Introducing the Privacy Policy

 

This privacy policy (“Privacy Policy”) explains how ChrysCard collects and processes information from members and users of the website, software applications, and other online services we provide (collectively “ChrysCard products”). ChrysCard's products include, but are not limited to, the ChrysCard extension for web browsers (the “Extension”) and the website located at www.chryscard.com (the “Website”).

 

If we ever need additional personal information for a specific reason, we will tell you and ask for your permission. Also, to the extent that ChrysCard has links to other websites (like retailers), please note that we do not own, operate, or control them, and they have their own controlling privacy policies that you should review.

 

 

What data we collect and why

 

To provide our products, ChrysCard collects information that you share directly with us when you use our website and extension. When setting up your account, you will be asked to provide your name, email, and payment card products (e.g., Chase Sapphire Reserve).

 

ChrysCard also collects technical information about your device and use of ChrysCard to ensure that our products are working correctly. The information we collect is geared to providing ChrysCard members with a better way to shop and pay online and to help us develop, improve, and market our services.

 

Account and Profile Information

 

When you become a member of ChrysCard, you share a limited amount of information during the registration process, including your name, email address, member password and other registration information to personalize your profile.

 

If you choose to link a social media profile (like Facebook) at sign-in, ChrysCard will store this information for login purposes. Linking your social media profile grants ChrysCard access to the profile, but only as allowed by your permission settings, that platform's terms of service, and this Privacy Policy. We will NOT track any of your social media activity, and we cannot post anything on your behalf.

 

If you choose to sign in with Google, you will have the option of importing your contacts so that you can refer your friends to ChrysCard. Referral addresses are masked, so we never see or store them, nor can we contact anyone without your permission.

 

As you continue to use ChrysCard’s products, you might also provide information when you:

  • use the ChrysCard Extension to make a purchase from a retailer

  • refer friends from your contacts to ChrysCard

  • sign up for a recommended payment card

  • access your consolidated view of your payment card spending and rewards

  • communicate with ChrysCard through email or other means

 

ChrysCard Payment Information

 

The ChrysCard extension or other products may offer the opportunity to sign up for recommended payment cards or other products or services through ChrysCard, as well as the opportunity to save your payment information to your ChrysCard account to allow you check out easier when shopping on retailers’ websites. In those cases, you will be asked to input a payment option (i.e., a debit or credit card), as well as information needed to complete those purchases (such as your billing address). In those instances, your payment information is secured and stored locally on your browser.

 

Technical Information

 

ChrysCard automatically collects information to ensure that our products work correctly on different devices and browsers. This includes data like

  • the type of device you are using

  • the device's unique ID (where available)

  • operating system

  • browser type

  • IP address

  • event stamp

  • error logs

This data allows us to make sure ChrysCard products are working correctly, to make your experience better, and to detect and prevent fraud. Also, to help us coordinate our communications and marketing campaigns, and to understand how our users engage with our products, we use common digital tools that allow us to see if you opened an email we sent, visited a link in those emails, or generally interacted with ChrysCard as a result of our marketing efforts.

 

ChrysCard does not track your search engine history, emails, or your browsing on any site that is not a retail website (a site where you can shop and make a purchase). When you are on a pre-approved retail site, to help you save money, ChrysCard will collect information about that site that lets us know which optimal payment card to suggest for you. We may also collect information about pricing and availability of items, along with payment card merchant offers, which we can share with the rest of the ChrysCard community.

 

Shopping and Usage Data

 

On retail sites, ChrysCard collects the name of the retailer, page views, and in some cases, product information that allows us to suggest the optimal payment card for you to use at checkout. We may also collect limited information regarding your purchases on a retail site while using ChrysCard (e.g., the order total and the fact that an order was completed) for purposes including internal analytics, commission collection, and tracking of payment card spending and rewards. The information you share, and we collect, enables us to improve our products and gives us insights about payment card merchant offers, deals, pricing, and availability of retail items, which we can share with the rest of the ChrysCard community. We may also use this information to provide you with a more tailored, relevant experience or show sponsored product offers that may interest you.

 

Aggregate and Anonymized Data

 

We may also use the information we collect in aggregate or otherwise anonymized form. This lets us look at interactions with our site and products generally and does not identify you or any specific person. We use this general data for research, development, marketing, analytics, and to enhance the shopping experience for the ChrysCard community.

 

What data we do not collect

 

We collect information that we believe can help us save our users time and money. This does not include, and we do not collect, any information from your search engine history, emails, or from websites that are not retail sites.

 

We also do not collect credit card numbers, expiry dates and security codes (all these details are stored locally on your browser).

 

 

How we share your data

 

We know how important your personal data is to you, so we will only share it with your consent or in ways you would expect (as we explain here). That means we will share your data if needed to complete your purchase, with businesses who help us operate ChrysCard, or if we are legally required to do so.

