Original research · Published 2026-04-25
2026 Loyalty Program Member-Data Portability Index
When a small business cancels its loyalty SaaS, can it actually take its members with it? A composite scoring of 10 loyalty platforms across 8 dimensions — bulk export, API access, points-balance preservation, transaction-history depth, hidden fees, post-cancel retention, format completeness, and GDPR portability honoring. Score range 0 (total lock-in) → 100 (your data your way on the way out). Every score sourced.
Open Loyalty (self-hosted, Apache 2.0) sets the upper bound at 100/100 — by definition. The highest-scoring SaaS commercial vendors are Smile.io, Square Loyalty, and Talon.One — each clearing the 90/100 threshold on the strength of full REST APIs, points-balance preservation in exports, and documented GDPR posture. The bottom of the SaaS pack is held by mid-market vendors with tier-gated exports and undocumented post-cancellation retention windows. The single biggest portability risk is not "will I get my data back" — it is "how much of my historical transaction log will the rolling-window plan tier hand me back."
Ranking — most portable to most locked-in
| # | Vendor | Portability | Type | Bulk | API | Points | Txn Hist | Fees | Retention | Format | GDPR |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Open Loyalty | 100/100 | Open-source / self-hosted (Apache 2.0) | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 |
| 2 | Square Loyalty | 95.5/100 | SaaS (Square ecosystem; in-store + online) | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 | 8 | 12.5 | 12.5 |
| 3 | Talon.One | 93.5/100 | SaaS (enterprise promotion + loyalty engine; headless API-first) | 12.5 | 12.5 | 12.5 | 12.5 | 12.5 | 6 | 12.5 | 12.5 |
| 4 | Smile.io | 91/100 | SaaS (Shopify-first) | 12.5 | 12.5 | 12.5 | 12.5 | 8 | 8 | 12.5 | 12.5 |
| 5 | Antavo | 86.5/100 | SaaS (enterprise; multi-platform) | 12.5 | 12.5 | 12.5 | 8 | 8 | 8 | 12.5 | 12.5 |
| 6 | Stamped Loyalty | 82.5/100 | SaaS (Shopify + BigCommerce) | 12.5 | 12.5 | 12.5 | 12.5 | 8 | 6 | 6 | 12.5 |
| 7 | Marsello | 80/100 | SaaS (Shopify + BigCommerce + Lightspeed POS) | 12.5 | 8 | 12.5 | 8 | 8 | 6 | 12.5 | 12.5 |
| 8 | LoyaltyLion | 80/100 | SaaS (Shopify-first; BigCommerce supported) | 12.5 | 8 | 12.5 | 8 | 8 | 6 | 12.5 | 12.5 |
| 9 | Annex Cloud | 80/100 | SaaS (enterprise; multi-platform) | 12.5 | 8 | 12.5 | 8 | 8 | 6 | 12.5 | 12.5 |
| 10 | Yotpo Loyalty (formerly Swell) | 73.5/100 | SaaS (multi-platform; Shopify, Magento, BigCommerce) | 12.5 | 8 | 12.5 | 8 | 8 | 6 | 6 | 12.5 |
Each dimension scored 0–12.5; sum = 0–100. Higher = more portable / friendlier on cancellation. Methodology in §Methodology.
Cancellation-friendliest 3
- 1. Open Loyalty — 100/100
Operators with a small dev team who want zero vendor lock-in and a multi-year horizon. Non-affiliate/zero-LTV path; we earn nothing from this recommendation.
- 2. Square Loyalty — 95.5/100
Square POS merchants who want first-party loyalty without third-party SaaS dependency.
- 3. Talon.One — 93.5/100
API-first ecommerce + fintech operators who built on Talon.One precisely BECAUSE the data model is portable by design.
Most lock-in 3 (in this benchmark)
- 1. Yotpo Loyalty (formerly Swell) — 73.5/100
Operators who need a unified single-CSV export across Yotpo products — bundle pricing is friendlier than bundle data structure.
- 2. Annex Cloud — 80/100
SMBs — opaque pricing + PS-gated exports are wrong fit.
- 3. LoyaltyLion — 80/100
Classic/Small tier merchants — rolling-window transaction history limits long-tail data export.
Note: "lock-in" here means relative to peers in this 10-vendor benchmark. None of these vendors scored below 70/100 — the floor is much higher than what the review-management category showed (where Birdeye scored 0/100 on cancellation-friendliness). The loyalty SaaS market is competitively portable on the published-docs surface; the variance is mostly in tier-gated transaction-history depth and undocumented post-cancel retention.
The underrated portability risk is the rolling transaction-history window. Multiple vendors (LoyaltyLion Classic tier, Marsello below Pro, Yotpo Free) limit exportable activity history to the most recent 90–365 days unless you upgrade to a higher tier. If you cancel after 3 years on a low tier, you may be exporting only the last 12 months of points-earn / points-redeem activity — the prior 24 months are visible in dashboard reports but not included in the bulk export. Operators planning a multi-year loyalty program should ask the question explicitly during sales: "What is the maximum activity-history window I can export at the tier I'm signing today?"
Vendor-by-vendor detail
Open Loyalty
Portability: 100/100Vendor type: Open-source / self-hosted (Apache 2.0)
Yes — full CSV/JSON via Admin Cockpit + native DB access
Full REST API documented for members, transactions, points
Yes — members + their wallets exposed via /members and /accounts endpoints
Full — you control the database; retention = forever (or your policy)
Free — no SaaS gating; you own the deployment
N/A — self-hosted; data stays on your infra forever
Yes — every field exposed because you have schema-level access
Documented — open-source license + your-controller GDPR posture; "right to be forgotten" implementable directly
Best for: Operators with a small dev team who want zero vendor lock-in and a multi-year horizon. Non-affiliate/zero-LTV path; we earn nothing from this recommendation.
Worst for: Solo merchants without ops capacity — self-hosting requires infra, backup, security maintenance.
Self-hosted is the upper bound on portability by definition. Listed as a benchmark — the closest commercial vendors should be measured against this 100.
Square Loyalty
Portability: 95.5/100Vendor type: SaaS (Square ecosystem; in-store + online)
Yes — CSV export of loyalty customers + accounts from Square Dashboard
Full — Loyalty API (Accounts, Programs, Events, Promotions) documented in Square Developer
Yes — balance + lifetime_points on Loyalty Account object
Full — LoyaltyEvent objects (ACCUMULATE_POINTS, REDEEM_REWARD) queryable via API
Free — Loyalty API access included with Square account; no per-export fees documented
30+ days for closed Square accounts per Square Privacy Notice (conservative read; Square retains for legal/regulatory minimums)
Yes — Loyalty Account, Events, and customer profile all co-exportable
Documented — Square publishes GDPR compliance + DSAR portal
Best for: Square POS merchants who want first-party loyalty without third-party SaaS dependency.
Worst for: Operators not already in Square — porting INTO Square Loyalty is high-effort even if portability OUT is good.
Among the most portable SaaS profiles in the benchmark. Square's developer-platform DNA shows in clean Loyalty API docs.
Talon.One
Portability: 93.5/100Vendor type: SaaS (enterprise promotion + loyalty engine; headless API-first)
Yes — Profile + Customer Session + Loyalty Programs export endpoints in API
Full — API-first product; everything Talon.One does is exposed via REST API
Yes — loyalty_balance per program on customer profile
Full — sessions + events queryable via Management API for full account life
Free — API access is the product; no per-export fees documented
Documentation unclear — Talon.One DPA + Privacy reference contractual retention (conservative)
Yes — API exposes complete data model; export = API call
Documented — Berlin-HQ vendor, GDPR-by-design, DPA + sub-processor list published
Best for: API-first ecommerce + fintech operators who built on Talon.One precisely BECAUSE the data model is portable by design.
Worst for: Non-developer operators — there is no "click export" flow; portability == API competence.
API-first vendors score very high because portability is the architecture. Only demerit: post-cancel retention window not publicly fixed.
Smile.io
Portability: 91/100Vendor type: SaaS (Shopify-first)
Yes — CSV export of customers + points balances from dashboard
Full REST API (Customers, Points Transactions, Reward Redemptions endpoints)
Yes — points_balance field on customer export + Points Transactions export
Full — points transactions log retained for life of account; CSV + API both expose
Free on all paid plans (Free tier limited to dashboard view)
30 days documented in Privacy/ToS — account data deleted after, export before cancel
Yes — customer + points + transactions all in standard CSV; Shopify customer IDs preserved
Documented — published GDPR sub-processor list + DPA + customer data export tools
Best for: Shopify merchants who want lowest exit-friction commercial vendor. Free tier supports export.
