Privacy Policy

Last updated: February 2026

1. Data We Collect

We collect your email address (stored encrypted), display name, and card type preferences. If you use Open Banking, we access transaction data through TrueLayer with your explicit consent.

2. How We Use Your Data

Your data is used solely to provide personalised card recommendations, track your rewards, and improve our service. We never sell your data to third parties.

3. Data Security

All sensitive data is encrypted using AES-256. Passwords are hashed with bcrypt. Open Banking tokens are stored in Google Secret Manager. We use TLS for all data in transit.

4. Your Rights (UK GDPR)

You have the right to access, rectify, delete, and port your personal data. You can exercise these rights by contacting privacy@rewards4all.com. We will respond within 30 days.

5. Data Retention

We retain your data for as long as your account is active. Open Banking data is subject to 90-day PSD2 consent windows. You can delete your account and all associated data at any time.

6. Cookies

We use essential cookies for authentication. We do not use tracking or advertising cookies.

7. Contact

Data Protection Officer: privacy@rewards4all.com