This Privacy Policy describes how Cardinator (the "Application") handles your information. Unlike traditional wallet applications, our software is built on a foundation of absolute privacy and strict local data containment. We believe that your loyalty cards, membership cards, transport passes, and other personal cards belong exclusively to you.
1. Data Ownership and Sovereignty
You are the sole owner of your data. Any information, card images, barcodes, text, or identifiers you input, scan, or save within Cardinator remain explicitly on your physical device. The developer does not collect, analyze, monetize, or store your information on any external infrastructure. Your data never leaves your device unless you actively choose to share it via the manual, peer-to-peer transfer mechanisms described below.
2. No Account or Registration Required
To use Cardinator, you are not required to create an account, provide an email address, link a phone number, or connect any social media profiles. The Application is fully functional immediately upon installation without collecting any identity-verifying metadata.
3. In-App Purchases and the Pro Version
The Cardinator application offers an optional upgrade to a "Pro" version via a one-time in-app purchase. This transaction grants you lifetime ownership of the premium features without recurring subscription fees.
- Payment Processing: All financial transactions and payment processing are handled securely and exclusively by the official billing system of the application store from which you downloaded the Application. Cardinator does not collect, access, or store your credit card numbers, billing addresses, or bank details.
- License Verification: To verify your purchase status and activate Pro features, the Application utilizes the standard, secure platform APIs provided by that application store's services. This licensing check is handled directly between your device's operating system and the store platform's infrastructure; Cardinator maintains no separate user database or external licensing server to track your purchase.
4. Application Permissions and Usage
To provide core utility functionalities locally on your device, Cardinator requires specific device permissions. These permissions are used exclusively for on-device processing:
- Camera Permission: Used solely to scan barcodes, QR codes, or capture card images when you choose to add a card. Image processing occurs strictly in real-time on your device. No images or video feeds are transmitted over the internet or saved outside the secure local directory of the Application.
- Biometric Authentication (Face ID / Touch ID / Fingerprint): Used to secure access to Cardinator. The Application utilizes standard system-level authentication APIs provided by your operating system. The Application cannot access, read, or store your actual biometric data; it simply receives a secure pass/fail confirmation from the hardware layer of your device.
- NFC (Near Field Communication): Used exclusively when you explicitly initiate the peer-to-peer transfer or broadcasting of an applicable card. This interaction requires manual, deliberate user action for each transaction.
- Bluetooth, Wi-Fi, and Nearby Device Permissions: Used to discover and connect to a nearby device when you explicitly initiate a peer-to-peer card transfer via the platform's nearby-device connection framework. On some operating system versions, this discovery process requires the system-level Location permission as a platform requirement of the Bluetooth/Wi-Fi APIs; Cardinator does not request, access, read, or store your device's actual GPS or network-based location. No location data is ever read, derived, or transmitted by the Application.
5. Peer-to-Peer Data Sharing
Cardinator includes features allowing you to share cards with other devices via QR codes, NFC, or the platform's nearby-device connection framework (using Bluetooth and Wi-Fi for device discovery and transfer). These sharing methods operate purely on a local, peer-to-peer or direct broadcast basis:
- Sharing is entirely user-initiated and controlled.
- Data transfers occur directly between the originating device and the receiving device.
- No intermediary cloud servers or third-party networks are utilized to facilitate, log, or track these sharing actions.
6. Security and Data Retention
Because your data is stored locally, its security depends entirely on the physical security of your mobile device and your activation of the built-in biometric lock feature.
7. Your Rights and Data Deletion
Because all of your data is stored exclusively on your own device, you retain complete and direct control over it at all times. You can view, edit, or permanently delete any individual card — or all of your data — at any moment from within the Application, without contacting anyone. Uninstalling the Application erases everything. The developer holds no copy of your data and therefore has nothing to hand over, correct, or delete on your behalf; your rights to access, rectification, and erasure under data protection regulations (such as the GDPR) are satisfied by design.
8. Third-Party Analytics and Advertising
Cardinator contains no advertising networks and no analytics or tracking SDKs added by the developer. Your behavior within the Application is not monitored, profiled, or reported to any entity.
The Application uses the operating system's on-device machine-learning libraries to recognize barcodes and QR codes through your camera. All recognition happens locally on your device. Like most system-provided SDKs, these libraries may transmit anonymized diagnostic and performance data about the SDK itself (for example, crash and speed statistics) to the platform provider. This data never includes your cards, images, codes, or any personal content, and it is not accessible to the developer.
9. Children's Privacy
The Application is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). Because Cardinator collects no personal data from any user and requires no account, no personal information from children — or anyone else — is ever collected, stored, or transmitted by the developer. If you are a parent or guardian and believe this policy raises any concern, feel free to contact us using the details below.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time to reflect functional adjustments to Cardinator. We recommend reviewing this page periodically. Any updates are effective immediately upon being published on this page.
11. Contact Information
If you have any questions, compliance inquiries, or technical feedback regarding this Privacy Policy, please reach out via the communication details below: