Feature requests

I have many customers who don't really care about statistics or prices. For example, they might use stamps cards, and they asked for the option to remove this screen in the scanner, so it would be optional or just not appear at all. Obviously, they don't mark it as a required field—which is already possible in the settings today but they also want the option for it not to show up whatsoever. This would speed up and shorten the scanning process in the scanner app. Essentially, this could be a single tap, whereas currently, it requires 3 taps on the screen!

One example: Gift cards. The autopush said, "Points accrued. You now have $50.00 points." NOBODY uses points on gift cards. It's money. IF someone is using points then the platform needs to be retooled to account for the difference. There are a few other programs that have similar odd and confusing language on the autopushes. One of the Boomerangme reps actually suggested that businesses explain it (points- where there are none- for dollars- on cash based programs like the gift card and the discount program). Respectfully, that's absurd. I shouldn't have to explain idiotic stuff to clients and potential customers. And why would the developers at the early stages say, "Let's make some push notifications uneditable."? Help me understand. If you have a reason, great. But at least find some way for the language on transactional notifications to reflect the reality of what is happening. Please. Seriously. Thanks.

Hi team, I noticed that when we download a client report for agenesis or our sub accounts, the link looks like this: https://cdn.digitalwallet.cards/reports/5d181f45g-ac8c-534d54-a0a9-4e5r4d5s.xls The problem is that this link has no login or expiry on it. Anyone who has the link or who figures out the pattern can download the file with no authentication. ⚠️A basic script could cycle through thousands of link variations and pull other agencies' client lists. 😱 This is a real risk. These files contain our clients' personal data, and if someone gets hold of them it could be a serious privacy breach for every agency on the platform. Please look into adding proper access control to these download links — whether that's making them expire, requiring a login, or both. Thanks for taking this seriously.

I'd like to request the ability to add custom CSS and JavaScript to the Boomerangme frontend UI. This would allow users to hide or customize specific menus, sections, or features within the software. This feature would be especially useful for agencies who want to simplify the UI for clients by removing features that may not be relevant to their use case or region. Since the user permissions system doesn’t allow for full granular control over all features and UI elements, the ability to inject custom CSS/JS would provide flexibility to customize the interface. Examples of Use Cases: Hiding all instances of SMS/Email features if those services are handled externally. Hiding payment integration options like Stripe and PayPal when they're not applicable in the user's country. Removing miscellaneous or advanced features to streamline the client experience.

it would be absolutely nice to have an option to send directly emails to leads here, or to have a button of adding a contact on the subaccounts, the issue is that if the ai doesnt match a contact on the subaccounts, i cannot reachout to them, its amazing to be able to directly add contacts and their details manually, name, email, phone, linkedin, if we find them ourselves since the ai is not perfect

Hi team, I wanted to raise a security concern I noticed with how Sub Accounts & Card links are currently structured on the platform. Each Sub Account & loyalty cards are assigned a sequential numeric ID, for example: -Sub Accounts : https://www.myplatform/agency/clients/111222 Card URL : https://www.myrplatform.com/getpass/1234567 Because the ID is a plain incrementing number, it would be straightforward for anyone to write a script that loops through IDs and visits every card on the platform. Since the card pages are publicly accessible (they need to be, for customers to enroll), this means a bad actor could potentially harvest business names, logos, and other details from every card on the platform at scale. 🟢 What I'd like to request: Replace sequential IDs with random tokens /getpass/a7x9kq2m4p instead of /getpass/1234567 , same thing with Sub accounts, this makes it practically impossible to enumerate cards. Rate-limit the card enrollment endpoint block or challenge requests that hit too many card URLs in a short time. Add bot protection to the enrollment form something like Cloudflare Turnstile or a CAPTCHA to prevent automated fake signups being submitted at scale across cards. Avoid exposing card IDs in CDN asset paths currently the logo URL also contains the numeric ID (e.g. /templates/1234567/logo.png ), which creates a second enumeration surface. This is a relatively simple fix on the backend but it closes a meaningful exposure for all businesses using the platform. Thanks

Hello Team, Since the new card installation page is setup (which we all are loving and is an amazing upgrade), when we try to send the link through our social channels, a weird “Enrollment form” pop-up appears which looks unprofessional and weird. Previously, it displayed the promotion name which was still acceptable. If the link pop-up can have the sub-account/client logo and the name of the promotion then that would be great!

Stripe does not work across many countries. The Gift Card / Membership only works with Stripe enabled. Need more Payment Gateways to be integrated. (Razor Pay for India) and optionally a Manual Top Up, where the Establishment collects the money in the physical location and updates the Card for the User, which will auto deduct based on usage.

Hi Team, I’m currently using your Agency white-label tier, but I’ve run into a major brand isolation issue that makes it easy for clients and competitors to spot our white-label setup. You’ve done an awesome job white-labeling the API and documentation, but I think this is a more pressing priority right now. ⚠️ The Problem: AI & Search Traceability Currently, agencies are instructed to point custom subdomains to ns.digitalwallet.cards . While this domain is meant to be a generic "ghost" address, it is not fully isolated: 👣 Public Footprint: The domain currently hosts your official API v2.0 documentation ( docs.digitalwallet.cards ) and active marketplace apps (e.g., lightspeed.apps.digitalwallet.cards ). 🧑🏻‍💻 Instant AI Detection: Because these public, indexable endpoints live on the exact same domain, I discovered the connection to your brand instantly simply by asking Gemini who owns ns.digitalwallet.cards . The AI immediately identified it as Boomerangme infrastructure. Since tech-savvy clients and competitors regularly use AI assistants and DNS lookups for research, this public link completely breaks the white-label illusion we are paying for. 🟢 The Requested Solution To fix this loophole, we need a truly anonymous routing path. Could the development team implement the following: A Pure "Ghost" CNAME Target: Provide a completely separate, generic domain (e.g., ns.customercards.net or route.loyaltyrouting.com ) dedicated solely to traffic routing. 🌐 Zero Web Presence: Ensure this new domain has absolutely no public web presence, no indexable developer documentation, and no branded subdomains. If visited directly, it should just return a blank page or a 404 error. Could you please let me know if moving to a completely unbranded routing domain is on your immediate roadmap, or if there is an alternative generic target we can use in the meantime? Thank you,

You have already implemented branded designs for automation and broadcast emails, including automation emails, mass-mailing (broadcast) emails, chat replies, and card-delivery emails. These all use the branded email template with the logo, header, footer, and social links. Agency sub-accounts are also branded with their agency's design. However, this branding does not extend to SMTP transactional emails. Currently, the design for these emails is very outdated ("boomerangme style") and cannot be customized in terms of colors or overall design. This limitation is problematic, as it prevents us from maintaining consistent branding and a professional appearance across all email communications. Please provide the option to fully customize SMTP transactional email templates to match our branded design.