Privacy Policy
Effective Date: June 20, 2026 · Last Updated: June 2026
BetterRewards (“we,” “us,” or “our”) operates the BetterRewards mobile application (the “App”) and the website at betterrewards.co (the “Site”), including the Chip AI assistant feature. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
By using BetterRewards, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App or Site.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Your email address and password (or authentication credentials if you sign in with Apple or Google). We do not store your Apple or Google account password.
- Profile information: Your name, if you choose to provide it during account setup.
- Card information: When you manually add a credit card, we collect the card issuer, product name, and reward category preferences. We never collect or store full card numbers, CVVs, or expiration dates.
- Spending preferences: Your stated spending goals and optimization preferences (e.g., travel, cashback, dining) used to personalize recommendations.
- Support requests: Information you provide when you contact us or submit a bug report, including your email address and the content of your message.
- Waitlist signup metadata: When you join the pre-launch waitlist on betterrewards.co, we collect your email address along with your IP address and browser user-agent string. The IP and user-agent are used solely for abuse prevention (rate limiting and duplicate detection) and are retained until the iOS app launches or you request deletion.
1.2 Information Collected Through Plaid
If you choose to link a financial account, we use Plaid Inc. (“Plaid”) to securely connect to your bank or card issuer. When you link an account through Plaid, we receive:
- Account identifiers: A tokenized account reference, card issuer name, card product name, and the last four digits of your account number. We never receive or store your full account number or bank login credentials.
- Transaction data: Read-only access to recent transaction history, including merchant name, transaction amount, date, and merchant category. This data is used solely to analyze your spending patterns and provide personalized card recommendations.
- Account balance information: Points, miles, or cashback balances associated with your linked accounts.
- Offer information: Targeted issuer offers (e.g., Amex Offers, Chase Offers) associated with your linked cards, including merchant name, discount details, expiration date, and activation status.
Plaid’s use of your data is governed by the Plaid End User Privacy Policy. We access your financial data in read-only mode — BetterRewards cannot move money, make payments, or modify your accounts in any way.
Transaction data retention: We retain transaction data for a rolling 90-day window. Transactions older than 90 days are permanently deleted from our systems.
1.3 Information Collected Automatically
- Analytics data: We use PostHog to collect anonymized usage data including screens viewed, features used, and actions taken within the App. This helps us understand how users interact with BetterRewards and improve the experience. PostHog does not collect your name, email, or financial data.
- Crash and error data: We use Sentry to collect crash reports and error logs. These may include device model, operating system version, app version, and technical details about the error. Sentry does not collect your financial data.
- Device information: Device type, operating system, app version, and a unique device identifier for push notification delivery.
1.4 Location Data
BetterRewards may request access to your device’s location to provide in-store card recommendations via push notification (e.g., alerting you to use your best card when you enter a store).
- Location data is processed on your device only. Your GPS coordinates are never transmitted to or stored on our servers.
- When a location-based recommendation is triggered, only the merchant identifier (not your coordinates) is sent to our server to determine the optimal card.
- You can disable location access at any time in your device settings. The App will continue to function without location data, but in-store push recommendations will be unavailable.
1.5 Subscription and Payment Data
Subscription payments are processed by Apple (via App Store) or by Stripe (for web subscribers). We do not directly collect or store your payment card details for subscription billing. We receive confirmation of your subscription status (active, trial, cancelled, expired) and plan type (monthly or annual) to manage your access.
1.6 Chip AI Assistant Conversations
The BetterRewards website (betterrewards.co) includes Chip, an AI-powered credit card assistant. When you use Chip:
- Message content: The text of messages you send to Chip is stored in our database. We store this to improve Chip’s responses, understand what questions users have, detect misuse or abuse, and improve the BetterRewards product and content.
- Session identifiers: An anonymous session identifier is assigned to your browser when you use Chip (even if you do not have a BetterRewards account). This is stored as an httpOnly cookie and is used solely to enforce daily usage limits and associate messages with a session for analysis purposes. It does not identify you personally.
- Usage metadata: We log the number of messages sent per session, timestamps, and whether a usage limit was reached. This is used for rate limiting, cost management, and abuse detection.
- Conversation logging: We do not use your Chip conversation content to train AI models. Conversations are reviewed by BetterRewards staff only for product improvement and abuse monitoring purposes.
What Chip does not collect or store:
- Chip does not have access to your financial accounts, card data, or transaction history unless you are logged in as a premium subscriber and have linked accounts (a future feature — not active at launch).
- If you voluntarily share sensitive personal information (such as a card number or account number) in a Chip message, Chip will alert you that this information is not needed and should not be shared in chat. We apply automated masking to minimize retention of inadvertently shared sensitive data.
