← Back to home

Legal

Privacy Policy

Effective Date: June 12, 2026 Last Updated: June 12, 2026

CardCompass helps you manage the rewards on the credit cards you already hold. This policy explains what we collect, how we use it, who we share it with, and the choices you have — in plain language.

1. Introduction

CardCompass ("we," "our," "us") is an iOS application that helps you manage and optimize the rewards on the credit cards you already hold. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

We are committed to minimizing the data we collect, protecting it with strong security controls, and never selling it to third parties.

Contact: hello.cardcompass@gmail.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: When you sign in with Sign in with Apple or Sign in with Google, we receive a unique identifier and, depending on your sharing preferences, an email address.
  • Card information you enter manually: Card products, custom labels, notes, and tracking preferences. This data is stored in your own iCloud (CloudKit) account, not on our servers.
  • Subscription information: Managed by Apple's App Store and RevenueCat. We do not see or store your payment card details.

2.2 Information We Receive from Plaid (Pro feature)

If you choose to link your financial institutions through Plaid, we receive:

  • Transactions: Up to 24 months of transaction history (amounts, dates, merchant names, categories), used to calculate rewards earned and track sign-up bonus progress.
  • Liabilities: Credit card statement balances, due dates, minimum payments, APRs, and payment history, used to display billing information and credit utilization.
  • Account metadata: Account names, types, last four digits, and balances, used to match your linked accounts to the cards in our app.

We do not receive your bank login credentials — Plaid handles authentication directly with your financial institutions. We do not use Plaid's Identity, Auth, or Balance products, so we do not receive your name, address, or phone number from your financial institutions.

2.3 Automatically Collected Information

  • Anonymized usage analytics via TelemetryDeck (no personally identifiable information).
  • Crash and error diagnostics via Sentry (personal information is stripped before transmission).
  • Application logs for diagnostics, retained for 90 days.

2.4 Data Stored in Your iCloud

Your manually entered card data and preferences are stored in your personal iCloud (CloudKit) account. We do not have access to this data; only you do, via your Apple ID.

3. How We Use Information

We use the information we collect to:

  • Provide the core features of CardCompass: rewards tracking, sign-up bonus progress, benefit tracking, due-date reminders, and card recommendations.
  • Maintain, secure, and improve the Service.
  • Respond to your support requests and communicate service updates.
  • Comply with legal obligations.

We do not use your information for selling data, third-party advertising, or building profiles for commercial sale.

4. How We Share Information

We do not sell or share your personal information. We use the following service providers strictly to operate the Service:

ProviderPurpose
PlaidSecure financial-account connectivity (Transactions, Liabilities)
DigitalOceanBackend infrastructure and database hosting (US data centers)
AppleApp distribution, Sign in with Apple, iCloud sync
GoogleSign in with Google authentication
RevenueCatSubscription management
TelemetryDeckAnonymized analytics
SentryCrash and error monitoring (PII stripped)

We may also disclose information when required by law, or in connection with a business transfer (with notice to you).

5. Data Security

  • Encryption in transit: All connections use TLS 1.2 or higher.
  • Encryption at rest: Data stored on our servers is encrypted at rest (AES-256). Plaid access tokens are additionally encrypted at the application layer before storage.
  • Authentication & access control: Authenticated sessions and per-account access controls ensure one user can never access another user's data. Production access is protected by multi-factor authentication.
  • Data minimization: We do not collect or store your bank login credentials, Social Security Number, or other unnecessary sensitive information.

6. Data Retention

  • Active accounts: Retained while you remain a user.
  • Account deletion: All server-side data is deleted within 30 days of your request, and your Plaid bank connections are revoked.
  • Plaid connections: Removed immediately when you disconnect an account, or automatically after 24 months of inactivity.

7. Your Privacy Rights

You may request to access, delete, correct, or export your personal information at any time.

California residents (CCPA/CPRA) additionally have the right to know what is collected, to opt out of sale/sharing (CardCompass does not sell or share data, so this is always honored), and to non-discrimination for exercising these rights.

To exercise any right, email hello.cardcompass@gmail.com, or delete your account directly in the app's account settings. We respond within the timeframes required by law (typically 45 days).

8. Children's Privacy

CardCompass is not intended for anyone under 18. We do not knowingly collect information from minors.

9. International Users

CardCompass is operated from the United States and currently serves US-based users. Your data is processed and stored in the United States.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated in-app and/or by email. The "Last Updated" date reflects the most recent revision.

