Privacy Policy
Last updated July 10, 2026
This Policy describes how Canacard, Inc. collects, uses, and shares information when you use our platform. We take a minimum-necessary approach to data.
Information we collect
- Identity: name, date of birth, and a government ID image processed by our verification partner to confirm age and eligibility.
- Financial: linked bank account tokens (we never store your online banking password), transaction amounts, tips, and refund history.
- Location: coarse device location only if you enable geofence alerts.
- Usage: device, browser, notification tokens, and interaction analytics.
How we use it
- Process payments, settle to merchants, and issue refunds.
- Verify eligibility and meet KYC / BSA obligations.
- Award loyalty points and deliver rewards, referrals, and geofence offers you opted into.
- Detect fraud and secure your account.
Sharing
We share data with: (a) our bank verification partner and sponsor bank to move funds; (b) the merchant you are paying (name, amount, points earned — not your bank details); (c) regulators and law enforcement when required. We do not sell your personal data.
Retention
Transaction records are retained for at least 5 years to satisfy financial recordkeeping rules. Identity images are retained by our verification partner only as long as required. You may request deletion of marketing data at any time.
Your rights
Depending on your state, you may have rights to access, correct, or delete personal data, and to opt out of targeted advertising. Email privacy@canacard.app to exercise them.
Security
Bank credentials are tokenized. Data at rest and in transit is encrypted. Access is restricted with row-level security and role-based controls.
Contact
Privacy questions: privacy@canacard.app.