What we keep, what we don't, and how to get rid of it.

What we keep

• Your email and phone. Encrypted at rest with the same kind of locks banks use (AES-256-GCM under keys held in a managed key service). We need these to send you the reward notifications you asked for.
• A token your bank gave us when you linked your card. It's a string of letters, not a card number — useless to anyone who steals it.
• The transactions we matched to your linked card. Amount, location, time. That's it.

What we never keep

• Card numbers, CVVs, expiry dates. The card company handles those. We don't want them and we never receive them.
• Bank login credentials. We never ask for them.
• Your password. Sign-in is handled by Firebase Auth.
• The line items on your bill. We see "$32 was spent here," not "two beers and a burger."

How long we keep it

Until you tell us to forget you. There's a button for that in the app — one tap, no support ticket, no two-week wait. When you press it, your email and phone are nulled, your transactions are unlinked from your account, and the row is marked deleted inside a single database transaction. We retain a minimal audit log of the deletion itself for compliance.

Where it lives

US data centers. Encrypted at rest. Encryption keys are envelope-encrypted under AWS KMS root keys with a short rotation window. Every access is logged. Backups inherit the same encryption.

Cookies and tracking

We use the minimum needed to keep you signed in. No third-party advertising trackers. No retargeting pixels. The app doesn't follow you around the rest of the internet.

Your rights

You can export everything we have about you, correct anything that's wrong, and ask us to delete it. The export and delete buttons are in your account settings. The right to correct is one email away — write to privacy@bribe.app.

If you're in California, the CCPA applies to you. If you're in the EU or UK, the GDPR applies to you. Both give you the rights described above; we honor them regardless of where you live.