This Privacy Policy explains how the Cardpio browser extension (the "Extension") handles information. It is specific to the Extension. Your use of the Cardpio web app and account is also covered by our main Privacy Policy.
The Extension has a single purpose: to help you view and activate the card-linked offers that your bank already provides to you, and to optionally sync those offers into your Cardpio account so you can track them. It works only on the offers pages of supported banks (American Express, Chase, Citi, U.S. Bank, and Wells Fargo) and only when you open it.
Your bank's offer data. When you are signed in to a supported bank and open the Extension, it reads the cash-back / card-linked offers your bank shows you: merchant name, reward amount, expiration date, category, and activation status.
Your existing bank session. To load and activate offers, the Extension uses the session you are already logged into in your browser. It reads the temporary session tokens that the bank's own page has placed in your browser solely to make requests to that same bank's offer API, within your browser. The Extension never asks for, sees, or stores your bank username, password, or PIN.
Your Cardpio account. If you choose to sync offers, you sign in with your Cardpio account so the Extension can save offers to it.
Your bank session tokens never leave your browser. They are used only to talk to your own bank's API and are never transmitted to Cardpio's servers or to any third party.
We do not sell your information, and we do not use it for advertising or for any purpose unrelated to the Extension's single purpose described above.
Local storage. The Extension stores small preferences locally in your browser (such as which Cardpio card an offer set is linked to and the position of the floating button).
Synced offers. If you sync, offer details are stored in your Cardpio account on Google Firebase, the same secure backend used by the Cardpio app. Only you can access your own data.
Service providers. We use Google Firebase for authentication and storage of synced data. We do not share your information with any other third party except as required by law.
Cardpio's use of information received from the Extension adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. We only use the data to provide and improve the Extension's single purpose, we do not transfer or sell it, and we do not use it for advertising or creditworthiness/lending purposes.
Offers you sync are retained in your Cardpio account until you remove them or delete your account. Deleting your Cardpio account permanently removes your synced data. Local preferences are removed when you uninstall the Extension. You can disconnect at any time by signing out or removing the Extension from your browser.
The Extension is not directed to individuals under 18 and we do not knowingly collect information from children.
Cardpio is an independent product. It is not affiliated with, endorsed by, or sponsored by American Express, Chase, Citi, U.S. Bank, Wells Fargo, or any other bank. All bank and merchant names and logos are the property of their respective owners and are used only to describe where the Extension works.
We may update this Policy and will reflect material changes here. For any questions or privacy requests related to the Extension, contact us at support@cardpio.com.