This document discusses privacy-friendly and secure access control via mobile devices. It proposes a framework that minimizes personal data disclosure through anonymous credentials, local profiles controlled by the user, and micro-incentives. This allows for customization and prevents abuse while rewarding loyalty. The framework separates concerns for software developers, service providers, technology providers and users to facilitate integration in a privacy-friendly manner. Two example applications (inShopnito and avisPoll) are evaluated using this framework.