If we ever need additional personal information for a specific reason, we will tell you and ask for your permission. Also, to the extent that ChrysCard has links to other websites (like retailers), please note that we do not own, operate, or control them, and they have their own controlling privacy policies that you should review.
What data we collect and why
To provide our products, ChrysCard collects information that you share directly with us when you use our website and extension. When setting up your account, you will be asked to provide your name, email, and payment card products (e.g., Chase Sapphire Reserve).
ChrysCard also collects technical information about your device and use of ChrysCard to ensure that our products are working correctly. The information we collect is geared to providing ChrysCard members with a better way to shop and pay online and to help us develop, improve, and market our services.
Account and Profile Information
When you become a member of ChrysCard, you share a limited amount of information during the registration process, including your name, email address, member password and other registration information to personalize your profile.
If you choose to sign in with Google, you will have the option of importing your contacts so that you can refer your friends to ChrysCard. Referral addresses are masked, so we never see or store them, nor can we contact anyone without your permission.
As you continue to use ChrysCard’s products, you might also provide information when you:
use the ChrysCard Extension to make a purchase from a retailer
refer friends from your contacts to ChrysCard
sign up for a recommended payment card
access your consolidated view of your payment card spending and rewards
communicate with ChrysCard through email or other means
ChrysCard Payment Information
The ChrysCard extension or other products may offer the opportunity to sign up for recommended payment cards or other products or services through ChrysCard, as well as the opportunity to save your payment information to your ChrysCard account to allow you check out easier when shopping on retailers’ websites. In those cases, you will be asked to input a payment option (i.e., a debit or credit card), as well as information needed to complete those purchases (such as your billing address). In those instances, your payment information is secured and stored locally on your browser.
ChrysCard automatically collects information to ensure that our products work correctly on different devices and browsers. This includes data like
the type of device you are using
the device's unique ID (where available)
This data allows us to make sure ChrysCard products are working correctly, to make your experience better, and to detect and prevent fraud. Also, to help us coordinate our communications and marketing campaigns, and to understand how our users engage with our products, we use common digital tools that allow us to see if you opened an email we sent, visited a link in those emails, or generally interacted with ChrysCard as a result of our marketing efforts.
ChrysCard does not track your search engine history, emails, or your browsing on any site that is not a retail website (a site where you can shop and make a purchase). When you are on a pre-approved retail site, to help you save money, ChrysCard will collect information about that site that lets us know which optimal payment card to suggest for you. We may also collect information about pricing and availability of items, along with payment card merchant offers, which we can share with the rest of the ChrysCard community.
Shopping and Usage Data
On retail sites, ChrysCard collects the name of the retailer, page views, and in some cases, product information that allows us to suggest the optimal payment card for you to use at checkout. We may also collect limited information regarding your purchases on a retail site while using ChrysCard (e.g., the order total and the fact that an order was completed) for purposes including internal analytics, commission collection, and tracking of payment card spending and rewards. The information you share, and we collect, enables us to improve our products and gives us insights about payment card merchant offers, deals, pricing, and availability of retail items, which we can share with the rest of the ChrysCard community. We may also use this information to provide you with a more tailored, relevant experience or show sponsored product offers that may interest you.
Aggregate and Anonymized Data
We may also use the information we collect in aggregate or otherwise anonymized form. This lets us look at interactions with our site and products generally and does not identify you or any specific person. We use this general data for research, development, marketing, analytics, and to enhance the shopping experience for the ChrysCard community.
What data we do not collect
We collect information that we believe can help us save our users time and money. This does not include, and we do not collect, any information from your search engine history, emails, or from websites that are not retail sites.
We also do not collect credit card numbers, expiry dates and security codes (all these details are stored locally on your browser).
How we share your data
We know how important your personal data is to you, so we will only share it with your consent or in ways you would expect (as we explain here). That means we will share your data if needed to complete your purchase, with businesses who help us operate ChrysCard, or if we are legally required to do so.