Chip conversation retention: Chip conversation logs are retained for 12 months, after which message content is deleted. Aggregate usage metadata (message counts, session counts) may be retained in anonymized form indefinitely for product analytics.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the BetterRewards service
- Generate personalized credit card recommendations based on your spending patterns and card portfolio
- Send push notifications about optimal card usage, expiring offers, and rewards insights (with your permission)
- Process and manage your subscription
- Respond to your support requests
- Improve Chip’s responses and the overall product experience based on anonymized conversation analysis
- Detect and prevent fraud, abuse, security incidents, and misuse of AI features
- Comply with legal obligations
We do not use your information to:
- Sell your personal data to third parties
- Make lending or credit decisions
- Share your individual financial data with advertisers
- Build profiles for ad targeting
- Train third-party AI models on your conversation data
3. How We Share Your Information
We share your information only in the following limited circumstances:
3.1 Service Providers
We use the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting and authentication | Account data, encrypted profile and card data, Chip conversation logs |
| Plaid | Financial account connectivity | Account credentials are shared directly with Plaid by you; we receive tokenized data back |
| Anthropic | AI model powering Chip | Message content sent to Chip is processed by Anthropic’s Claude API to generate responses. Anthropic’s data usage is governed by their API usage policy. |
| PostHog | Product analytics | Anonymized usage events |
| Sentry | Error monitoring | Crash reports and device metadata |
| Apple / RevenueCat | Subscription billing (iOS) | Subscription status |
| Stripe | Subscription billing (web) | Subscription status |
| Resend | Transactional email delivery | Email address (for verification and account emails only) |
| Cloudflare | Bot and abuse prevention via Turnstile on web forms | IP address and browser challenge metadata, collected when you submit a form on betterrewards.co (e.g. the waitlist signup) |
Each provider is contractually bound to use your data solely for the purpose of providing their service to us and in accordance with applicable data protection laws.
3.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of BetterRewards, our users, or the public.
3.3 Business Transfers
If BetterRewards is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice within the App.
4. Affiliate Relationships and Recommendations
BetterRewards may earn a commission when you apply for a credit card through a link in our App or on our Site. This does not affect our recommendations. Our recommendation engine evaluates cards based solely on your spending data, card reward rates, and optimization preferences — not on whether we earn a commission from a particular issuer.
Where affiliate relationships exist, they are disclosed inline at the point of recommendation. For full details, see our Affiliate Disclosure.
5. Data Security
We take the security of your data seriously:
- All data in transit is encrypted using TLS 1.3.
- All personal and financial data at rest is encrypted.
- Full card numbers are never stored. We retain only tokenized references and last-four digits.
- Bank login credentials are never accessible to us — they are handled entirely by Plaid.
- Supabase Row Level Security (RLS) policies ensure users can only access their own data.
- Location data is processed on-device and never stored on our servers.
- Chip conversation logs are stored with access restricted to authorized BetterRewards staff only.
- We conduct periodic security reviews of our codebase and infrastructure.
No system is 100% secure. While we implement commercially reasonable measures to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@betterrewards.co.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Card and profile data | Until you delete your account |
| Transaction data (Plaid) | 90-day rolling window |
| Plaid connection tokens | Until you disconnect your account or delete your account |
| Analytics data (PostHog) | Anonymized; retained for product improvement |
| Crash reports (Sentry) | 90 days |
| Support requests | 12 months after resolution |
| Chip conversation message content | 12 months |
| Chip session identifiers and usage metadata | 24 months (anonymized after 12 months) |
When you delete your account, we remove your personal data from our active systems, including any Chip conversation logs associated with your account. Anonymous session data (not linked to an account) is retained per the schedule above and cannot be deleted on request as it is not linked to an identifiable person. Some data may persist in encrypted backups for a limited period before being permanently deleted.
7. Your Rights and Choices
7.1 All Users
- Access your data: You can request a copy of your personal data by contacting us at support@betterrewards.co.
- Delete your account: You can delete your account at any time from the App (Settings → Delete Account). This will permanently remove your personal data from our active systems, revoke any linked Plaid connections, cancel your subscription, and delete Chip conversation logs associated with your account.
- Disconnect financial accounts: You can unlink any connected bank or card account at any time from the App. This revokes the Plaid access token and stops all data syncing for that account.
- Manage notifications: You can enable or disable push notifications in your device settings at any time.
- Manage location access: You can revoke location permission at any time in your device settings.
- Chip conversation data: If you have a BetterRewards account and wish to request deletion of your Chip conversation history before the standard retention period, contact us at support@betterrewards.co.
7.2 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt out of the sale of your personal information — we do not sell your personal information
- Non-discrimination for exercising your privacy rights
To exercise these rights, contact us at support@betterrewards.co. We will verify your identity before processing your request.
7.3 UK and EU Residents (UK GDPR / EU GDPR)
If you are located in the United Kingdom or European Economic Area, you have additional rights including:
- Access, rectification, and erasure of your personal data
- Data portability — receive your data in a structured, machine-readable format
- Restriction of processing in certain circumstances
- Object to processing based on our legitimate interests
- Lodge a complaint with your local data protection authority (in the UK, this is the Information Commissioner’s Office at ico.org.uk)
Our legal basis for processing your data is:
- Contract performance: Processing necessary to provide the BetterRewards service you subscribed to
- Legitimate interests: Analytics and service improvement, fraud prevention, Chip conversation analysis for product improvement
- Consent: Location data, push notifications, Plaid financial account linking
To exercise your rights, contact us at support@betterrewards.co.
8. Children’s Privacy
BetterRewards is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. All users must confirm they are 18 or older during account creation. If we learn that we have collected data from a child under 18, we will delete that data promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@betterrewards.co.
9. Third-Party Links
The App and Site may contain links to third-party websites, including credit card issuer sites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any third-party site you visit.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this page and, where appropriate, providing notice within the App. Your continued use of BetterRewards after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us at:
Email: support@betterrewards.co
Website: betterrewards.co
This privacy policy is provided for informational purposes. We recommend having it reviewed by a qualified legal professional before publication.