Back to home

Privacy Policy

Last updated: June 28, 2026

What we collect

Card Strategist is built around a simple principle: all of your data is entered manually by you. We do not link to your bank or card accounts, and we do not collect, store, or have access to full card numbers, login credentials, or financial-account access. You tell us which cards you hold and your approximate spending; we use that to generate rewards recommendations.

Specifically, we collect: the email address you sign up with; profile details you provide (such as your name or display name, whether you have a spouse/“player 2,” and whether you hold business cards); the cards in your wallet and their status; your approximate spending by category; and your rewards preferences (such as your point valuations and card limit). Authentication is handled by our infrastructure provider (Supabase) — we never see or store your password.

How we use your data

We use the cards and spending you enter to generate your rewards recommendations and the related views in the app. We do not sell your data, and we do not share it with advertisers or data brokers. We use a limited amount of anonymous usage data to improve the product — see Analytics & error monitoring below.

More specifically, we process the information you provide for the following purposes: (a) to provide, operate, and maintain the service and your account; (b) to generate and improve your rewards recommendations and the related views; (c) to respond to your support requests and communicate with you about your account; (d) to monitor, debug, and improve the product using the limited anonymous usage data described below; and (e) to comply with applicable law and enforce our terms. We process this information because it is necessary to provide the service you have asked us for, and based on our legitimate interest in operating, securing, and improving Card Strategist. We do not “sell” your personal information, and we do not use it for targeted advertising, as those terms are defined under the New Jersey Data Privacy Act and similar laws.

Depending on where you live, you may have rights over your personal information — including the right to access, correct, or delete it, and to opt out of any sale or targeted advertising. New Jersey residents have these rights under the New Jersey Data Privacy Act. Because all of your data is entered manually by you, you can view and edit most of it directly in the app, and you can delete your account at any time (see Data retention & deletion below). To exercise any other right, contact us at the address in the Contact section.

Analytics & error monitoring

To understand which features help and where people get stuck, and to find and fix bugs, we use two privacy-conscious services:

  • PostHog (product analytics and error monitoring). We record specific, non-sensitive product events — for example, completing onboarding or adding a card to your wallet — and, when the app errors, a technical report (such as the stack trace and browser/device type) to diagnose the problem. It is configured to be cookieless, with no ad networks, no session recording, and no automatic page scraping. Events and reports are tied only to an opaque internal account identifier.

We never send personally identifying details — such as your name or email address — to these services; events and reports are tied only to an opaque internal account identifier. This usage data is used solely to operate and improve Card Strategist, and is never sold.

Data retention & deletion

We keep your data for as long as your account is active. You can delete your account at any time from Settings → Danger Zone. Deletion is scheduled with a 7-day grace period (you can cancel by logging back in during that window), after which your profile, wallet, spending, and preferences are permanently removed from our active systems. We retain a minimal anonymized record (an internal account identifier and the deletion date) for audit purposes. Analytics and error-monitoring data are removed separately on request.

Third-party services

We rely on a small number of sub-processors to run the service, including Supabase (database, authentication, and hosting), PostHog (anonymous product analytics and error monitoring), and Web3Forms (delivery of the feedback messages you choose to send us).

When you use the in-app Feedback form, the message you write — along with the email address on your account and the page you were on — is passed through Web3Forms to deliver it to our support inbox. This only happens for feedback you actively submit; we do not send your wallet, spending, or other profile data through it. If you prefer not to use the form, you can email us directly at the address in the Contact section.

Confirm the full sub-processor list at launch (incl. your transactional email provider, e.g. Brevo, once auth/reminder emails go live) and link each provider's privacy policy.

Cookies & local storage

Card Strategist does not use advertising or tracking cookies. To keep you signed in and to remember your preferences (such as dark mode), we store a small amount of data locally in your browser using localStorage. This information stays on your device, is essential to operating the app, and is not shared with third parties. Our product analytics and error monitoring (PostHog) is configured to be cookieless and stores nothing on your device. Our hosting provider may set limited cookies that are strictly necessary for security and reliability.

Contact

Questions about this policy or your data? Contact us at [email protected]. Card Strategist is operated from New Jersey, United States.