OpenCard AI

Privacy Policy

Last updated: April 18, 2026

OpenCard AI is committed to protecting your privacy. This policy explains how we collect, use, and protect your information when you use our credit card benefits management service.

1. Information We Collect

We collect the following information:

  • Email address: When you subscribe to benefit reminders, you provide your email. We store it using industry-standard one-way hashing (SHA-256). We never store your plaintext email in our database.
  • Saved card IDs: When you add cards to "My Cards," we store only the card identifiers (e.g., "amex-platinum"), not your actual credit card numbers or personal financial data.
  • Usage data: Browser type, referring pages, and time spent on the site to improve our service.

2. How We Protect Your Data

We take data security seriously:

  • Email hashing: Your email is hashed with SHA-256 before storage. We cannot reverse the hash to recover your email.
  • Secure transmission: All data is transmitted over HTTPS (TLS encryption).
  • Minimal data collection: We only store what is necessary to provide the service.
  • Third-party email service: We use AgentMail to send reminder emails. Your email is obfuscated (reversed and base64 encoded) when passed to our email service, and is deleted from that service after sending.

3. Email Reminders (Opt-In)

If you opt in to receive benefit reminders:

  • We send periodic emails about upcoming or expiring credits on cards you own.
  • Every email includes an unsubscribe link. Clicking it immediately removes you from all future mailings.
  • You can also request full data deletion at any time (see Section 6).
  • We never sell, rent, or share your email with advertisers or third parties.

4. Double Opt-In Verification

When you subscribe, we send a verification email to confirm your address. Your subscription is only activated after you click the verification link. This prevents unauthorized signups and ensures email deliverability.

5. Cookies

We use minimal cookies to:

  • Store your language preference
  • Maintain basic session state

We do not use advertising cookies or tracking pixels.

6. Data Retention and Deletion

You have full control over your data:

  • Unsubscribe: Click the "Unsubscribe" link in any email, or visit /my-cards to update your preferences.
  • Delete all data: Send a DELETE request to /api/my-cards/delete with your email. All your data is permanently removed within 30 days.
  • Local data: Cards saved in your browser (localStorage) are only on your device. Clear your browser cache to remove them.

7. Third-Party Services

We use the following third-party services:

  • Vercel: Website hosting and serverless functions
  • Upstash Redis: Encrypted data storage
  • AgentMail: Transactional email delivery
  • Google (optional): Google Sign-In for future authentication features

These providers have their own privacy policies.

8. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to subscribers. Continued use of the service after changes constitutes acceptance of the new policy.

10. Contact Us

For privacy-related questions, data deletion requests, or concerns:

Email: opencard@opencardai.com Website: https://opencardai.com

Track Benefits