Documentation & help
Everything you need to understand and operate DiscountOneCard — for members, families, business partners, and admins.
What is DiscountOneCard?
DiscountOneCard is a digital local-discount membership that replaces the old-school paper fundraising card. Your organization (a school, booster club, nonprofit, church, sports team, etc.) partners with local businesses who offer real discounts. Members buy an annual membership, show their animated card at checkout, and save — a portion of every membership funds the organization's programs.
- Memberships last 365 days from the day you sign up — no more stale "2026 card" stock.
- Offers can be unlimited (use every time), one-time (one use ever), or recurring (e.g. once a month).
- The verification screen is live-animated and includes your name, so screenshots don't work.
- Family plans cover up to 4 people — priced at 3× the individual rate (buy three, get one free).
Roles & accounts
Your account's role determines what you can do. One login, multiple roles supported.
| Role | Who | Can do |
|---|---|---|
| Member | Cardholders | Browse offers, redeem, show card, manage family, self-serve account. |
| Family leader | Members on a family plan | Everything a member does, plus invite up to 3 others and manage seats. |
| Business owner | Partnered businesses | Edit their own listing, create/update/hide offers, see redemption counts. |
| Affiliate leader | Cause reps (e.g. softball coach) | See stats and revenue attributed to their affiliate code. |
| Org admin | Admin for a specific org | Manage members, businesses, offers, memberships, affiliate codes, audit log (for their org only). |
| Super admin | Platform operator | All of the above plus creating organizations and site-wide settings. |
Super admins and org admins automatically get a comped membership so they can see the member experience without a second account. Super admins can switch which org they're viewing via the picker next to the logo.
Signing up as a member
- Open the app and tap Create account.
- Enter your name, email, and a password (10+ characters).
- Pick the organization supporting your card (e.g. Palmetto High School).
- Optional: enter an affiliate code like
softballto direct a portion of your fee to that cause. - Check your inbox for a verification email and click the link. Done!
Your membership runs for 365 days from the day you signed up. Cancel anytime — but note that cancellation ends access immediately (annual plans aren't pro-rated).
Browsing offers
The home page (Offers) groups every deal by the business offering it. Each offer shows a badge:
- Unlimited — use as many times as you want.
- One-time — one use, forever (e.g. "free welcome dessert").
- Every week/month/quarter/year — one use per period.
Tap any offer to see the full details, terms, and redeem flow.
Map & location
Switch between List and Map view at the top of the offers page. The map shows every business with a pin, using OpenStreetMap data.
Tap Use my location to grant temporary access to your device's GPS. You'll see a blue dot for yourself, pins for nearby businesses, and the list re-sorts by distance. Location is only used in your browser — never sent to our server.
Redeeming an offer
- Open the offer you want to use.
- Tap Redeem now, then Confirm & show my card.
- Show the animated verification screen to the business. You have 10 minutes.
- The business sees your name, school, live clock, and a QR code. They verify and apply the discount.
For one-time offers, tapping Confirm uses it permanently. For recurring offers (e.g. monthly), it locks until the next period. If you redeemed by mistake, ask an admin to reset it (see Managing members).
Your verification card
Tap My Card anytime to show a short 2-minute live card — useful when a business just wants to confirm you're a member without you redeeming anything specific. When you arrive via a redemption, the card runs for 10 minutes instead.
The card includes:
- Your name in large type and your organization's crest
- A live clock down to the millisecond
- An animated gradient background, floating rings, and a countdown bar
- A QR code a business can scan to see a time-limited verification page confirming your membership
If we detect your card being used in two distant places at once, you'll see a gentle banner suggesting a family plan. (See family plans.)
Managing your account
On the Account page you can:
- Update your name, last name, and phone
- Change your password (other logged-in devices will be signed out)
- Resend your email verification
- See your current plan, status, and days remaining
- Cancel your membership (immediate — see the warning on that button)
Family plans
A family plan covers up to 4 people under one leader. It costs 3× the individual rate — effectively buy three, get one free. Everyone gets their own login and their own animated card, but the plan's revenue is tied to one leader.
Starting a family plan
- Sign in as a member, then go to Family.
- Tap Continue to upgrade, review the pricing, and confirm.
- You become the family leader. Your existing individual membership converts to the family plan.
Inviting members
On the Family page, type an email address and tap Send invite. Invites:
- Are emailed by us with a one-click accept link
- Expire after 7 days if not accepted
- Can be sent to someone who already has a DiscountOneCard account or a brand-new user — the accept page handles both
Leaving & swapping
If a member leaves a family, they lose access immediately but can sign up on their own anytime. Seats use a 90-day cooldown — a leader can't remove and replace a member in under 90 days, preventing the plan from being treated like a rotating access card.
