Back to home

Privacy Policy

📅 Last Updated: December 19, 2024
At Cardinal, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Quick Links

  1. Information We Collect
  2. How We Use Your Information
  3. Data Security
  4. Data Sharing
  5. Your Privacy Rights
  6. Contact Us

1. Information We Collect

Information You Provide

  • Account Information: Email address, password (encrypted), and account preferences
  • Gift Card Data: Card names, brands, balances, card numbers, PINs, expiration dates, and notes you choose to add
  • Profile Information: Notification preferences and subscription status

Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: App interactions, features used, crash reports, and performance data
  • Location Data: Precise location (only with your permission for Premium location-based alerts)

Information from Third Parties

  • Authentication Services: If you sign in with Apple or Google, we receive basic profile information
  • Payment Processing: Payment information is processed by third-party payment providers (we never store your payment card details)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Cardinal's services
  • Process and store your gift card information securely
  • Send expiration alerts and usage reminders
  • Provide location-based notifications (Premium only, with your permission)
  • Process subscription payments and manage your account
  • Respond to your support requests and communications
  • Detect, prevent, and address technical issues and security vulnerabilities
  • Analyze usage patterns to improve our app and services
  • Send important service updates and policy changes

3. Data Security

We implement industry-standard security measures to protect your data with bank-level encryption.

  • Encryption: All sensitive data (card numbers, PINs) is encrypted at rest and in transit using AES-256 encryption
  • Secure Authentication: Passwords are hashed using bcrypt with industry-standard salting
  • Access Controls: Strict access controls limit who can access your data
  • Regular Security Audits: We conduct regular security assessments and penetration testing
  • Secure Infrastructure: Our backend is hosted on Supabase with enterprise-grade security

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our app:

  • Supabase: Database hosting and authentication
  • Expo: Push notifications delivery
  • App Stores: Apple App Store and Google Play Store for app distribution
  • Payment Processors: For processing Premium subscriptions (they never share full payment details with us)

Legal Requirements

We may disclose your information if required by law, court order, or legal process, or to:

  • Comply with legal obligations
  • Protect the rights, property, or safety of Cardinal, our users, or others
  • Investigate and prevent fraud or security issues

Business Transfers

If Cardinal is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Your Privacy Rights

You have the following rights regarding your data:

Access and Portability

  • Request a copy of your personal data
  • Export your gift card data at any time through the app

Correction and Update

  • Update your account information and card details through the app
  • Correct inaccurate information

Deletion

  • Delete individual gift cards at any time
  • Delete all your data through Settings → Delete Data
  • Request account deletion through Settings → Delete Account

Opt-Out Rights

  • Disable push notifications in your device settings or app preferences
  • Opt out of marketing emails (we don't send them unless you opt in)
  • Revoke location permissions in your device settings

6. Location Data (Premium Feature)

Location-based alerts are a Premium feature that requires explicit permission:

  • We only access your location when the app is in use or running in the background (if you enable this)
  • Location data is used solely to trigger alerts when you're near stores where you have gift cards
  • We do not store your precise location history
  • You can revoke location access at any time in your device settings

7. Children's Privacy

Cardinal is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

  • All personal data and gift cards are permanently deleted within 30 days
  • Anonymized usage data may be retained for analytics
  • Legal and financial records may be retained as required by law

9. International Data Transfers

Cardinal operates in the United States. If you access our services from outside the U.S., your information will be transferred to and processed in the United States. By using Cardinal, you consent to this transfer.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy in the app
  • Updating the "Last Updated" date
  • Sending a push notification for significant changes

Your continued use of Cardinal after changes constitutes acceptance of the updated policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and share
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@usecardinal.app
Support: support@usecardinal.app
Address: Cardinal App, USA