Privacy Policy

CardTimer (“we,” “us,” or “our”) is a credit card management tool operated by Grizzly Fin Agency (Neil Mendes, owner). CardTimer helps users track credit card statement close dates, payment due dates, and annual fees.

This Privacy Policy explains what information we collect when you use CardTimer at cardtimer.app, how we use it, and your rights regarding that information.

By using CardTimer, you agree to the practices described in this policy.

Account Information

When you sign up, we collect:

• Your email address
• Your name (if provided)
• Password (stored as a secure hash — we never see your plain-text password)

Card Data You Enter

CardTimer stores only the information you provide about your credit cards:

• Card nickname (e.g., “Chase Sapphire”)
• Last 4 digits of your card number
• Statement close date
• Payment due date
• Annual fee amount and renewal date

Usage Data

We may collect basic usage information such as pages visited, features used, browser type, operating system, and IP address (for security and fraud prevention).

Cookies

We use cookies and similar tracking technologies to maintain your session and improve your experience. You can disable cookies in your browser settings, though some features may not work correctly without them.

CardTimer is not a financial institution and does not collect sensitive financial data.

We do not collect, store, or have access to:

• Full credit card numbers
• CVV / security codes
• Card expiration dates
• Bank account numbers or routing numbers
• Online banking credentials or passwords
• Social Security Numbers or government-issued IDs

CardTimer is a date-tracking tool only. We never connect to your bank or card issuer.

We use the information we collect to:

• Provide the service — display your cards, dates, and reminders
• Send email reminders — payment due date alerts, annual fee reminders, and notifications you configure
• Billing — process subscription payments via Stripe for Pro plan users
• Account management — send password reset emails, account confirmations
• Improve the product — analyze usage patterns to make CardTimer better
• Security — detect and prevent fraud or unauthorized access
• Legal compliance — comply with applicable laws and regulations

We do not sell your personal information to third parties.

Your data is stored securely using Supabase, a PostgreSQL-based database platform with encryption at rest and in transit.

• All data is encrypted in transit using TLS/HTTPS
• Database data is encrypted at rest
• Access to your data is restricted to your account

Payments are processed by Stripe. CardTimer never sees or stores your full payment card details. Stripe handles all payment data under their own security standards (PCI-DSS compliant).

While we take reasonable measures to protect your data, no system is completely secure. We encourage you to use a strong, unique password for your account.

CardTimer may send you the following types of emails:

• Transactional emails — account confirmation, password resets, payment receipts
• Reminder emails — payment due date alerts, statement close reminders, annual fee notices
• Product updates — occasional feature announcements or important policy changes

Opting out: You may unsubscribe from non-transactional emails at any time using the unsubscribe link in any email, or by contacting us at neil@grizzlyfin.com. Transactional emails (e.g., password resets, payment receipts) cannot be disabled while your account is active.

Email delivery is powered by Resend.

CardTimer offers an iCal feed so you can subscribe to your card dates in your calendar app (Google Calendar, Apple Calendar, etc.).

• The feed contains your card nicknames and the dates you have entered
• Each feed URL includes a unique token tied to your account
• Treat your iCal feed URL like a password — anyone with the URL can view your card dates
• You can reset your iCal token at any time from your account settings, which will invalidate the old URL

CardTimer uses the following third-party services, each governed by their own privacy policies:

We do not share your personal information with these providers beyond what is necessary to provide the service.

We retain your data for as long as your account is active.

• Account deletion — when you delete your account, we will permanently delete your card data, email address, and account information within 30 days
• Billing records — we may retain payment records as required by law (typically 7 years for financial records)
• Backups — residual copies may exist in encrypted backups for up to 90 days after deletion

To delete your account, go to Settings → Account → Delete Account, or contact us at neil@grizzlyfin.com.

All Users

You have the right to access, correct, delete, and export your data.

GDPR (EU/EEA Users)

If you are located in the EU or EEA, you have additional rights under GDPR, including data portability, restriction of processing, the right to object, and the right to lodge a complaint with your local supervisory authority.

Our legal basis for processing your data is contract performance and legitimate interests (security, fraud prevention).

CCPA (California Residents)

California residents have the right to know what personal information we collect, the right to delete it, the right to opt out of its sale (we do not sell personal information), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at neil@grizzlyfin.com.

CardTimer is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. For significant changes, we will notify you by email. Your continued use of CardTimer after changes take effect constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

Neil Mendes — Grizzly Fin Agency
Email: neil@grizzlyfin.com
Website: cardtimer.app