Privacy Policy

Last Updated: June 16, 2026

Soboan LLC ("we," "our," or "us") operates Cardreap, the online application website at cardreap.com and related technology services. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you utilize our application.

1. Information We Collect

To provide our credit card benefit tracking and analysis services, we collect information that identifies, relates to, or describes your financial accounts.

A. Information Collected via Third-Party API Partners (Plaid)

We use Plaid, Inc. ("Plaid") to connect our application with your financial institution.

Data Types Collected: When you link your bank account or credit card via Plaid, we receive information including your account balances, account numbers (masked), transaction history, account types, and identifying information associated with the account holder (such as name and contact info).

Plaid's Privacy Policy: By using our service, you acknowledge and agree that your data will be treated in accordance with Plaid's Privacy Policy, which can be found at https://plaid.com/legal/. You grant us and Plaid the right, power, and authority to act on your behalf to access and transmit this information from the relevant financial institution.

B. Information You Provide Directly

Account Registration: When you create an account, we collect your legal name, email address, and account credentials.

2. How We Use Your Information

We use the data collected via Plaid and your direct inputs strictly to:

Analyze and check credit card transactions and benefits, and confirm that credits you earned actually post.
Identify optimization or savings opportunities relevant to you.
Monitor, secure, and improve the performance of our online application.
Comply with legal obligations and enforce our terms of service.

3. How We Share Your Information

We do not sell, rent, or trade your personal financial data to third parties. We only share information under the following strict conditions:

With Service Providers (Subprocessors): We share data only with trusted infrastructure providers necessary to run the app, bound by strict confidentiality agreements. These currently include Plaid (financial account connectivity), Supabase (authentication and database hosting), and cloud hosting providers that operate our servers. A current list of subprocessors is available on request at [email protected].
For Legal Compliance: We may disclose data if required to do so by law, regulation, subpoena, or to protect the safety and rights of Soboan LLC and our users.

A note on affiliate links: When you choose to apply for a product through one of our affiliate links, an anonymous tracking identifier may be shared with the advertising network so a resulting approval can be attributed to us. This does not transmit your transaction history or financial account data. See our Advertiser & Affiliate Disclosure for details.

4. Data Security

We implement industry-standard technical and organizational security measures — including Multi-Factor Authentication (MFA), encryption in transit (TLS), and encryption at rest (AES-256) — to ensure your financial data remains secure. No financial tokens or access credentials are ever stored on local developer devices or exposed to the client browser environment.

5. Data Retention

We retain your financial transaction history only for as long as your account remains active and you keep the relevant institution connected. Because credit card benefits operate on recurring cycles — monthly, annual, and in some cases multi-year — we keep enough transaction history to verify those benefits across their full cycle. When data is no longer needed for benefit tracking, or after you disconnect an institution, it is removed from our active systems. Following an account deletion request, all transaction history and PII is irreversibly purged from our production databases within 30 days, as described in Section 7. Residual copies may persist briefly in encrypted, access-controlled backups before being overwritten on our standard backup rotation, after which they are permanently unrecoverable.

6. Data Breach Notification

We maintain safeguards designed to prevent unauthorized access to your data. In the unlikely event of a data breach that compromises your personal or financial information, we will notify affected users and any applicable regulators without undue delay and consistent with applicable law. Our notice will describe, to the extent known, the nature of the incident, the categories of information involved, the steps we have taken in response, and measures you can take to protect yourself.

7. Your Data Rights & Deletion

You maintain full control over your financial data.

Revocation: You may disconnect your financial institution at any time inside the application dashboard.
Account Deletion: You have the right to request the permanent deletion of your profile. Upon an account deletion request, we programmatically revoke all active Plaid access tokens and irreversibly purge your transaction history and PII from our production databases within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect shifts in our operational practices or regulatory requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date.

9. Contact Us

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

Soboan LLC
Email: [email protected]
Address: Redmond, WA 98052