11. Contact Us

CardCompass
Email: hello.cardcompass@gmail.com

法律条款

隐私政策

生效日期:2026 年 6 月 12 日 最后更新:2026 年 6 月 12 日

CardCompass 帮你管理已持有信用卡的权益与回报。本政策用通俗的语言说明我们收集哪些信息、如何使用、与谁共享,以及你拥有哪些选择。

1. 引言

CardCompass(“我们”)是一款 iOS 应用,帮助你管理和优化你已持有信用卡的回报。本隐私政策说明我们收集哪些信息、如何使用、与谁共享,以及你拥有哪些选择。

我们承诺最小化所收集的数据,用强有力的安全措施加以保护,并且绝不向第三方出售。

联系方式: hello.cardcompass@gmail.com

2. 我们收集的信息

2.1 你直接提供的信息

  • 账户信息:当你使用“通过 Apple 登录”或“通过 Google 登录”时,我们会收到一个唯一标识符;视你的共享设置,可能还包括一个电子邮箱地址。
  • 你手动录入的卡片信息:卡产品、自定义标签、备注和追踪偏好。这些数据存储在你自己的 iCloud(CloudKit)账户中,不在我们的服务器上。
  • 订阅信息:由 Apple App Store 和 RevenueCat 管理。我们不会看到或存储你的支付卡详情。

2.2 我们从 Plaid 接收的信息(Pro 功能)

如果你选择通过 Plaid 关联你的金融机构,我们会接收:

  • 交易:最多 24 个月的交易历史(金额、日期、商家名称、类别),用于计算已赚取的回报和追踪开卡奖励进度。
  • 负债:信用卡账单余额、到期日、最低还款额、年化利率和还款历史,用于显示账单信息和信用额度使用率。
  • 账户元数据:账户名称、类型、末四位数字和余额,用于将你关联的账户与应用内的卡片匹配。

我们不会接收你的银行登录凭据——Plaid 直接与你的金融机构完成身份验证。我们使用 Plaid 的 Identity、Auth 或 Balance 产品,因此不会从你的金融机构接收你的姓名、地址或电话号码。

2.3 自动收集的信息

  • 通过 TelemetryDeck 收集匿名使用分析(不含任何个人身份信息)。
  • 通过 Sentry 收集崩溃与错误诊断(个人信息在传输前已剥离)。
  • 用于诊断的应用日志,保留 90 天。

2.4 存储在你 iCloud 中的数据

你手动录入的卡片数据和偏好存储在你个人的 iCloud(CloudKit)账户中。我们无法访问这些数据,只有你能通过你的 Apple ID 访问。

3. 我们如何使用信息

我们使用所收集的信息来:

  • 提供 CardCompass 的核心功能:回报追踪、开卡奖励进度、权益追踪、到期提醒和卡片推荐。
  • 维护、保护和改进本服务。
  • 回应你的支持请求,并就服务更新与你沟通。
  • 遵守法律义务。

我们不会将你的信息用于出售数据、第三方广告,或为商业出售而构建用户画像。

4. 我们如何共享信息

我们不出售或共享你的个人信息。我们仅为运营本服务而使用以下服务提供商:

提供商用途
Plaid安全的金融账户连接(交易、负债)
DigitalOcean后端基础设施与数据库托管(美国数据中心)
Apple应用分发、通过 Apple 登录、iCloud 同步
Google通过 Google 登录身份验证
RevenueCat订阅管理
TelemetryDeck匿名分析
Sentry崩溃与错误监控(已剥离个人信息)

在法律要求时,或在业务转让相关情形下(会通知你),我们也可能披露信息。

5. 数据安全

  • 传输加密:所有连接使用 TLS 1.2 或更高版本。
  • 静态加密:存储在我们服务器上的数据经静态加密(AES-256)。Plaid 访问令牌在存储前另在应用层加密。
  • 身份验证与访问控制:经过身份验证的会话和按账户的访问控制,确保任一用户永远无法访问其他用户的数据。生产环境访问受多重身份验证(MFA)保护。
  • 数据最小化:我们不收集或存储你的银行登录凭据、社会安全号码或其他不必要的敏感信息。

6. 数据保留

  • 活跃账户:在你保持用户身份期间予以保留。
  • 账户删除:在你请求后的 30 天内删除所有服务器端数据,并撤销你的 Plaid 银行连接。
  • Plaid 连接:在你断开某账户时立即移除,或在 24 个月不活跃后自动移除。

7. 你的隐私权利

你可以随时请求访问、删除、更正导出你的个人信息。

加利福尼亚州居民(CCPA/CPRA)另外有权知悉所收集的内容、选择退出出售/共享(CardCompass 不出售或共享数据,因此该权利始终得到保障),以及因行使这些权利而不受歧视。

如需行使任何权利,请发送邮件至 hello.cardcompass@gmail.com,或直接在应用的账户设置中删除你的账户。我们将在法律要求的时限内(通常为 45 天)作出回应。

8. 儿童隐私

CardCompass 不面向 18 岁以下的任何人。我们不会在知情的情况下收集未成年人的信息。

9. 国际用户

CardCompass 在美国运营,目前服务美国境内用户。你的数据在美国境内处理和存储。

10. 本政策的变更

我们可能会不时更新本政策。重大变更将通过应用内和/或电子邮件告知。“最后更新”日期反映最近一次修订。

11. 联系我们

CardCompass
邮箱:hello.cardcompass@gmail.com