Privacy Policy
Effective date: July 2, 2026
CardAlerts ("we," "us," or "our") provides a mobile application that sends real-time notifications when transactions occur on your linked debit or credit cards. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
Information We Collect
Account information. When you sign up, we collect your email address, which we use for authentication (passwordless magic-link sign-in) and to send transaction notifications if you enable email alerts.
Financial account information. When you link a bank account, we use Plaid Inc. ("Plaid") to connect to your financial institution. Through Plaid we receive:
- Transaction data (merchant name, amount, date, and category)
- Account balance information
- The name of your financial institution
We never see or store your bank username or password. Your credentials are provided directly to Plaid or your bank. We do not collect or store full account numbers. The access credentials Plaid issues to us are encrypted at rest using AWS Key Management Service and are never stored in plain text. You can learn how Plaid handles your data in Plaid's End User Privacy Policy.
Device information. If you enable push notifications, we store a push notification token that identifies your device, along with your device platform (Android or iOS).
Phone number. If you enable SMS notifications, we collect the mobile phone number you provide.
Payment information. Paid subscriptions are processed by Stripe, Inc. We do not collect or store your card number; Stripe provides us only a customer reference and subscription status.
How We Use Your Information
We use your information solely to operate CardAlerts:
- To send you real-time transaction notifications by push, email, and/or SMS, according to your preferences
- To authenticate you and secure your account
- To manage your subscription and billing
- To provide customer support
- To detect abuse and enforce rate limits
We do not sell your personal or financial data. We do not use your financial data for advertising, credit decisions, or any purpose other than delivering the notifications you asked for.
How We Share Information
We share information only with the service providers required to operate the app:
| Provider | Purpose |
|---|---|
| Plaid | Connecting to your bank and retrieving transaction data |
| Stripe | Subscription billing |
| Amazon Web Services | Cloud hosting and encryption key management |
| Resend | Delivering email notifications |
| Twilio | Delivering SMS notifications |
| Expo | Delivering push notifications |
| Google Firebase | Account authentication |
We may also disclose information if required by law, subpoena, or to protect the rights, safety, or property of our users or others.
Data Retention
- Individual transaction notification records are automatically deleted after 90 days.
- If you disconnect a bank account, we revoke our access with Plaid and stop receiving data for that account.
- If you delete your account, we revoke all bank connections, cancel any subscription, disable your login, and delete your personal data within 30 days, except where retention is required by law.
Your Choices
- Notification preferences — enable or disable push, email, and SMS alerts at any time in the app.
- Email — every notification email includes an unsubscribe link (CAN-SPAM compliant).
- SMS — reply STOP to any message to opt out immediately (TCPA compliant). SMS alerts are only sent to numbers that opted in.
- Quiet hours — suppress notifications during hours you choose.
- Disconnect a bank — remove a linked account at any time in the app; we revoke access with Plaid immediately.
- Delete your account — available in Account Settings; see Data Retention above.
Security
We encrypt data in transit using TLS and at rest using industry-standard encryption. Bank access credentials are encrypted with AWS KMS customer-managed keys with least-privilege access. We log and monitor access to production systems and never write access tokens to logs.
Children
CardAlerts is a financial product intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18.
Changes to This Policy
If we make material changes, we will notify you through the app or by email before the changes take effect.
Contact
Questions or privacy requests: irbrandonl07@gmail.com