 

We may share information with our service providers (businesses that work for and with us) for the purpose of running ChrysCard and fulfilling our commitments to you. These include businesses that perform services on our behalf, including to help us maintain our products, to provide support for legal, banking, security protection, payment processing, our own marketing, and customer service. Please know that when we share information with our service providers, it is for the purposes outlined in this Privacy Policy and not for their independent use. For example, we use Google's fraud prevention tool ReCaptcha on parts of our website, but it is only used to fight spam and abuse.

 

We may also share information in the following cases:

  • with your express consent;

  • in an aggregate or anonymized format that does not identify any specific person;

  • as required by law, or to comply or respond to a valid government request;

  • when we believe in good faith that it's necessary to protect our rights, protect your safety or the safety of others, or investigate fraud; and

  • with a buyer or successor if ChrysCard is involved in a merger, acquisition, or similar corporate transaction. If that happens, you will be notified via email and/or a prominent notice on the Website of any change in ownership, as well as any choices you will have as a result.

 

 

How we protect your data

 

The security of your information is important to us. We have a team dedicated to protecting your information and have put in place physical, electronic, and procedural safeguards.

 

These measures include limiting access, using encryption, testing for vulnerabilities, advanced malware detection, employing pseudonymization and anonymization techniques, and more.

 

Despite our efforts, we cannot guarantee that user information will not be accessed, viewed, disclosed, altered, or destroyed as a result of a breach of any of our safeguards.

 

ChrysCard only retains information about you as long as you keep using ChrysCard, though we will keep information if we need it to meet our legal obligations and to defend against legal claims.

 

 

How we use cookies and similar technologies

 

Like most other online services, ChrysCard uses cookies, pixel tags, web beacons, and other markers to collect some of the data discussed in this Privacy Policy. These help us operate our products, analyze engagement and usage, and provide a relevant and personalized shopping experience. See below to learn how you can manage your cookie preferences.

 

Some cookies can be temporary (“session cookies” like those used for navigating your browser) and disappear once you close it. Others last longer (“persistent cookies,” like when you ask a site to remember your login) and are saved to your computer until you delete them.

 

Our uses of cookies and similar technologies fall into the following general categories:

  • Essential: We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our sites, services, applications, and tools. This includes technologies that allow you access to our sites, services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions;

  • Performance: We may use cookies, web beacons, or other similar technologies to assess the performance of our websites, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our websites, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools;

  • Functionality: We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our sites, services, applications, or tools. This may include identifying you when you sign into our sites or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our sites;

  • Marketing: We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you, such as whether you have clicked on an advertisement.

 

Any personal information that we collect and store through use of these technologies for categories 2 through 4 above are based on your consent, obtained through a conspicuous disclosure on our website during your first visit. You can withdraw this consent by emailing us at team@chryscard.com. If you want to disable cookies entirely, your browser or mobile device might have an option to do that. For more information, including instructions on disabling cookies, please visit: http://www.allaboutcookies.org/

 

 

Your choices for managing your data

 

We have made it easy to opt out of ChrysCard’s products at any time.

 

You can always adjust your personal settings regarding what information you share and how ChrysCard communicates with you by emailing us at team@chryscard.com. Please note that limiting the information you offer to provide may impact ChrysCard’s ability to recommend you the best payment card to use for each transaction.

 

If you want to stop using ChrysCard, you can uninstall the Extension and if you have any issues you can contact our support team for assistance by sending an email to team@chryscard.com.

 

If you would like to delete your profile or personal information, you can always ask us by emailing team@chryscard.com. We will delete any personal information we have, although the following exceptions apply: (1) we may still store your personal information if we need it to meet our legal or compliance obligations and/or to defend against legal claims; and (2) we may also continue to store your personal data in an aggregated and anonymized format that does not identify you and cannot be attributed to you, even after you have deleted your profile.

 

 

Additional rights regarding your data

 

Depending on where you live, you may have additional rights as to the personal information that you share and ChrysCard collects. Residents of the EU, UK, Canada, Australia, New Zealand, and California can click below to learn more.

 

EU, UK, Canada, Australia, and New Zealand residents.

 

Controller: ChrysCard is a private company, established in the United States of America. Our address is 500 Soldiers Field Road, Boston, MA 02163. Our contact email address is team@chryscard.com. For the purposes of the General Data Protection Regulation, we are the data controller.

 

Legal Bases: The personal information that you share and we collect, as well as its purposes, are described in this Privacy Policy. ChrysCard will only collect or process your personal information if we have a legal basis to do so. These are:

  • When you consent to our use of your data for a specific purpose.

  • When we need that data to enact a transaction or to provide you with services and products that you request. This includes personalizing features and protecting the security of ChrysCard and its users.

  • When ChrysCard has a legitimate interest in using that data in the normal ways you would expect, like ensuring ChrysCard products run properly, improving and creating new products, historical analytics research, promoting ChrysCard, and protecting our legal rights.

  • When we need to process your data to comply with a legal or regulatory obligation.

Your rights: You have the following rights with regard to your personal data. To exercise any of these rights, please contact us at team@chryscard.com. Please note that these rights are limited, like for example, where fulfilling your request would adversely affect other individuals or our legal obligations.

