cardful (“cardful,” “we,” “us,” “our”) is built privacy-first. This policy explains what we collect, how we use it, who we share it with, and the choices and rights you have. It covers both the cardful website (getcardful.pages.dev) and the cardful iOS app. By using cardful, you agree to this policy.
The short version
- We never ask for your online-banking username or password.
- We never store your full credit card numbers.
- We do not link to your bank or import your transactions in this version of the app.
- We do not sell or rent your personal information, and we do not run advertising or cross-site tracking on our website.
- You can delete your data and your account at any time.
Information we collect
Account information
When you sign in with Apple, we receive a unique identifier and, only if you choose to share it, your name and an email address (which may be Apple’s private-relay address). We use this to create and secure your account.
Wallet information you enter
The cards you add, any nicknames, open dates, the credits and benefits you mark as used, your loyalty-program balances, and application history. This is information you choose to provide so the app can do its job. We do not store full card numbers or any bank login credentials.
Preferences
Your notification and reminder settings.
On-device location (optional)
If you enable it, your approximate location is used on your device to suggest the best card for places nearby. This location data is processed on your phone and is not transmitted to us or stored on our servers.
Information collected automatically on the website
Our website is served by Cloudflare Pages, which, like any web host, may process standard technical data such as your IP address, browser type, and request timestamps in order to deliver and secure the site. We do not use this data to build advertising profiles, and we do not combine it with your app account.
Contact form
If you message us through the form on our website, the details you provide (such as your name, email, and message) are processed by Web3Forms, a form-relay service, for the sole purpose of delivering your message to us by email. We use the information only to respond to you. See Web3Forms’ own privacy policy for how they handle data in transit.
Cookies and tracking technologies
The cardful website itself does not set advertising or cross-site tracking cookies, and we do not embed third-party ad networks. We use only what is strictly necessary to serve the site securely.
When you click an “Apply,” “Learn more,” or similar outbound link to a card issuer, the issuer or an affiliate network may set its own cookies to attribute the referral (see “Affiliate relationships,” below). Those cookies are governed by the destination’s privacy policy, not ours. You can manage or block cookies in your browser settings at any time; doing so will not break the cardful site.
Analytics
We do not load third-party advertising or cross-site analytics trackers (for example, ad-network pixels) on our website. If we ever introduce privacy-respecting, aggregate analytics, we will update this policy and limit it to non-identifying, summary metrics.
How we use information
- To provide the app’s features — your wallet, credit and benefit tracking, points valuation, best-card recommendations, application tracking, and reminders.
- To sync your data across your devices.
- To schedule the local notifications you enable (these are created on your device).
- To respond to messages you send us and provide support.
- To maintain the security and integrity of the service.
How information is stored and shared
Backend. We use Supabase, a database and hosting provider, to store your account data. Data is encrypted in transit over HTTPS. A snapshot is cached locally on your device for instant startup and offline reading.
Website hosting. The website is hosted on Cloudflare Pages, which processes standard request data to deliver and protect the site.
Service providers. We rely on Apple (Sign in with Apple), Supabase (database and hosting), Cloudflare (website hosting), and Web3Forms (contact-form delivery). These providers process data on our behalf or to deliver their service, under their own terms and privacy policies.
Legal. We may disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of cardful and its users.
We do not sell or rent your personal information, and we do not share it with third parties for their own advertising.
Affiliate relationships and disclosure
cardful participates in affiliate programs, which may include networks such as FlexOffers, CJ Affiliate, Impact, and Bankrate Credit Cards, as well as issuers’ own programs. This means that when you are approved for a card through certain links on our website or in the app, we may earn a commission at no additional cost to you.
When you click such a link, you leave cardful and the destination issuer or affiliate network may set a cookie to attribute the referral; their collection and use of your information is governed by their own privacy policies. Affiliate compensation never determines our recommendations, which are driven by your wallet and an independent points-valuation engine. For full details, see our Affiliate Disclosure.
Your choices and rights
- You can view, edit, and delete the cards and data you’ve added at any time in the app.
- You can delete your account, which removes your associated data from our backend.
- You can turn notifications and location access on or off in iOS Settings.
- You can manage or block cookies in your browser.
- To request access to, correction of, or deletion of your information, contact us and we will respond within a reasonable time.
Your California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of that information, to request correction of inaccurate information, and to not be discriminated against for exercising these rights. We do not sell or “share” (as defined under California law for cross-context behavioral advertising) your personal information. To exercise any of these rights, contact us.
Your rights in the EEA and UK (GDPR)
If you are in the European Economic Area or the United Kingdom, you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and to data portability. Our lawful bases for processing are: performance of our contract with you (to provide the app), your consent (for optional features like notifications), and our legitimate interests (to secure and improve the service). You may withdraw consent at any time and have the right to lodge a complaint with your local supervisory authority. To exercise your rights, contact us.
Do Not Track
Some browsers offer a “Do Not Track” (DNT) signal. Because there is no common industry standard for DNT, our website does not respond to it. In any case, we do not track you across other websites.
Data security
We protect your information with measures including encryption in transit (HTTPS) and access controls on our backend. We minimize what we collect by design — no bank credentials, no full card numbers. No method of transmission or storage is ever 100% secure, but we work to protect your information and to limit what could be exposed.
Data retention
We keep your data while your account is active. Deleting your account removes your associated data from our systems, except where we are required to retain limited information to comply with the law.
Children
cardful is intended for adults (18+). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
International users
cardful is operated from the United States, and your information may be processed and stored there. By using cardful, you understand your information may be transferred to and processed in the United States.
Changes to this policy
We may update this policy from time to time. The “Last updated” date above reflects the current version, and material changes will be reflected here.
Contact us
Questions about this policy or your data? Get in touch — we’re happy to help.