1. Information We Collect
We collect the following information when you use Cardzen:
- Account information: email address, display name (provided during registration, Google sign-in, or Apple sign-in). When you use Sign in with Apple, you may choose Hide My Email; in that case, Apple provides a private relay address (ending in
@privaterelay.appleid.com) that forwards email to your real inbox without sharing it with us. - Account metadata: account activity timestamps (such as account creation and login dates)
- AI data-sharing consent: when you complete the in-app AI Data Sharing consent step during onboarding, we store the consent timestamp on your user account as
aiDataSharingConsentAt - Chat history: your conversations with our AI assistant, including questions and recommendations
- Card selections: the credit cards you add to your wallet and your preferred card settings
- Card financial context: card names, annual fees, earning rates, credit balances, multiplier categories, perk and benefit tracking state, and category selections from your wallet are shared with AI providers alongside your chat messages to generate personalized recommendations and the Daily Zen morning digest
- Preferences: custom AI instructions (separate chat and Daily Zen instructions), chat history retention setting, voice and display preferences, and per-component tracking preferences
- Credit tracking data: your credit usage records, statement credit utilization, anniversary-based benefit progress, streaks, and non-monetary benefit tracking (lounge visits, companion passes, hotel nights)
- Subscription and billing state: your Pro plan status, billing period, renewal/expiry date, payment provider (Stripe, Apple, or promo grant), and the linkage IDs needed to reconcile your subscription with the payment processor (Stripe customer ID, RevenueCat App User ID, Apple original transaction ID). We do not store your payment card number, expiration date, CVC, or Apple ID password; those are held by Stripe or Apple.
- Feedback submissions: any free-text feedback you submit through the in-app feedback dialog, along with the source surface that opened the dialog, your account email when available, user-agent string, and basic device metadata. When you submit a Help Center helpfulness vote, we store the article ID, whether the article was helpful, the submission time, and a truncated hash of your IP address.
- Voice input (iOS only, optional): when you tap the microphone in chat, your speech is transcribed entirely on-device using Apple SFSpeechRecognizer. The audio never leaves your phone; only the resulting text transcript is sent as a chat message.
- Voice response audio (Pro only, optional): when you enable read-aloud responses, the text of the assistant's reply or spoken summary is sent to Google Cloud Text to Speech to generate audio. The audio file is streamed back and not retained server-side.
- Location (iOS only, optional): when you use the "Near me" suggestion in chat, the app requests your current latitude and longitude through iOS Location Services and passes them to Apple MapKit to find nearby places. Cardzen does not store raw device coordinates on its servers or include raw coordinates in the AI prompt; the resulting nearby place names, categories, distances, and similar place context may be included in the chat message sent to AI.
- Push notification data (optional, iOS): if you opt in to push notifications in the iOS app, we store a Firebase Cloud Messaging device push token (a device identifier), your device platform, app version, whether push is currently enabled for the device, and the token's creation and last-seen timestamps, along with your device timezone (IANA zone, used to send reminders in your local window) and your notification preferences (the master switch, per-category toggles, display style, and send window). The content of each notification is generated from the credit and renewal data already described above, not from a new data source.
- Server logs: server-side request logs containing user identifiers, request metadata, and abbreviated chat content for debugging and service monitoring
- Rate limit violation data: IP address and user-agent string, collected only when rate limit violations occur, for security and abuse prevention purposes
- Analytics data: page views, screen views, and pseudonymous event metadata used to understand how the product is used. On the web this is collected through Google Analytics; in the iOS app this is collected through Firebase Analytics.
We do not collect financial account numbers, full payment card numbers, Social Security numbers, or any banking credentials. We do not use tracking pixels.
2. How We Use Your Information
We use your information to:
Before AI features are made available, Cardzen collects explicit in-app consent during onboarding for the AI data sharing described in this policy. The consent record is stored on your user account as aiDataSharingConsentAt.
- Provide personalized AI credit card recommendations based on your card wallet
- Send your chat messages, card wallet data, credit and benefit tracking state, and display name to third-party AI providers for processing
- Generate the Pro Daily Zen morning digest from your tracking data
- Track and manage your credit card benefits and statement credits
- Deliver optional push notifications reminding you about expiring card credits (Pro) and upcoming card renewals (all tiers), sent in your local send window
- Maintain your chat history and conversation context
- Improve the accuracy and relevance of our AI recommendations
- Process subscription purchases, renewals, cancellations, and refunds through Stripe or Apple In-App Purchase, and keep your Pro entitlement in sync across the web and iOS app
- Communicate with you about your account, billing, and service updates
- Respond to and resolve feedback and support requests you submit through the app, and evaluate Help Center helpfulness feedback
- Ensure the security and integrity of the Service, including rate limiting and abuse prevention
3. Third-Party Services
Cardzen uses the following third-party services to operate. Your data may be processed by these services:
| Service | Purpose | Data Shared |
|---|
| OpenAI | Recommendations and message routing | Chat messages including dictated voice input, card wallet context (card names, balances, earning rates, perks), credit and benefit tracking state, display name, custom AI instructions, and related assistant response text when needed |
| Google Gemini | Recommendations, Daily Zen digest generation, and spoken summaries | Chat messages including dictated voice input, card wallet context (card names, balances, earning rates, perks), credit and benefit tracking state, display name, custom AI instructions, digest instructions, and related assistant response text when needed |
| Firebase (Google) | Authentication, data storage, push notification delivery (Cloud Messaging), and (on iOS) analytics | Account information, chat history, card selections, preferences, credit tracking data, subscription state, feedback submissions, Help Center helpfulness records, analytics events, device push token, notification preferences, device timezone |
| Apple Push Notification service (APNs) | Delivers push notifications to your iOS device | The notification payload and your device push token, used only to deliver the notification to your device |
