← back

privacy policy

last updated: January 8, 2026

1. introduction

reap ("we," "us," or "our") is committed to protecting your privacy. this privacy policy explains how we collect, use, disclose, and safeguard your information when you use our credit card benefits tracking service ("service").

2. information we collect

2.1 information you provide

we collect information you directly provide when using our service:

  • account information: email address, name (optional), password (encrypted)
  • oauth information: when you sign in with google, we receive your email, name, and profile picture
  • credit card data: card names, issuers, annual fees, billing cycles (not actual card numbers or financial credentials)
  • benefits data: benefit types, limits, reset periods you track
  • transaction data: dates, amounts, and descriptions of benefits usage you enter
  • payment information: processed and stored securely by stripe (we do not store payment card details)

2.2 automatically collected information

  • usage data: pages visited, features used, time spent on the service
  • device information: browser type, operating system, device identifiers
  • cookies: session cookies to maintain your logged-in state (essential cookies only)
  • log data: ip address, access times, errors, and system activity

3. how we use your information

we use your information to:

  • provide, maintain, and improve the service
  • create and manage your account
  • process your transactions and subscriptions
  • calculate roi analytics and usage statistics
  • send service-related notifications (account changes, billing, security)
  • respond to your support requests and questions
  • detect and prevent fraud, abuse, and security issues
  • comply with legal obligations
  • improve user experience and develop new features

we do not:

  • sell your personal information to third parties
  • use your data for targeted advertising
  • share your credit card tracking data with anyone

4. how we share your information

we may share your information in the following circumstances:

4.1 service providers

  • stripe: payment processing and subscription management
  • google oauth: authentication services (when you choose to sign in with google)
  • hosting providers: infrastructure and database hosting

4.2 legal requirements

we may disclose your information if required by law or in response to:

  • legal processes (subpoenas, court orders)
  • government or regulatory requests
  • protection of our rights, safety, or property
  • investigation of fraud or security issues

4.3 business transfers

if we are involved in a merger, acquisition, or sale of assets, your information may be transferred. we will notify you of any such change.

5. data storage and security

5.1 data storage

your data is stored in secure databases. we use sqlite for local deployments and postgresql for production (via vercel). all data is encrypted in transit using https/tls.

5.2 security measures

  • passwords are hashed and salted using industry-standard algorithms
  • session tokens are stored in http-only cookies to prevent xss attacks
  • database access is restricted and authenticated
  • regular security updates and monitoring

however, no method of transmission or storage is 100% secure. we cannot guarantee absolute security.

5.3 data retention

we retain your information for as long as your account is active or as needed to provide the service. if you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

6. your rights and choices

you have the following rights regarding your personal information:

6.1 access and portability

you can access and export all your data through your account settings. contact us at support@reap.com to request a complete copy of your data.

6.2 correction and updates

you can update your account information, credit cards, and benefits at any time through the service.

6.3 deletion

you can delete your account and all associated data by contacting us. upon request, we will delete your personal information within 30 days, subject to legal retention requirements.

6.4 marketing communications

we only send service-related emails (account notifications, billing, security alerts). we do not send marketing emails. you cannot opt out of service-related communications.

6.5 cookies

we use only essential session cookies required for the service to function. you can disable cookies in your browser, but this will prevent you from using the service.

7. gdpr compliance (european users)

if you are located in the european economic area (eea), you have additional rights under the general data protection regulation (gdpr):

7.1 legal basis for processing

we process your personal data based on:

  • contract: to provide the service you signed up for
  • legitimate interests: to improve the service, prevent fraud, and ensure security
  • consent: when you provide explicit consent (e.g., oauth sign-in)
  • legal obligation: to comply with applicable laws

7.2 your gdpr rights

  • right to access: request a copy of your personal data
  • right to rectification: correct inaccurate data
  • right to erasure: request deletion of your data ("right to be forgotten")
  • right to restriction: limit how we process your data
  • right to portability: receive your data in a structured, machine-readable format
  • right to object: object to processing based on legitimate interests
  • right to withdraw consent: withdraw consent at any time

to exercise these rights, contact us at support@reap.com. we will respond within 30 days.

7.3 data transfers

your data may be transferred to and processed in the united states or other countries where our service providers operate. we ensure adequate safeguards are in place for international transfers.

7.4 supervisory authority

you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with gdpr requirements.

8. children's privacy

the service is not intended for children under 18 years of age. we do not knowingly collect personal information from children. if you believe we have collected information from a child, please contact us immediately.

9. third-party links

the service may contain links to third-party websites (e.g., credit card issuer websites). we are not responsible for the privacy practices of these external sites. please review their privacy policies.

10. california privacy rights (ccpa)

if you are a california resident, you have additional rights under the california consumer privacy act:

  • right to know what personal information is collected
  • right to know if personal information is sold or disclosed
  • right to say no to the sale of personal information (we do not sell your data)
  • right to delete personal information
  • right to non-discrimination for exercising ccpa rights

to exercise these rights, contact us at support@reap.com.

11. changes to this privacy policy

we may update this privacy policy from time to time. we will notify you of material changes by:

  • sending an email to your registered address
  • posting a notice in the service
  • updating the "last updated" date at the top of this page

your continued use of the service after changes constitutes acceptance of the updated privacy policy.

12. contact us

if you have questions about this privacy policy or wish to exercise your privacy rights, please contact us:

email: support@reap.com

we will respond to your inquiry within 30 days.