Effective Date: June 2025
Last Updated: June 2025
TrackMyCard deeply values your privacy and is committed
to protecting your personal information. This Privacy Policy describes in
detail how we collect, use, store, and protect your information when you
use our personal financial management mobile application, including our specialized
integration with Gmail for automatic transaction analysis.
1. Information We Collect
1.1 Personal Registration Information
When you register with TrackMyCard, we collect:
- Full name: To personalize your experience and identify
your account
- Email address: For authentication, important communications,
and account recovery
- Encrypted password: Stored securely to protect access
to your account
1.2 Credit Card Information
For tracking your finances, we store non-sensitive information about
your cards:
| Data Type | Purpose | Example |
| Card nickname | Personal identification | "Main Card", "Shopping" |
| Last 4 digits | Transaction identification | ****1234 |
| Card brand | Visual classification | Visa, Mastercard, American Express |
| Card type | Categorization | Credit, Debit |
| Custom color | Visual personalization | Blue, Red, Green |
| Credit limit (optional) | Utilization analysis | $5,000 |
| Annual fee (optional) | Cost calculation | $95 |
Important: We NEVER store complete card numbers, CVV codes,
expiration dates, or any information that would allow transactions to be
made. We only store non-sensitive data necessary for the identification and
organization of your finances.
1.3 Transaction Data Extracted from Gmail
Through our authorized Gmail integration, we extract and process:
- Transaction information: Date, amount, merchant, category
- Card identifiers: Last 4 digits to associate with your
registered cards
- Email metadata: Email ID, receipt date (not the complete
content)
- Analytics data: Spending patterns to generate financial
insights
1.4 Technical and Usage Information
- Device data: Device type, operating system, unique identifiers
- Usage data: Features used, time in app, navigation patterns
- Network data: IP address, connectivity information
- Settings: Language preferences, notification settings
2. How We Use Your Information
2.1 Provision of Financial Services
- Process and automatically categorize your transactions
- Generate detailed spending analysis and financial patterns
- Provide personalized dashboards and credit utilization reports
- Manage your credit card portfolio in a centralized way
2.2 Gmail Integration and Synchronization
- Access exclusively banking and commercial notification emails
- Extract transaction data from receipts and email confirmations
- Automatically synchronize new transactions every 2 hours
- Maintain an updated history of your financial activity
2.3 Analysis and Personalization
-
Generate insights about spending patterns by category, merchant, and
period
-
Calculate financial metrics such as credit utilization and trends
- Personalize the experience based on your financial habits
- Provide recommendations to optimize the use of your cards
2.4 Communication and Support
- Send notifications about new detected transactions
- Provide security alerts and unusual activity notifications
- Communicate important service updates
- Provide technical support and resolve application issues
3. Gmail Integration - Specific Details
Our Commitment to Gmail Privacy
Gmail integration is the core of TrackMyCard and is designed with the
highest privacy and security standards.
3.1 What We Access in Gmail
- Only transaction emails: We access only emails from banks,
merchants, and financial services that contain transaction information
- Specific metadata: Email ID, date, sender (only if it's
a recognized financial entity)
- Transaction content: Specific information about amounts,
dates, merchants, and cards used
3.2 What We DO NOT Access
- Personal, family, or entertainment emails
- Complete email content (we only extract transaction data)
- Emails from other categories not related to finances
- Contact information, calendar, or other Google services
3.3 OAuth 2.0 Authentication Process
- Secure authorization: We use Google's OAuth 2.0 protocol
to obtain permissions
- Encrypted tokens: Access tokens are stored encrypted on
our secure servers
- Automatic renewal: Tokens are renewed automatically without
requiring frequent re-authentication
- Easy revocation: You can revoke access at any time from
your Google account or from TrackMyCard
4. Information Sharing
4.1 We Do Not Share Personal Information
TrackMyCard does NOT sell, rent, or share your personal information
with third parties
for commercial or marketing purposes. Your financial information is strictly
confidential.
