes.
• If you’re running promotions inside your loyalty program (like giveaways or “spend to win” campaigns), proper competition terms can help keep the rules clear and enforceable.

If you’d like help setting up a customer loyalty program with the right terms and privacy foundations, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.