We may also share information in the following cases:
with your express consent;
in an aggregate or anonymized format that does not identify any specific person;
as required by law, or to comply or respond to a valid government request;
when we believe in good faith that it's necessary to protect our rights, protect your safety or the safety of others, or investigate fraud; and
with a buyer or successor if ChrysCard is involved in a merger, acquisition, or similar corporate transaction. If that happens, you will be notified via email and/or a prominent notice on the Website of any change in ownership, as well as any choices you will have as a result.
How we protect your data
The security of your information is important to us. We have a team dedicated to protecting your information and have put in place physical, electronic, and procedural safeguards.
These measures include limiting access, using encryption, testing for vulnerabilities, advanced malware detection, employing pseudonymization and anonymization techniques, and more.
Despite our efforts, we cannot guarantee that user information will not be accessed, viewed, disclosed, altered, or destroyed as a result of a breach of any of our safeguards.
ChrysCard only retains information about you as long as you keep using ChrysCard, though we will keep information if we need it to meet our legal obligations and to defend against legal claims.
Some cookies can be temporary (“session cookies” like those used for navigating your browser) and disappear once you close it. Others last longer (“persistent cookies,” like when you ask a site to remember your login) and are saved to your computer until you delete them.
Our uses of cookies and similar technologies fall into the following general categories:
Marketing: We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you, such as whether you have clicked on an advertisement.
Any personal information that we collect and store through use of these technologies for categories 2 through 4 above are based on your consent, obtained through a conspicuous disclosure on our website during your first visit. You can withdraw this consent by emailing us at email@example.com. If you want to disable cookies entirely, your browser or mobile device might have an option to do that. For more information, including instructions on disabling cookies, please visit: http://www.allaboutcookies.org/
Your choices for managing your data
We have made it easy to opt out of ChrysCard’s products at any time.
You can always adjust your personal settings regarding what information you share and how ChrysCard communicates with you by emailing us at firstname.lastname@example.org. Please note that limiting the information you offer to provide may impact ChrysCard’s ability to recommend you the best payment card to use for each transaction.
If you want to stop using ChrysCard, you can uninstall the Extension and if you have any issues you can contact our support team for assistance by sending an email to email@example.com.
If you would like to delete your profile or personal information, you can always ask us by emailing firstname.lastname@example.org. We will delete any personal information we have, although the following exceptions apply: (1) we may still store your personal information if we need it to meet our legal or compliance obligations and/or to defend against legal claims; and (2) we may also continue to store your personal data in an aggregated and anonymized format that does not identify you and cannot be attributed to you, even after you have deleted your profile.
Additional rights regarding your data
Depending on where you live, you may have additional rights as to the personal information that you share and ChrysCard collects. Residents of the EU, UK, Canada, Australia, New Zealand, and California can click below to learn more.
EU, UK, Canada, Australia, and New Zealand residents.
Controller: ChrysCard is a private company, established in the United States of America. Our address is 500 Soldiers Field Road, Boston, MA 02163. Our contact email address is email@example.com. For the purposes of the General Data Protection Regulation, we are the data controller.
When you consent to our use of your data for a specific purpose.
When we need that data to enact a transaction or to provide you with services and products that you request. This includes personalizing features and protecting the security of ChrysCard and its users.
When ChrysCard has a legitimate interest in using that data in the normal ways you would expect, like ensuring ChrysCard products run properly, improving and creating new products, historical analytics research, promoting ChrysCard, and protecting our legal rights.
When we need to process your data to comply with a legal or regulatory obligation.
Your rights: You have the following rights with regard to your personal data. To exercise any of these rights, please contact us at firstname.lastname@example.org. Please note that these rights are limited, like for example, where fulfilling your request would adversely affect other individuals or our legal obligations.
Right to Access: You have the right to request information about your personal data that we hold, how we use it, and who we share it with.
Right to Portability: Where you have provided your personal data to us on the basis of your consent, you have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to send this data to another data controller.