If a leader cancels their plan, all seat memberships end at the same time. Member accounts themselves remain but lose active membership.
Your business listing
When an org admin links your account to a business, you'll see a My Business tab. Fill in:
- Name, description, categories (comma-separated, e.g.
pizza, dining, family) - Website, phone, contact email
- Full address + state/ZIP
- Optional: logo URL and hero image URL
Changes go live immediately and are audit-logged so admins can see what you changed.
Creating offers
- In My Business, fill out the "Add offer" form.
- Pick a type:
- Unlimited — use every visit (e.g. 10% off)
- One-time — one per member, forever (e.g. free dessert on first visit)
- Recurring — pick a period (week/month/quarter/year) and an anchor (calendar boundary or each member's signup date)
- Write clear terms — "Dine-in only", "One per visit", "Exclusions apply".
- Save. Members see it instantly.
Monthly recurring offers usually work best anchored to the calendar (resets on the 1st). Annual offers are usually best anchored to each member's signup date (everyone gets their yearly benefit fairly). You can change this per-offer.
Redemption analytics
Only one-time and recurring offers are tracked (unlimited offers are too numerous to count meaningfully). You'll see a count of redemptions per offer on the business page.
Managing members (org admin)
On Admin → Organization → Users:
- Add user — create a user directly. They get a temporary password emailed to them.
- Reset password — generate a fresh temp password; revokes all of their existing sessions.
- Activate/Deactivate — toggle whether a user can sign in.
- Delete — disables them permanently (soft delete).
Switch to the Memberships tab for comping, extending, and redemption resets.
Comping & extending memberships
On the Memberships tab:
- Comp a membership — grant a free membership to any existing user in the org. Useful for sponsorship packages, giveaways, or fixing payment discrepancies. You can flag it comped, set a plan, duration, and internal note.
- +30d / +1yr — quick-extend an existing membership's end date.
- Edit — change status (active/cancelled/expired), end date, plan, price paid, comp flag, or internal note. Also shows the member's recent redemptions with a Reset button that un-consumes a redemption (useful if someone tapped redeem by accident).
Managing businesses & offers
On the Businesses tab, add a business with:
- Name & description
- Owner email — links a user (who must already be in the org) as the business owner so they can self-serve
- Address, city, state
- Latitude & longitude — required for the pin to appear on the map. Copy from Google Maps: right-click the location → coordinates.
Click Offers on any business row to add/hide/delete offers inline.
Affiliate codes
Affiliate codes let you direct a portion of a member's fee to a specific cause (e.g. the softball team). On Admin → Org → Affiliates, add a code with:
- A short lowercase identifier (
softball,band) - A display name and description
- Optional: a leader email — that user is promoted to affiliate leader and sees stats for their cause at
/affiliate - A share percent (0–100) — how much of each fee is attributed to the cause
Members enter the code at signup, and attribution flows automatically.
Audit log
Admin → Audit log shows every admin action — user edits, password resets, business changes, membership comps, redemption resets, deletions. Use it to investigate discrepancies and spot anomalies.
Creating organizations
On Admin → Organizations, add a new org with name, slug (for URLs/signup dropdown), type, city/state, and colors. Every new org automatically:
- Gets a comped membership for you (so you can test it)
- Appears in the public signup dropdown
- Shows up in your org-picker
Site settings
Admin → Site settings has the lead-notification email (where the marketing contact form sends inquiries) and the marketing tagline. Changes save immediately.
Leads
Admin → Leads lists every contact-form inquiry. You can change status (new → contacted → qualified → won/lost/archived), reply directly by clicking the email, or delete the row. New leads also email the notification address.
How we protect your data
- HTTPS everywhere with HSTS — browsers refuse to visit us over HTTP.
- Passwords hashed with scrypt (salted, memory-hard) — we never store plaintext and never see yours.
- Session cookies are HttpOnly, Secure, SameSite=Lax. Tokens are hashed server-side so a DB leak can't be replayed.
- All database access uses Prisma with parameterized queries — no raw user SQL, no injection vectors.
- Every input validated with zod — extra fields rejected; types enforced; lengths capped.
- Rate limits on signup, login, password reset, and lead submissions to block bulk abuse.
- Origin check on every state-changing request — guards against CSRF even if you weren't using SameSite cookies.
- Cloudflare Turnstile on the public lead form to keep bots out.
- Content Security Policy locked down: no inline scripts in the app, only trusted domains for tiles/fonts.
- Audit trail for admin actions — anything that changes another user's data is recorded with who, when, and what.
- Anti-sharing signal — we track offer-use events per IP. If a card is used from two distant subnets in a short window, we flag it and nudge toward a family plan.