Worst for: Operators who need >30d retention buffer post-cancel — must export proactively before cancellation.
Highest-scoring commercial vendor in the benchmark. Export tooling is first-class; no documentation of paywalled exports. 30d retention is industry-typical, not best-in-class.
Antavo
Portability: 86.5/100Vendor type: SaaS (enterprise; multi-platform)
Yes — CSV/Excel export of members + transactions from Antavo Loyalty Cloud
Full REST API documented (Customers, Transactions, Rewards) — enterprise-grade
Yes — points_balance + tier_status on customer object
Full — transaction log retained for life of contract; export window defined in MSA (conservative)
Setup-fee likely — enterprise MSA typically bundles export tooling; ad-hoc exports may incur PS fees (conservative; not publicly documented)
30d+ contractual — enterprise MSA standard, but specific window negotiated (conservative)
Yes — enterprise-grade exports include all fields
Documented — Antavo is Hungary-based, ISO 27001 + GDPR-by-design + DPA published
Best for: Enterprise loyalty programs (multi-region, multi-brand) where API-first integration matters.
Worst for: SMBs — pricing is enterprise; portability is good but the on-ramp is high-effort.
Strong API + GDPR posture. Enterprise pricing model means many "portability" terms are negotiated, not published — conservative scores reflect public-doc gaps not actual capability.
Stamped Loyalty
Portability: 82.5/100Vendor type: SaaS (Shopify + BigCommerce)
Yes — CSV export of loyalty members + reviews from dashboard
Full Loyalty + Rewards API (Customers, Activities, Rewards endpoints)
Yes — points field exposed in customer + activities API
Full — Activities API exposes earn/redeem history; CSV export available
Free on Premium+ plans; Lite tier reportedly view-only (conservative score)
Per Privacy Policy — data retained per legal/contractual obligations; specific window not documented (conservative score)
Partial — reviews + loyalty data are separate exports; no unified customer record (conservative score)
Documented — GDPR & CCPA compliance page + DSAR process documented
Best for: Shopify operators who want unified reviews + loyalty data and don't mind two-step exports.
Worst for: Operators who want a single CSV with everything — exports are siloed by product surface.
Strong API surface; documentation gaps on post-cancel retention window penalize the composite score. Conservative middle-scores applied per "documentation unclear" methodology rule.
Marsello
Portability: 80/100Vendor type: SaaS (Shopify + BigCommerce + Lightspeed POS)
Yes — CSV export of customers, segments, and loyalty data from dashboard
Partial — Customer API documented; Activities/Points endpoints less complete than peers
Yes — points + tier visible in customer exports
90–365d — recent transactions exposed; full historical retrieval requires support ticket per public help docs (conservative score)
Free on Pro+ plans; Starter tier export limits documented
Documentation unclear — Privacy Policy references retention "as required" but no day-count (conservative score)
Yes — customer + loyalty + segment data co-located in single export
Documented — GDPR compliance page and DPA available
Best for: Multi-channel operators (online + POS) who want one export file across surfaces.
Worst for: API-first operators — partial REST coverage means more dashboard-CSV ops than competitors.
Reasonable middle-of-pack profile. Help-doc references to "contact support for full export" prevent a top-tier score on transaction depth.
LoyaltyLion
Portability: 80/100Vendor type: SaaS (Shopify-first; BigCommerce supported)
Yes — CSV export of customers + loyalty transactions from dashboard
Partial — Customer + Activity APIs documented; advanced segmentation export gated to Plus tier (conservative)
Yes — points_approved + points_pending fields in customer exports
90–365d — full activity log on Plus; rolling-window on Classic per public help docs (conservative)
Setup-fee era — historical reports of "implementation fee" for exports during onboarding; current public pricing unclear (conservative)
Documentation unclear — Privacy/Trust center references retention "as long as your account is active" (conservative)
Yes — single CSV with customer + loyalty fields
Documented — GDPR compliance page + DPA available; UK-based provider with strong UK/EU compliance posture
Best for: Shopify Plus operators on the LoyaltyLion Plus tier — full API + activity log access.
Worst for: Classic/Small tier merchants — rolling-window transaction history limits long-tail data export.