Right to Rectification: You have the right to ask us to correct your personal data where it is inaccurate or incomplete.
Right to Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.
Right to Withdraw Consent: In situations where we are processing your personal data based on your consent, you may withdraw this consent at any time.
Right to Object to Processing: In situations where we are processing your personal data based on our legitimate interest, you can object that the interest is no longer legitimate. ChrysCard will stop processing that data, unless we can demonstrate an overriding legitimate ground. You can also request to opt out of direct marketing.
Right to Restrict Processing: You have the right to ask us to stop any active processing of your personal data while we seek to verify data you claim is inaccurate, while we verify our legitimate interests, or while we cannot erase that data due to legal obligations.
ChrysCard will try to respond to these requests within 30 days, but some might take longer. You will typically not be charged any fee for effecting these rights, but ChrysCard reserves the right to charge a reasonable fee (or refuse to comply) if the request is unfounded, repetitive, or excessive.
Complaints: If you wish to make a complaint about how we process your personal data, please contact us at email@example.com and we will do our best to resolve it. You can also choose to file a complaint with the relevant data protection authority.
If you live in California and use ChrysCard, you have some additional rights when it comes to your data.
Right to Delete: You can ask us to delete the personal information we have about you.
California law gives you the right to opt out of the sale of your personal information.
To exercise any of these rights, you (or your authorized agent) can email at firstname.lastname@example.org. We will confirm receipt of your request within 10 days, and will provide a response to you within 45 days of your request, though in some exceptional cases it might take longer (if that happens, we will let you know). We will need your name and email address to verify your request, and may also ask for additional information if necessary to verify the identity of the person making the request. We reserve the right to deny your request if we cannot verify your identity, or if an exemption applies (e.g., where fulfilling your request would adversely affect other individuals, or where we have a conflicting legal obligation). That said, we will not discriminate against you for exercising any of your privacy rights.
To learn about the categories of personal information that ChrysCard uses, please see the section of this policy called “What data we collect and why.” The personal information that we have collected in the past 12 months falls into the following categories as set out under California law:
The contact information you provide – California law refers to these as identifiers.
We do not track your location, but your IP address gives us a general idea of the city, state, and country - what California law calls geolocation.
Shopping and ChrysCard usage data – California law calls this internet activity.
Purchases on retail sites when using ChrysCard – this is commercial information under California law.
To learn about the limited ways in which we disclose data for our business purposes -- that is, to a service provider -- and the categories of those service providers, please see the section of this policy called “How we share your data.”
Please note that, while ChrysCard provides tools to manage your privacy as described in this policy, we do not support “Do Not Track” browser settings at this time.
Data Transfers from the EU
If we transfer your data outside of the European Economic Area, we will do so within the safeguards of Binding Corporate Rules, Model Contract Clauses and the EU-US Privacy Shield framework.
As we are located in the United States and ChrysCard’s products are operated in the United States, if you are located outside of the United States, please be aware that information you share and we collect will be transferred to, and processed, stored, and used in the United States in order to provide ChrysCard’s products to you. The United States does not have an adequacy decision regarding data protection from the European Commission.
ChrysCard complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
ChrysCard is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Regarding personal data that ChrysCard may transfer from the European Union to the United States, in some circumstances, including liability for cases of onward transfers to third parties, you may invoke binding arbitration.
We will respond to complaints in a timely fashion, and further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield for more information or to file a complaint. The services of the AAA are provided at no cost to you.
We created ChrysCard for the exclusive use of adults (18 and older). We do not knowingly collect or solicit personal information from children. If you are a child under 18, please do not attempt to use or register for ChrysCard’s products or send any personal information to us.
If we learn we have collected personal information from someone under 18, we will delete that information as quickly as possible. If you are a parent or guardian of a child who you think may have given us some personal information or posted information on any public portion of ChrysCard’s products, please let us know at email@example.com. We will help you remove it.
Changes to this policy
How to contact us
If you have any questions about our privacy policies and practice, please contact us at firstname.lastname@example.org.