| Apple Sign In | Apple account sign-in and Apple authorization revocation during account deletion | Apple account identifier, email address or private relay address, display name when Apple provides it, and short-lived authorization material used only to delete or revoke your Apple-linked account |
| Google Cloud Text to Speech | Voice synthesis for read-aloud assistant responses (Pro feature) | The assistant response text or spoken summary text to be spoken |
| LangSmith (LangChain) | AI quality monitoring when production tracing is enabled | Chat interactions and AI responses when tracing is enabled |
| Stripe | Payment processing for Pro subscriptions purchased on the web | Email, name, billing address, and payment method, collected and stored by Stripe. We receive a customer ID and subscription status, not your payment card number. |
| Apple App Store | Payment processing for Pro subscriptions purchased in the iOS app (In-App Purchase) | Apple ID and payment method, held by Apple. We receive subscription status and an opaque transaction ID, not your Apple ID or payment card number. |
| RevenueCat | Apple In-App Purchase subscription state normalization for iOS Pro | An anonymous App User ID (your Firebase user ID), product ID, subscription status, and transaction metadata forwarded by Apple |
| Apple MapKit | "Near me" points-of-interest search on iOS | Your current device coordinates are passed to Apple MapKit to return nearby places. Cardzen does not store raw coordinates on its servers; resulting place names, categories, distances, and similar place context may be sent to AI when you use Near me. |
| Google Analytics | Usage analytics on the web | Page views, pseudonymous user identifier, device and browser metadata |
Each third-party service is governed by its own privacy policy. We encourage you to review their policies to understand how your data is handled.
Your data is never sold or used to train these providers' models. The information shared with Google Gemini, OpenAI, Google Cloud Text to Speech, and LangSmith is used to provide Cardzen features and AI quality monitoring, not advertising or model training.
LangSmith tracing is used for production AI quality monitoring when tracing is enabled and cannot currently be disabled on a per-user basis. If you do not want your chat interactions traced when production tracing is enabled, do not use the chat feature.
4. Cookies and Local Storage
Cardzen uses minimal browser storage:
- Firebase authentication cookies: essential for maintaining your login session. These are required for the Service to function and cannot be disabled.
- Stripe session cookies: set by Stripe Checkout and the Stripe Customer Portal when you upgrade or manage your subscription on the web. These are required to complete the payment flow.
- Local storage: we store interface preferences such as your sidebar display state locally in your browser. This data never leaves your device.
We do not use advertising cookies or third-party tracking cookies.
- Analytics cookies: Google Analytics uses cookies to distinguish unique visitors and track page views. These cookies contain no personally identifiable information. We associate a pseudonymous user identifier with analytics data to understand usage patterns, but this identifier cannot be used to identify you personally.
5. Data Retention
- Chat history: retained until you delete it through the app or delete your account
- Account data: retained until you delete your account
- Credit tracking data: retained until you delete your account
- Subscription and billing records: retained for as long as required for tax, accounting, and dispute-resolution purposes (typically up to 7 years after the last transaction) even after account deletion, in line with applicable financial recordkeeping laws
- Feedback submissions: retained until manually archived or deleted by our team
- Help Center helpfulness feedback: retained as operational feedback records until manually deleted or aggregated
- Push notification send logs: automatically deleted after 90 days via Firestore TTL. Device push tokens are removed when you sign out, when Apple or Firebase reports the token invalid, and on account deletion
- Server logs: retained for up to 30 days, then automatically deleted
- AI processing logs: retained by third-party AI providers according to their respective retention policies (see Section 3 for provider privacy policy links)
6. Your Rights
You have the following rights regarding your data:
- Access: view your data at any time through the app (card selections, chat history, preferences, credits, subscription status)
- Deletion: delete your chat history, individual conversations, or your entire account and all associated data. Account deletion cancels any active Stripe subscription on your behalf. For Apple-billed Pro, you must cancel the subscription through Apple before deleting your account, because Apple does not allow us to cancel an In-App Purchase on your behalf.
- Export: request a copy of your data by contacting us at support@cardzen.ai. We will respond to export requests within 30 days
- Correction: update your account information and preferences at any time through the app
- AI data-sharing consent and feature access: AI features require explicit in-app consent during onboarding. We store your consent record as
aiDataSharingConsentAt. If you do not complete that consent step, you cannot finish onboarding and cannot reach chat, Daily Zen, read-aloud, or other AI features. After consent, AI sharing cannot be selectively disabled at the data-sharing layer; the practical way to stop further AI provider sharing is to stop using AI features or delete your account.
7. Your California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the right to know what personal information we collect about you, the right to request deletion of that information, the right to correct inaccurate information, and the right to opt out of the "sale" or "sharing" of personal information. Cardzen, LLC does not sell your personal information and does not share it with third parties for cross-context behavioral advertising. To exercise any of these rights, contact us at support@cardzen.ai. We will not discriminate against you for exercising your rights.
8. Data Security
We take reasonable measures to protect your information, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Firebase security rules to protect stored data
- Authentication tokens with expiration for API access
- Tokenized payment handling through Stripe and Apple In-App Purchase so that full payment card numbers never touch our servers
We do not store full payment card numbers or banking credentials. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Children's Privacy
Cardzen is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us and we will delete the information promptly.
10. International Data Transfer
Cardzen is operated by Cardzen, LLC in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.
11. Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify affected users via email within 30 days of confirming the breach. The notification will describe the nature of the breach, the data involved, and the steps we are taking in response.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact Cardzen, LLC at support@cardzen.ai.
