← Credits

Privacy Policy

Last updated July 12, 2026

Overview

Credits is an independent, personal project that helps you track recurring credit card statement credits and expiring offers across your card wallet. It is not affiliated with, endorsed by, or sponsored by any credit card issuer, Plaid Inc., Google, or Slack Technologies, LLC. This policy explains what information Credits collects, how it's used, and the choices you have.

Information We Collect

  • Account information — your email address, and, if you sign in with Google, your name and profile photo, handled by our authentication provider (Supabase Auth).
  • Card and benefit data you enter — the cards you add, benefits you track, redemption history, notes, and ROI inputs.
  • Bank connection data (optional) — if you connect an account via Plaid, we receive account and institution metadata and transaction data, used only to suggest possible redemptions for you to confirm.
  • Google Tasks access (optional)— if you connect Google Tasks, we use it solely to create and check off reminder tasks in a dedicated "Credits" task list.
  • Notification settings — an optional Slack webhook URL you provide, used only to deliver your digest to your own Slack workspace.
  • Usage and analytics data — pages visited, approximate location, device and browser type, collected via Google Analytics using cookies, in aggregate form.

How We Use Information

We use this information to operate the app: showing your dashboard, tracking expiration windows, matching bank transactions to benefits, sending Slack digests and Google Tasks reminders you've opted into, and improving the product based on aggregate usage patterns. We do not sell your information, and we do not use your financial or benefit data for advertising.

How We Store and Protect Information

Data is stored in a Postgres database (via Supabase) protected by row-level security, so each account can only read its own data. Plaid access tokens and Google refresh tokens are never stored in plain form — they're encrypted via Supabase Vault and can only be decrypted by server-side functions, never by the application directly or by other users. Database backups are encrypted and retained on a rolling basis.

Third-Party Services

Credits relies on the following third parties, each of which processes data under its own privacy policy:

  • Supabase — database, authentication, and encrypted secret storage.
  • Vercel — application hosting and scheduled jobs.
  • Plaid — optional bank account linking and transaction retrieval.
  • Google — optional sign-in and optional Google Tasks integration.
  • Slack — optional digest delivery to a webhook you provide.
  • Google Analytics — aggregate product usage analytics.

Data Sharing

We don't sell or rent your data. Information is only visible to you. We may disclose information if required by law.

Your Choices

  • Disconnect Plaid or Google at any time from Settings — this deletes the stored token immediately and revokes access.
  • Export your data as a CSV from the app at any time.
  • Request deletion of your account and associated data by emailing sanchitcop19@gmail.com.

Data Retention

We keep your data for as long as your account is active. If you request deletion, we remove your account data, including any connected bank or Google tokens, within a reasonable time.

Children's Privacy

Credits is not directed at, and should not be used by, anyone under 16.

Changes to This Policy

We may update this policy as the app evolves. Material changes will be reflected by updating the "Last updated" date above.

Contact

Questions about this policy? Email sanchitcop19@gmail.com.