Card Optimizer ("we," "us," "our") is a sole-proprietor service that analyzes your credit card transactions to help you maximize rewards. This policy explains what data we collect, how we use it, and how we protect it.
1. Information We Collect
We collect only what is necessary to provide the service:
- Account information — your email address and phone number, used to deliver daily digests and manage your account.
- Financial data via Plaid — when you connect your bank or credit card accounts through Plaid Link, we receive read-only access to your transaction history. This includes transaction amounts, merchant names, merchant category codes (MCCs), and dates. We never receive your bank login credentials — Plaid handles authentication directly.
- Payment information via Stripe — your $15/month subscription is processed by Stripe. We do not store your credit card number, CVC, or billing address on our servers. Stripe handles all payment data under their own privacy policy.
2. How We Use Your Data
- Transaction analysis — we compare each transaction's MCC against the reward structures of your linked cards to calculate which card would have earned the most rewards.
- Daily digests — we use your email address to send you a daily summary of missed earnings, expiring credits, and status threshold progress.
- Service improvement — we may use aggregated, de-identified data to improve our card reward calculations and recommendation accuracy.
We do not use your data for advertising. We do not build profiles for ad targeting. We do not sell your data.
3. Data Sharing
We share your data only with the service providers necessary to run Card Optimizer:
- Plaid — connects to your financial accounts and retrieves transaction data. See Plaid's privacy policy.
- Stripe — processes subscription payments. See Stripe's privacy policy.
- Supabase — hosts your account and transaction data in an encrypted PostgreSQL database.
We will never sell, rent, or trade your personal or financial data to third parties. We may disclose information if required by law, such as in response to a valid subpoena or court order.
4. Data Retention
Your transaction data and account information are retained for as long as your account is active. If you cancel your subscription or request account deletion, we delete your personal data and transaction history from our systems within 30 days.
Aggregated, de-identified data that cannot be tied back to you may be retained indefinitely for service improvement.
5. Data Deletion
You can request deletion of your data at any time by emailing anna@startupincubator.dev. Upon receiving your request, we will:
- Revoke all Plaid access tokens for your linked accounts
- Delete your transaction history and account data from our database
- Cancel your Stripe subscription
- Confirm deletion via email within 30 days
6. Security
We take the security of your data seriously:
- All connections use HTTPS with TLS 1.2 or higher
- Transaction data is encrypted at rest in our database
- Access to production systems is restricted and authenticated
- We never store your bank login credentials — Plaid handles all authentication
- Read-only access to financial accounts — we cannot move money or make changes to your accounts
No system is 100% secure. If we discover a breach that affects your data, we will notify you promptly via email.
7. Cookies
We use minimal cookies limited to session management (keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Your Rights Under California Law (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Delete your personal information
- Opt out of the sale of personal information — we do not sell your data, so there is nothing to opt out of
- Non-discrimination — we will not treat you differently for exercising your privacy rights
To exercise any of these rights, email anna@startupincubator.dev. We will respond within 45 days.
9. Children's Privacy
Card Optimizer is not intended for anyone under the age of 18. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you via email before the changes take effect. The effective date at the top of this page will always reflect the latest revision.
11. Contact
Questions about this policy or your data? Contact us at anna@startupincubator.dev.