Privacy Policy

1. Information We Collect

We collect the following information when you use Cardzen:

• Account information: email address, display name (provided during registration or via Google sign-in)
• Account metadata: account activity timestamps (such as account creation and login dates)
• Chat history: your conversations with our AI assistant, including questions and recommendations
• Card selections: the credit cards you add to your wallet and your preferred card settings
• Card financial context: card names, annual fees, earning rates, credit balances, and category selections from your wallet are shared with AI providers alongside your chat messages to generate personalized recommendations
• Preferences: custom AI instructions, chat history settings, and display preferences
• Credit tracking data: your credit usage records and benefit tracking information
• Server logs: server-side request logs containing user identifiers, request metadata, and abbreviated chat content for debugging and service monitoring
• Rate limit violation data: IP address and user-agent string, collected only when rate limit violations occur, for security and abuse prevention purposes

We do not collect financial account numbers, credit card numbers, Social Security numbers, or any banking credentials. We do not use tracking pixels.

2. How We Use Your Information

We use your information to:

• Provide personalized AI credit card recommendations based on your card wallet
• Send your chat messages, card wallet data, and display name to third-party AI providers for processing
• Track and manage your credit card benefits and statement credits
• Maintain your chat history and conversation context
• Improve the accuracy and relevance of our AI recommendations
• Communicate with you about your account and service updates
• Ensure the security and integrity of the Service, including rate limiting and abuse prevention

3. Third-Party Services

Cardzen uses the following third-party services to operate. Your data may be processed by these services:

Each third-party service is governed by its own privacy policy. We encourage you to review their policies to understand how your data is handled.

LangSmith tracing is used on all chat interactions for quality monitoring and cannot currently be disabled on a per-user basis. If you do not want your chat interactions traced, do not use the chat feature.

4. Cookies and Local Storage

Cardzen uses minimal browser storage:

• Firebase authentication cookies: essential for maintaining your login session. These are required for the Service to function and cannot be disabled.
• Local storage: we store your sidebar display preference (sidePanelOpen) locally in your browser. This data never leaves your device.

We do not use advertising cookies or third-party tracking cookies.

• Analytics cookies: Google Analytics uses cookies to distinguish unique visitors and track page views. These cookies contain no personally identifiable information. We associate a pseudonymous user identifier with analytics data to understand usage patterns, but this identifier cannot be used to identify you personally.

5. Data Retention

• Chat history: retained until you delete it through the app or delete your account
• Account data: retained until you delete your account
• Credit tracking data: retained until you delete your account
• Server logs: retained for up to 30 days, then automatically deleted
• AI processing logs: retained by third-party AI providers according to their respective retention policies (see Section 3 for provider privacy policy links)

6. Your Rights

You have the following rights regarding your data:

• Access: view your data at any time through the app (card selections, chat history, preferences, credits)
• Deletion: delete your chat history, individual conversations, or your entire account and all associated data
• Export: request a copy of your data by contacting us at support@cardzen.ai. We will respond to export requests within 30 days
• Correction: update your account information and preferences at any time through the app

7. Data Security

We take reasonable measures to protect your information, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Firebase security rules to protect stored data
• Authentication tokens with expiration for API access

We do not store financial account numbers, credit card numbers, or banking credentials. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

Cardzen is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us and we will delete the information promptly.

9. International Data Transfer

Cardzen is operated by Cardzen, LLC in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

10. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 30 days of confirming the breach. The notification will describe the nature of the breach, the data involved, and the steps we are taking in response.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact Cardzen, LLC at support@cardzen.ai.