  • Right to Access: You have the right to request information about your personal data that we hold, how we use it, and who we share it with.

  • Right to Portability: Where you have provided your personal data to us on the basis of your consent, you have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to send this data to another data controller.

  • Right to Rectification: You have the right to ask us to correct your personal data where it is inaccurate or incomplete.

  • Right to Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.

  • Right to Withdraw Consent: In situations where we are processing your personal data based on your consent, you may withdraw this consent at any time.

  • Right to Object to Processing: In situations where we are processing your personal data based on our legitimate interest, you can object that the interest is no longer legitimate. ChrysCard will stop processing that data, unless we can demonstrate an overriding legitimate ground. You can also request to opt out of direct marketing.

  • Right to Restrict Processing: You have the right to ask us to stop any active processing of your personal data while we seek to verify data you claim is inaccurate, while we verify our legitimate interests, or while we cannot erase that data due to legal obligations.

ChrysCard will try to respond to these requests within 30 days, but some might take longer. You will typically not be charged any fee for effecting these rights, but ChrysCard reserves the right to charge a reasonable fee (or refuse to comply) if the request is unfounded, repetitive, or excessive.

 

Complaints: If you wish to make a complaint about how we process your personal data, please contact us at team@chryscard.com and we will do our best to resolve it. You can also choose to file a complaint with the relevant data protection authority.

 

California residents

 

If you live in California and use ChrysCard, you have some additional rights when it comes to your data.

  • Right to Delete: You can ask us to delete the personal information we have about you.

  • Right to Know: You can ask us for a list of the categories of personal information we have about you, the categories of sources from which we get personal information, the business purposes for which we collect personal information, and the categories of third parties with whom it is shared (you can also see that in this Privacy Policy). You also can ask us for a copy of the pieces of personal information we have about you.

California law gives you the right to opt out of the sale of your personal information.

 

To exercise any of these rights, you (or your authorized agent) can email at team@chryscard.com. We will confirm receipt of your request within 10 days, and will provide a response to you within 45 days of your request, though in some exceptional cases it might take longer (if that happens, we will let you know). We will need your name and email address to verify your request, and may also ask for additional information if necessary to verify the identity of the person making the request. We reserve the right to deny your request if we cannot verify your identity, or if an exemption applies (e.g., where fulfilling your request would adversely affect other individuals, or where we have a conflicting legal obligation). That said, we will not discriminate against you for exercising any of your privacy rights.

 

To learn about the categories of personal information that ChrysCard uses, please see the section of this policy called “What data we collect and why.” The personal information that we have collected in the past 12 months falls into the following categories as set out under California law:

  • The contact information you provide – California law refers to these as identifiers.

  • We do not track your location, but your IP address gives us a general idea of the city, state, and country - what California law calls geolocation.

  • Shopping and ChrysCard usage data – California law calls this internet activity.

  • Purchases on retail sites when using ChrysCard – this is commercial information under California law.

To learn about the limited ways in which we disclose data for our business purposes -- that is, to a service provider -- and the categories of those service providers, please see the section of this policy called “How we share your data.”

 

Please note that, while ChrysCard provides tools to manage your privacy as described in this policy, we do not support “Do Not Track” browser settings at this time.

 

Lastly, California residents also have the right to request this information in an accessible alternative format. If you have a disability and would like to access this privacy policy in an alternative format, please contact us by email or mail as detailed below.

 

 

Data Transfers from the EU

 

If we transfer your data outside of the European Economic Area, we will do so within the safeguards of Binding Corporate Rules, Model Contract Clauses and the EU-US Privacy Shield framework.

 

As we are located in the United States and ChrysCard’s products are operated in the United States, if you are located outside of the United States, please be aware that information you share and we collect will be transferred to, and processed, stored, and used in the United States in order to provide ChrysCard’s products to you. The United States does not have an adequacy decision regarding data protection from the European Commission.

 

ChrysCard complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

 

ChrysCard is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Regarding personal data that ChrysCard may transfer from the European Union to the United States, in some circumstances, including liability for cases of onward transfers to third parties, you may invoke binding arbitration.

 

We will respond to complaints in a timely fashion, and further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield for more information or to file a complaint. The services of the AAA are provided at no cost to you.

 

 

Minors

 

We created ChrysCard for the exclusive use of adults (18 and older). We do not knowingly collect or solicit personal information from children. If you are a child under 18, please do not attempt to use or register for ChrysCard’s products or send any personal information to us.

 

If we learn we have collected personal information from someone under 18, we will delete that information as quickly as possible. If you are a parent or guardian of a child who you think may have given us some personal information or posted information on any public portion of ChrysCard’s products, please let us know at team@chryscard.com. We will help you remove it.

 

 

Changes to this policy

 

We will continue to update our policies and practices as needed. We will notify you of any changes to our Privacy Policy by posting any changes here. If we do, you will see that the date at the top of this Privacy Policy has changed.

 

 

How to contact us

 

If you have any questions about our privacy policies and practice, please contact us at team@chryscard.com.