Effective: March 19, 2026
Cardwell Inc. ("Cardwell," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and share information when you use the Cardwell application and website (the "Service").
We take data security seriously. Sensitive gift card information (card numbers and PINs) is encrypted at rest using AES-256 encryption at the database level. All data is transmitted over HTTPS/TLS. Access to user data is restricted through row-level security policies, meaning only you can access your own records.
We share limited data with the following third-party services:
We do not sell, rent, or trade your personal information to advertisers or data brokers.
Cardwell uses essential cookies required for authentication and session management. We may use optional analytics cookies (such as PostHog) to understand how users interact with the Service. You can manage your cookie preferences at any time through the cookie banner displayed on your first visit.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Under the California Consumer Privacy Act (CCPA), California residents have the right to: (a) know what personal information is being collected; (b) request deletion of personal information; (c) opt out of the sale of personal information (we do not sell your data); (d) non-discrimination for exercising your privacy rights.
Under the General Data Protection Regulation (GDPR), EU/EEA residents have the right to: (a) access and portability of your data; (b) rectification of inaccurate data; (c) erasure ("right to be forgotten"); (d) restriction of processing; (e) object to processing; (f) lodge a complaint with a supervisory authority.
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@cardwellapp.com.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours via email and in-app notification, as required by applicable law.
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification or email. The "Effective" date at the top reflects the most recent revision.
For privacy-related questions, data access requests, or to exercise your rights, contact us at: privacy@cardwellapp.com.
© 2026 Cardwell Inc. All rights reserved.