Privacy Policy

Last updated: February 8, 2026

OptimalCardSetup ("we", "us", "our") operates the website at optimalcardsetup.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We believe in collecting only what we need and being transparent about it.

1. Information We Collect

We collect the minimum information needed to provide the Service:

  • Email address — provided through Google or Microsoft OAuth when you create an account.
  • Display name — provided through your OAuth provider.
  • Spending categories — the monthly spending amounts you enter (e.g., "$300/mo on dining", "$150/mo on groceries"). These are used solely to run the optimization.
  • Authentication provider — whether you signed in with Google or Microsoft.
  • Subscription status — whether you are on the free or Premium tier, managed through Stripe.

2. Information We Do NOT Collect

We want to be explicit about what we never ask for and never store:

  • Bank account credentials or login information
  • Credit card numbers, CVVs, or expiration dates
  • Social Security numbers or government IDs
  • Browsing history or activity on other websites
  • Location data
  • Contacts or address book information

3. How We Use Your Data

Your data is used for one purpose: running the credit card optimization. Specifically:

  • Your spending categories are fed into the CP-SAT solver to calculate optimal card recommendations.
  • Your email is used for account authentication and to send important account-related communications (e.g., subscription changes).
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.
  • We do not use your data for advertising or profiling.

4. Cookies and Local Storage

We use minimal browser storage, limited to what is essential for the Service to function:

  • JWT authentication token — stored in localStorage to keep you signed in.
  • Theme preference — a cookie that stores your light/dark mode choice.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. For more details, see our Cookie Policy.

5. Third-Party Services

We use a limited number of third-party services to operate the platform. Each has its own privacy policy:

  • Stripe — processes Premium subscription payments. We do not store your payment card details; Stripe handles all payment data securely. See Stripe's Privacy Policy.
  • Google OAuth — used for account sign-in. We receive your email and display name only. See Google's Privacy Policy.
  • Microsoft OAuth — used for account sign-in. We receive your email and display name only. See Microsoft's Privacy Statement.
  • Sentry — used for error monitoring and crash reporting to improve the reliability of the Service. Sentry may receive technical data such as error messages, stack traces, and browser information when errors occur. See Sentry's Privacy Policy.
  • Cloudflare — hosts and serves the frontend application. Cloudflare may process request metadata (IP addresses, headers) as part of standard web hosting. See Cloudflare's Privacy Policy.
  • Railway — hosts the backend API and PostgreSQL database. See Railway's Privacy Policy.

6. Data Retention

We retain your account data (email, display name, spending profiles, and saved scenarios) for as long as your account is active. If you delete your account, we will delete all associated data within 30 days. Optimization job results are temporary and are automatically deleted after 10 minutes.

7. Data Security

We take reasonable measures to protect your data, including: HTTPS encryption for all data in transit, secure authentication via OAuth providers, and database hosting on managed infrastructure with Railway. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

OptimalCardSetup is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@optimalcardsetup.com.

9. Your Rights (CCPA / GDPR)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access — You can request a copy of all personal data we hold about you.
  • Right to deletion — You can request that we delete your account and all associated data.
  • Right to portability — You can request your data in a machine-readable format.
  • Right to correction — You can request correction of inaccurate personal data.
  • Right to opt out of sale — We do not sell your personal data. There is nothing to opt out of.

To exercise any of these rights, email us at support@optimalcardsetup.com. We will respond to your request within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy or want to make a data request, contact us at support@optimalcardsetup.com.