Privacy Policy

Effective date: July 2, 2026

CardAlerts ("we," "us," or "our") provides a mobile application that sends real-time notifications when transactions occur on your linked debit or credit cards. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Information We Collect

Account information. When you sign up, we collect your email address, which we use for authentication (passwordless magic-link sign-in) and to send transaction notifications if you enable email alerts.

Financial account information. When you link a bank account, we use Plaid Inc. ("Plaid") to connect to your financial institution. Through Plaid we receive:

We never see or store your bank username or password. Your credentials are provided directly to Plaid or your bank. We do not collect or store full account numbers. The access credentials Plaid issues to us are encrypted at rest using AWS Key Management Service and are never stored in plain text. You can learn how Plaid handles your data in Plaid's End User Privacy Policy.

Device information. If you enable push notifications, we store a push notification token that identifies your device, along with your device platform (Android or iOS).

Phone number. If you enable SMS notifications, we collect the mobile phone number you provide.

Payment information. Paid subscriptions are processed by Stripe, Inc. We do not collect or store your card number; Stripe provides us only a customer reference and subscription status.

How We Use Your Information

We use your information solely to operate CardAlerts:

We do not sell your personal or financial data. We do not use your financial data for advertising, credit decisions, or any purpose other than delivering the notifications you asked for.

How We Share Information

We share information only with the service providers required to operate the app:

ProviderPurpose
PlaidConnecting to your bank and retrieving transaction data
StripeSubscription billing
Amazon Web ServicesCloud hosting and encryption key management
ResendDelivering email notifications
TwilioDelivering SMS notifications
ExpoDelivering push notifications
Google FirebaseAccount authentication

We may also disclose information if required by law, subpoena, or to protect the rights, safety, or property of our users or others.

Data Retention

Your Choices

Security

We encrypt data in transit using TLS and at rest using industry-standard encryption. Bank access credentials are encrypted with AWS KMS customer-managed keys with least-privilege access. We log and monitor access to production systems and never write access tokens to logs.

Children

CardAlerts is a financial product intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18.

Changes to This Policy

If we make material changes, we will notify you through the app or by email before the changes take effect.

Contact

Questions or privacy requests: irbrandonl07@gmail.com