Cardvark
← Back to home

Privacy Policy

Last updated: April 17, 2026

1. Introduction

Cardvark ("we," "our," or "us") provides a mobile application (the "App") designed to store loyalty cards, gift cards, prepaid cards, and cinema vouchers. We believe in Privacy by Design. Our core philosophy is that your card data belongs on your device, not our servers.

2. Local Data Storage

All information you input into Cardvark - including card names, numbers, barcodes, expiry dates, and images - is stored locally on your mobile device only.

  • No cloud sync on our servers: We do not maintain a central database or cloud server for your card data.
  • No access: We cannot see, access, or recover your cards under any circumstances.
  • Data deletion: If you delete the App or lose your device without a backup, your Cardvark data is permanently and irrecoverably lost. See Section 3 for optional cloud backup via iCloud or Google Drive.

3. Optional Cloud Backup

Cardvark offers an optional, user-initiated cloud backup so you can restore your cards to a new device. Backups are written to your own iCloud or Google Drive account. They are never sent to, stored on, or accessible by Cardvark's servers.

3.1 What is backed up

A Cardvark backup contains the cards you have added to the App, including their names, numbers, barcodes, expiry dates, balances, and notes. It does not contain data from other apps on your device.

3.2 iCloud (iOS)

On iOS, Cardvark uses Apple's CloudKit to store backups in a private, application-specific container inside your personal iCloud account. The container is isolated to Cardvark: we cannot see, read, or modify any of your other iCloud files (photos, documents, other apps' data), and no other app can read Cardvark's container. Cardvark uses this container solely to upload backups you have chosen to create and to download them when you restore on a new device. The data is stored under the protections described in Apple's iCloud privacy policy.

3.3 Google Drive (Android)

On Android, you can optionally sign in with your Google Account to back up Cardvark to your Google Drive. When you do, we request a single Google OAuth scope:

  • drive.appdata - grants Cardvark access only to a hidden, application-specific folder in your Drive. Cardvark cannot see, read, or modify any other file in your Drive, and no other app can read Cardvark's backup folder.

The backup file written to that folder contains only the Cardvark data listed in Section 3.1. Cardvark uses this access solely to:

  • Upload a new backup when you enable backup or make changes.
  • List and download your existing backup so you can restore it on a new device.

3.4 Google API Services User Data Policy & Limited Use

Cardvark's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained through the drive.appdata scope is used only to provide and improve the backup and restore feature you have enabled.

3.5 Your control

  • Enable or disable: Cloud backup is off by default. You can turn it on or off at any time from the Settings menu in the App.
  • Delete your backup: On iOS, you can remove the backup by deleting Cardvark's data from your iCloud account in iOS Settings. On Android, you can remove the backup from the "Manage apps" section of your Google Drive account.
  • Revoke access: You can revoke Cardvark's access to your Google Account at any time at myaccount.google.com/permissions.

4. Information We Collect (Crash Diagnostics)

To ensure Cardvark is stable and bug-free, we collect limited anonymous technical data through Sentry (operated by Functional Software, Inc.), a third-party error-monitoring service.

4.1 What crash logs contain

When the App crashes or encounters an error, a report is sent to Sentry. This report includes:

  • Device type (e.g., iPhone 15, Pixel 8) and operating system version.
  • App version number.
  • The specific line of code where the error occurred (stack trace).

4.2 What crash logs do NOT contain

  • Any personally identifiable information (PII) - we have explicitly disabled PII collection within Sentry's configuration.
  • IP addresses, user names, or unique device identifiers.
  • The contents of any cards or vouchers stored in the App.

4.3 Your Choice & Control (Opt-Out)

You have full control over whether diagnostic data is shared with us.

  • In-App Toggle: You can enable or disable crash reporting at any time via the Settings menu within the Cardvark App.
  • System Settings: These logs are independent of your device's global "Share Analytics" or "Usage & Diagnostics" settings (which share data with Apple or Google).

5. How We Use Diagnostic Data

We use crash diagnostic data solely to identify and fix bugs and improve App stability. We do not use diagnostic data for advertising, profiling, or cross-app tracking. We do not sell, rent, or trade any data to third parties.

6. Data Retention and Storage Location

  • Location: Crash diagnostic data is processed by Sentry and stored on Sentry's servers located in the European Union.
  • Retention: It is automatically deleted after 90 days.
  • Compliance: We have entered into a Data Processing Agreement (DPA) with Sentry under the GDPR. You can review Sentry's privacy policy at sentry.io/privacy.

7. Security

Because your card data is stored on your device, its security depends on your device's own security controls. We strongly recommend:

  • Enabling a device passcode or biometric lock (Face ID / Touch ID / Fingerprint).
  • Keeping your mobile operating system and the App updated.

As card data never leaves your device (other than to your own iCloud or Google Drive account when you enable backup), it is not exposed to server-side data breaches on our end.

8. Children's Privacy

Cardvark is not directed at children. We do not knowingly collect personal information from children under 13 (US), 15 (Australia), or 16 (EU/EEA). If you believe crash data for a child has been collected, please contact us and we will request deletion from Sentry.

9. EU and EEA - GDPR Disclosures

  • Data Controller: Cardvark is the data controller for crash diagnostic data.
  • Legal Basis: If any diagnostic data is considered personal data, our legal basis for processing is Article 6(1)(f) GDPR (Legitimate Interests) - specifically, our interest in maintaining a functional application.
  • International Transfers: Crash data is stored on Sentry's EU servers. No transfer outside the EEA occurs.
  • Your Rights: You have the right to Access, Rectification, Erasure, and to Object to processing. You can exercise your right to object to diagnostic collection instantly by using the toggle in the Settings menu.

10. Australia - Privacy Act 1988 Disclosures

10.1 Compliance and Personal Information

We handle information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because your card data never leaves your device and crash logs are anonymized, Cardvark generally does not collect "personal information" as defined by the Act.

10.2 Overseas Disclosure

Crash diagnostic data is processed by Sentry (Functional Software, Inc.) and stored on servers in the European Union. We take reasonable steps to ensure Sentry protects this data consistently with the APPs.

10.3 Complaints and the OAIC

If you have a concern about how we handle your privacy, please contact us first using the details in Section 13. We will investigate and respond to your complaint within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Online: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

11. United States - CCPA/CPRA Disclosures

We do not "sell" or "share" personal information as defined by California law. Residents of California and other US states have the right to know, delete, and correct their information. Since we do not maintain user profiles, most requests are satisfied by you managing the App directly.

12. Changes to This Policy

Material changes to this policy will be notified within the App. The effective date will always reflect the current version.

13. Contact Us

For any privacy questions, please contact us at [email protected].