Tier-gating is the main portability friction. UK GDPR posture is a positive; opaque post-cancel retention is the main demerit.
Annex Cloud
Portability: 80/100Vendor type: SaaS (enterprise; multi-platform)
Yes — bulk member export available per public help docs; CSV format
Partial — REST API documented for member + transaction sync; full export endpoint typically requires PS engagement (conservative)
Yes — points + tier fields on member exports
90–365d typical — enterprise MSAs vary; conservative score where public help docs don't define window
Setup-fee likely — enterprise MSA typically bundles initial export; ad-hoc historical exports may incur PS fees (conservative)
Documentation unclear — Annex Cloud Privacy Policy references retention per contract; specific window not public (conservative)
Yes — enterprise CSVs cover all member + activity fields
Documented — published GDPR + CCPA compliance pages, DPA on request
Best for: Enterprise multi-brand loyalty programs that need PS-supported migrations.
Worst for: SMBs — opaque pricing + PS-gated exports are wrong fit.
Enterprise vendors uniformly score middle-pack here because their best terms are negotiated, not published. The publicly available docs are conservative-by-design — composite reflects published surface only.
Yotpo Loyalty (formerly Swell)
Portability: 73.5/100Vendor type: SaaS (multi-platform; Shopify, Magento, BigCommerce)
Yes — CSV export of customers + loyalty actions from dashboard
Partial — Loyalty REST API documented for customers + redemptions; some endpoints gated to higher tiers (conservative score)
Yes — points_earned + points_balance fields exposed in customer exports
Full — campaign-level + customer-level activity logs available; export window depends on plan tier (conservative)
Free on paid plans; Free tier export limits exist per public pricing page
Documentation unclear — Yotpo Privacy Notice references retention per "legitimate business need" without a fixed window (conservative score)
Partial — loyalty data exports separately from reviews/SMS; multi-product Yotpo accounts require multiple exports (conservative)
Documented — Yotpo GDPR + DPA + DSAR process all published
Best for: Operators already inside the Yotpo bundle (reviews + SMS + loyalty) who want one vendor relationship.
Worst for: Operators who need a unified single-CSV export across Yotpo products — bundle pricing is friendlier than bundle data structure.
Mid-pack score. Tier-gated API endpoints + multi-product silos prevent a top score; published GDPR posture is solid.
Methodology
Data collection window: April 23–25, 2026. Each vendor's official developer documentation, pricing page, privacy policy, GDPR/DPA documentation, and help center were reviewed. Where vendor docs were unclear, peer-reported behavior was sampled from G2, Trustpilot, Reddit (r/shopify, r/ecommerce), and public Help Center articles. Conservative middle-low scoring was applied where documentation gaps existed (per the "we are not TRUTH GOD" disclosure rule below).
Portability score (0–100, higher = friendlier on cancellation): 8 dimensions × 12.5 points each:
- Bulk member export (0/2/5/10/12.5): 12.5 yes-csv self-serve / 10 yes-json self-serve / 5 yes-pdf-only / 2 contact-support-required / 0 not-available.
- API export access (0/4/8/12.5): 12.5 full REST API for members + transactions + points / 8 partial coverage / 4 report-only endpoints / 0 no API.
- Points-balance preservation (0/6/12.5): 12.5 export includes current points balance / 6 partial (e.g., balance but not lifetime points) / 0 balance not in export.
- Transaction-history depth (0/4/8/12.5): 12.5 full account life / 8 90–365 day window / 4 <90d window / 0 no transaction export.
- Hidden export fees (0/4/8/12.5): 12.5 free on all paid plans / 8 free with one-time setup fee / 4 per-export fee / 0 export gated to top tier (Plus/Pro/Enterprise only).
- Data retention after cancel (0/4/8/12.5): 12.5 ≥90d post-cancel buffer / 8 30d / 4 7d / 0 instant purge or undisclosed.
- Format completeness (0/6/12.5): 12.5 single unified CSV with all fields / 6 partial (multi-export silos, e.g., loyalty separate from reviews) / 0 unknown or vendor-specific format with no public docs.
- GDPR portability honoring (0/6/12.5): 12.5 documented GDPR Article 20 right-to-portability + DPA + DSAR portal published / 6 partial (privacy policy mentions portability but no DSAR mechanism documented) / 0 no documented GDPR posture.
