Privacy Policy

Last updated: January 6, 2026

1. Overview

CardTool ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our credit card rewards tracking service.

2. Information We Collect

Account Information

  • Email address and name (from Clerk authentication)
  • Account preferences and settings

Card Tracking Data

  • Which credit cards you have added to your wallet
  • Custom card names you create
  • We do NOT collect: Actual credit card numbers, CVVs, or other payment credentials

Spending Data

  • User-entered annual spending estimates by category (e.g., "I spend $500/month on groceries")
  • This data is optional, self-reported and not linked to actual transactions

Usage Data

  • Pages visited and features used
  • Error logs and performance data
  • Device and browser information

3. How We Use Your Information

  • Provide the service: Calculate and display reward earnings based on your cards and spending
  • Verify membership: Check subscription status via Stripe
  • Improve the product: Analyze aggregate usage patterns
  • Communicate with you: Respond to feedback and support requests
  • Ensure security: Detect and prevent fraud or abuse

4. We Do Not Sell Your Data

CardTool does not sell, rent, trade, or otherwise provide your personal information to any third parties for their marketing or commercial purposes.

  • No data brokers: We never share your information with data brokers or advertisers
  • No marketing lists: Your email and personal data are never shared for third-party marketing
  • No profiling for others: We do not create profiles about you to sell to other companies
  • Service providers only: The only third parties that receive your data are the service providers listed below, solely to operate CardTool

5. Third-Party Service Providers

We use the following third-party services solely to operate CardTool. These providers only receive the minimum data necessary to perform their function:

  • Clerk: Authentication and user management
  • Supabase: Database hosting
  • Stripe: Membership verification (email only)
  • Vercel: Application hosting
  • Sentry: Error tracking and monitoring
  • Plaid: Optional bank account linking (see Section 6)

6. Data Retention

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Data removed within 30 days of deletion
  • Logs: Retained for 7-14 days depending on service tier
  • Backups: Retained for 7-30 days depending on infrastructure

7. Optional Bank Account Linking (Plaid)

This section applies ONLY if you choose to enable our optional bank account linking feature. If you do not use this feature, none of the following data is collected or shared.

What is Plaid?

Plaid Inc. is our third-party service provider that enables you to securely connect your bank accounts to CardTool. When you link an account, you are granting Plaid permission to access your financial institution on your behalf.

What Data Does Plaid Collect?

  • Your bank account and routing numbers
  • Account balances and credit limits
  • Account holder name
  • Transaction history (used only to retrieve balances)

What Data Do We Store?

From the data Plaid provides, CardTool stores ONLY:

  • Account name (e.g., "Chase Sapphire Reserve")
  • Last 4 digits of account number (masked)
  • Current balance and credit limit
  • Last update timestamp

We do NOT store:

  • Full account numbers or routing numbers
  • Transaction history
  • Your bank login credentials (these never leave Plaid)

Your Control

  • You can unlink any account at any time in Settings
  • Unlinking immediately removes all associated data from our database
  • You can also manage Plaid connections at my.plaid.com

Plaid's Privacy Policy

Plaid's privacy practices are governed by their End User Privacy Policy.

8. Data Security

  • All data is encrypted in transit using HTTPS/TLS
  • Data is encrypted at rest in our database
  • We use secure authentication through Clerk
  • Access to production systems is strictly limited
  • We conduct regular security reviews

9. Your Rights

You have the right to:

  • Access your data: View all data we have about you
  • Export your data: Download a copy of your data
  • Delete your account: Request complete deletion of your data
  • Correct your data: Update inaccurate information

To exercise these rights, visit your Settings page or contact us through the in-app feedback system.

10. Children's Privacy

CardTool is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us through the in-app feedback system.

← Back to Home
Privacy Policy | CardTool