Privacy Policy

Last updated: January 11, 2026

At Cardwise, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our relationship management platform ("the Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

1. Information We Collect

We collect several types of information to provide and improve our Service:

Account Information

  • First name
  • Email address
  • Password (encrypted)
  • Account preferences and settings

Relationship Data

  • Names and relationship types (spouse, friend, family, etc.)
  • Birthdays and special dates
  • Preferences (favorite colors, foods, hobbies, allergies)
  • Gift ideas
  • Notes and memories

Usage Information

  • Events and reminders you create
  • AI-generated content requests
  • Cards and messages you generate
  • App features you use

Device and Technical Information

  • IP address
  • Browser type and version
  • Device type and operating system
  • Time zone and language settings
  • Cookies and similar tracking technologies

Optional Information

  • Contact information (if you choose to sync from your device)
  • Profile customizations
  • Communication preferences

2. How We Collect Information

We collect information through:

  • Direct input: Information you provide when registering, creating relationships, or using features
  • Automatic collection: Technical information collected automatically when you access the Service
  • Cookies: Small data files stored on your device for authentication and preferences
  • Optional integrations: Data from third-party services you choose to connect (e.g., Google contacts)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Send reminders for important dates and events
  • Generate personalized AI content (cards, messages, speeches)
  • Process payments for premium subscriptions
  • Send service-related notifications and updates
  • Respond to your support requests and inquiries
  • Analyze usage patterns to improve features
  • Prevent fraud and maintain security
  • Comply with legal obligations

4. Data Storage and Security

Your data is stored securely using Supabase, a trusted database platform. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Row-level security policies to protect your data
  • Restricted access to production data

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

5. Third-Party Services and Data Sharing

We partner with trusted third-party services to provide and enhance our Service. We do not sell your personal information to third parties.

Anthropic (Claude AI)

We use Anthropic's Claude AI to generate personalized content. When you request AI-generated content, we send relevant relationship information to Anthropic. This data is processed according to Anthropic's privacy policy and is not used to train their models.

Customer.io

We use Customer.io to send email notifications and reminders. We share your email address, first name, and notification preferences with Customer.io. They act as our data processor and do not use your information for their own purposes.

Google (Optional)

If you choose to sync contacts from Google, we request access to your contacts with your explicit permission. This is entirely optional and user-initiated. We only access the contacts you select and do not share this information with anyone else.

Payment Processors

For premium subscriptions, we use third-party payment processors. We do not store your credit card information on our servers. Payment information is handled directly by our payment processor in compliance with PCI-DSS standards.

We may also share your information in the following circumstances:

  • With your consent or at your direction
  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, property, or safety, or that of our users
  • In connection with a merger, acquisition, or sale of assets (with advance notice)

6. Cookies and Tracking Technologies

We use cookies and similar technologies primarily for authentication and to remember your preferences. Types of cookies we use:

  • Essential cookies: Required for authentication and basic functionality
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Help us understand how users interact with the Service (anonymized)

You can control cookies through your browser settings, but disabling cookies may limit functionality of the Service.

7. Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: You can access and review your personal information at any time through your account settings
  • Correction: You can update or correct your information directly in the Service
  • Deletion: You can request deletion of your account and associated data at any time
  • Export: You can request a copy of your data in a portable format
  • Opt-out: You can opt out of email notifications and adjust reminder preferences
  • Withdraw consent: You can withdraw consent for optional features like contact syncing

To exercise these rights, contact us at privacy@cardwise.com or use the account management features in the Service.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention policies:

  • Active accounts: Data retained as long as account is active
  • Deleted accounts: Data retained for 30 days, then permanently deleted
  • Payment records: Retained for 7 years for tax and accounting purposes
  • Legal obligations: Some data may be retained longer if required by law

After deletion, we may retain anonymized, aggregated data for analytics purposes, but this data cannot be linked back to you.

9. Children's Privacy

The Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Users between 13 and 18 must have parental or guardian consent to use the Service. If we learn that we have collected information from a child under 13 without proper consent, we will delete that information promptly.

10. International Data Transfers

Your information may be transferred to and stored on servers located in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence.

For users in the European Union: We comply with GDPR requirements. We ensure appropriate safeguards are in place when transferring your data outside the EU, including standard contractual clauses and data processing agreements with our service providers.

For users in California: We comply with the California Consumer Privacy Act (CCPA). California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you by email (to the address on file)
  • Display a prominent notice in the Service
  • Request your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cardwise Privacy Team

Email: privacy@cardwise.com

Support: support@cardwise.com

Website: www.cardwise.com

We will respond to your inquiry within 30 days. For urgent privacy concerns, please indicate "URGENT" in your subject line.

By creating an account and using Cardwise, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data practices.