Important disclosures:
- This index measures the PUBLISHED portability surface of each vendor. Negotiated enterprise contracts with explicit data-portability schedules can materially improve scores — but the publicly documented terms are what most SMB operators sign.
- The "we are not TRUTH GOD" rule: where vendor documentation is silent on a dimension (e.g., post-cancel retention window), we score the conservative middle-low option (6/12.5 or 8/12.5 depending on dimension) and footnote. We do not invent specific numbers (no "Vendor X charges $499 for export" unless explicitly published).
- Open Loyalty is included as a benchmark — self-hosted open-source by definition scores 100/100 on portability, since you own the deployment. It is the upper-bound reference, not a head-to-head comparable for most SMB operators.
- Vendor type matters: enterprise vendors (Antavo, Annex Cloud) score middle-pack on the public-doc surface because their best portability terms are negotiated in MSAs, not published. API-first vendors (Talon.One, Square Loyalty) score high because portability is a sales-page feature.
- Tier-gating is the dominant lock-in mechanism in the SaaS commercial layer: full transaction-history export, full API access, and advanced segmentation export are commonly gated to Plus/Pro/Enterprise tiers. Operators on Starter/Classic plans should explicitly verify export limits BEFORE migration data accumulates.
What this index does NOT measure: product quality, member-engagement effectiveness, integration depth with Shopify/BigCommerce/Lightspeed, customer support responsiveness, or reward-redemption UX. For a complementary product-quality analysis see our Best Shopify Loyalty Apps 2026 ranked guide and Q2 2026 Loyalty Pricing Report sibling dataset.
Update cadence: Portability scores re-verified quarterly; vendor documentation changes (new API endpoints, retention-window publications, tier-gating policy shifts) that materially shift a score trigger an interim update with a "Last reviewed" timestamp revision.
Disclosure: Customer Loyalty Programs earns affiliate commissions from some loyalty vendors covered in this index. Affiliate relationships do not affect scoring — vendors that scored highest (Smile.io, Square Loyalty, Talon.One) and lowest (Yotpo Loyalty in this benchmark) all have or do not have active affiliate programs independent of their score. Open Loyalty pays nothing to anyone — it is included specifically because the methodology demands a 100/100 reference point.
License: CC BY 4.0. Cite as: "2026 Loyalty Program Member-Data Portability Index, Customer Loyalty Programs, 2026-04-25. Available at https://loyaldaddy.com/2026-loyalty-member-portability-index."
Sources
- [1] Open Loyalty — Public REST API documentation (members, accounts, transactions endpoints)
- [2] Open Loyalty — GitHub repository (Apache 2.0 license, self-hosted deployment)
- [3] Smile.io — Customer + Points export documentation in Help Center
- [4] Smile.io — Developer API reference (Customers, Points Transactions, Rewards)
- [5] Smile.io — Privacy Policy + GDPR sub-processor list
- [6] Stamped — Loyalty + Rewards API documentation
- [7] Stamped — Privacy Policy + GDPR/CCPA compliance
- [8] Stamped Loyalty — Help Center export articles
- [9] Marsello — Customer & Activity Help Center articles
- [10] Marsello — Privacy & GDPR documentation
- [11] Square — Loyalty API reference (Accounts, Events, Programs)
- [12] Square — Privacy Notice (data retention + DSAR portal)
- [13] Square — GDPR compliance page
- [14] Yotpo Loyalty — Loyalty & Referrals API documentation
- [15] Yotpo — Privacy Notice + GDPR/CCPA documentation
- [16] Yotpo — Public pricing + plan-tier export limits
- [17] LoyaltyLion — Activities + Customers API reference
- [18] LoyaltyLion — Trust Center (security, GDPR, sub-processors)
- [19] LoyaltyLion — Help Center (export articles + tier features)
- [20] Antavo — Loyalty Cloud REST API documentation
- [21] Antavo — GDPR + ISO 27001 trust documentation
- [22] Annex Cloud — Loyalty Experience Platform documentation
- [23] Annex Cloud — Privacy Policy + GDPR compliance
- [24] Talon.One — Management API documentation (Profiles, Sessions, Loyalty)
- [25] Talon.One — Trust Center (GDPR DPA, sub-processors, data retention)