Privacy Policy
Last updated: April 10, 2026
1. Introduction
Cardbay ("we", "our", or "us") operates the website cardbay.co and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By using Cardbay, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect the following types of information:
- Account Information: When you create an account, we collect your name, email address, and authentication credentials (or third-party OAuth tokens if you sign in with Google).
- Usage Data: We automatically collect information about how you interact with our Service, including pages visited, brands searched, and alerts configured.
- Device Information: We collect browser type, operating system, IP address, and device identifiers for security and analytics purposes.
- Cookies & Similar Technologies: We use cookies and local storage as described in our Cookie Policy section below.
3. Cookie Policy
We use cookies to operate and improve our Service. Cookies are small data files stored on your device by your browser. Below is a complete list of the cookies we use:
Strictly Necessary Cookies
These cookies are essential for the Service to function. They do not require consent and cannot be disabled.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| savely_cookie_consent | Cardbay | Stores your cookie consent preference | 13 months |
| session | Cardbay | Maintains your logged-in session | Session |
Analytics Cookies (Require Consent in Applicable Jurisdictions)
These cookies help us understand how visitors interact with our Service so we can improve it. In the EU/EEA, UK, Switzerland, and Brazil, these cookies are only loaded after you give consent. We do not use any advertising or targeting cookies.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics | Maintains session state | 2 years |
| _clck | Microsoft Clarity | Stores a unique user ID for session replay | 1 year |
| _clsk | Microsoft Clarity | Connects page views into a single session | 1 day |
| CLID | Microsoft Clarity | Identifies returning users across sessions | 1 year |
Local Storage
We use browser local storage (not cookies) for the following functional purposes:
| Key | Purpose |
|---|---|
| savely_recent_searches | Stores your recent search queries for convenience (stays on your device, never sent to our servers) |
Managing Cookies: If you are in a jurisdiction that requires consent (EU/EEA, UK, Switzerland, Brazil), you will see a cookie consent banner when you first visit. You can change your preference at any time by clearing your browser cookies and revisiting the site. You can also configure your browser to block or delete cookies.
4. How We Use Your Information
- To provide, maintain, and improve our Service
- To send you price alert notifications you have opted into
- To authenticate your identity and secure your account
- To communicate with you about service updates or support inquiries
- To analyze usage patterns and improve user experience (via analytics cookies, where consent is given)
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
5. Legal Basis for Processing (EEA/UK Users)
If you are in the European Economic Area or the United Kingdom, we process your personal data based on:
- Consent: For analytics cookies (Google Analytics, Microsoft Clarity). You may withdraw consent at any time.
- Contractual Necessity: To provide our Service when you create an account or use features like price alerts.
- Legitimate Interest: For essential security measures, fraud prevention, and service improvement.
- Legal Obligation: To comply with applicable laws and regulations.
6. Information Sharing
We do not sell your personal information. We may share your information only in the following circumstances:
- Analytics Providers: Google (Google Analytics 4) and Microsoft (Clarity) receive anonymized usage data to help us improve our Service. See their privacy policies: Google, Microsoft.
- Service Providers: With trusted third parties who help us operate our services (e.g., hosting, email delivery), bound by confidentiality agreements.
- Legal Requirements: When required by law, regulation, or legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. Where required by law, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data when it is transferred internationally.
8. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure password hashing, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. Analytics data is retained in anonymized/aggregated form. You may request deletion of your account and associated data at any time by contacting us. We will delete your data within 30 days of a verified request, except where retention is required by law.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal information
- Object to or restrict certain processing of your data
- Export your data in a portable format
- Withdraw consent for analytics cookies at any time
- Lodge a complaint with your local data protection authority
For California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to know what personal information we collect and how we use it, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at support@cardbay.co.
For EU/EEA/UK Residents (GDPR)
Under the General Data Protection Regulation, you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You also have the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are described in Section 5 above.
To exercise any of these rights, please contact us at support@cardbay.co.
11. Third-Party Links
Our Service contains links to third-party gift card providers. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before making any purchases.
12. Children's Privacy
Cardbay is not intended for users under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "last updated" date. If changes are significant, we may provide additional notice (such as a banner on our site). Continued use of Cardbay after changes constitutes acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@cardbay.co or visit our Contact page.