4.2 Essential Service Providers
We only share information with providers who help us operate the
service:
- Supabase: Database and authentication infrastructure (with
complete encryption)
- Google Cloud Services: For secure Gmail API integration
- Hosting services: To keep the application running securely
4.3 Legal Requirements
We will only disclose information if:
- Required by law or court order
- Necessary to protect our legal rights
- Necessary to prevent fraud or illegal activities
- Necessary to protect the safety of our users
5. Information Security
Our Security Measures
We implement multiple layers of security to protect your sensitive
financial information:
5.1 Data Encryption
- Encryption in transit: All communications use TLS/SSL
- Encryption at rest: All stored data is encrypted with
AES-256
- Secure tokens: Gmail tokens are stored with additional
encryption
- Password hashing: Passwords are processed with secure
hash algorithms
5.2 Access Controls
- Multi-factor authentication for administrative access
- Principle of least privilege for technical staff
- Complete audit of all data access
- Separation of development and production environments
5.3 Secure Infrastructure
- Servers hosted in certified data centers (SOC 2, ISO 27001)
- Continuous 24/7 security monitoring
- Automatic encrypted backups
- Automatic security updates
5.4 Fraud Prevention
- Automatic detection of unusual access patterns
- Real-time security alerts
- Automatic blocking upon suspicious access attempts
- Identity verification for sensitive account changes
6. Your Privacy Rights
You have complete control over your personal information
We fully respect your privacy rights and facilitate their exercise.
6.1 Access and Control Rights
- Access: You can request a complete copy of all information
we have about you
- Correction: You can correct any inaccurate or incomplete
information
- Deletion: You can request complete deletion of your account
and all associated data
- Portability: You can request your data in a portable format
to transfer to another service
6.2 Gmail Integration Control
- Immediate revocation: You can disconnect Gmail at any
time from the app settings
- Token deletion: When disconnecting, we permanently delete
all access tokens
- Data retention: You can choose to keep or delete already
processed transaction data
- Re-authentication: You can reconnect Gmail at any time
with new permissions
6.3 Communication Control
- You can disable transaction notifications
- You can configure specific types of alerts
-
You can opt out of promotional emails (we maintain essential
transactional emails)
- You can configure Gmail synchronization frequency
6.4 How to Exercise Your Rights
To exercise any of these rights:
- Access privacy settings within the application
- Use available self-service options
- Contact our support team for more complex requests
-
We will verify your identity and process your request within 30 days
7. Data Retention and Deletion
7.1 Retention Periods
- Active account data: We maintain your data while your
account is active
- Transaction data: Retained to provide historical analysis
and tax compliance
- Security logs: Maintained for 1 year for audit purposes
- Support data: Support communications are maintained for
3 years
7.2 Account Deletion
When you delete your account:
- Immediate deletion: Account access is terminated immediately
- Gradual deletion: Data is progressively deleted over 30
days
- Complete deletion: After 30 days, all data is permanently
deleted
- Backups: Data in backups is deleted in the next cycle
(maximum 90 days)
8. International Data Transfers
Your data is processed primarily on servers located in:
- United States: For Supabase and Google Cloud services
All international transfers are made under:
- Approved standard contractual clauses
- Data protection adequacy certifications
- Additional security measures during transfer
9. Minors
TrackMyCard is not designed for minors under 18 years old.
We do not intentionally collect personal information from minors. If we discover
that we have collected information from a minor:
- We will immediately delete all information
- We will notify parents or guardians if possible
- We will take measures to prevent future registrations by minors
10. Changes to This Policy
10.1 Change Notification
We may update this Privacy Policy occasionally. When we make changes:
- Minor changes: Published in the app and website
- Significant changes: Notified by email 30 days in advance
- Gmail changes: Will require new explicit authorization
- History: We maintain previous versions available for consultation
10.2 Your Continued Consent
Continued use of TrackMyCard after policy changes constitutes your
acceptance of the new terms. If you do not agree with the changes, you
can:
- Disconnect Gmail integration
- Export your data
- Delete your account completely