ReloadCard

Privacy Policy

Last updated: April 5, 2026

This Privacy Policy describes how ReloadCard ("we", "us", "our") collects, uses, and shares your personal information when you use our platform.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, name, phone number, date of birth
  • Merchant information: Business name, address, contact details, Shopify store domain
  • Identity verification: Government-issued ID, address verification (for enhanced KYC levels)
  • Communications: Messages you send to us or other users via the gift card sending feature

1.2 Information Collected Automatically

  • Transaction data: Card loads, reloads, transfers, redemptions, amounts, timestamps
  • Device information: IP address, browser type, operating system
  • Usage data: Pages visited, features used, search queries
  • Location data: Approximate location (if you enable nearby store discovery)

1.3 Information from Third Parties

  • Stripe: Payment processing status, account verification status
  • Shopify: Store information, gift card balances (for Shopify-integrated merchants)
  • Identity verification providers: Verification results (for enhanced KYC)

2. How We Use Your Information

  • Provide the Service: Process transactions, manage accounts, facilitate transfers
  • Security and fraud prevention: Detect and prevent fraudulent activity, enforce transaction limits
  • Legal compliance: Comply with anti-money laundering (AML) regulations, respond to legal requests
  • Communication: Send transaction confirmations, security alerts, service updates
  • Improvement: Analyze usage patterns to improve the Service

3. How We Share Your Information

We do not sell your personal information. We share information only as follows:

  • Stripe, Inc.: Payment processing and merchant account management
  • Shopify: Gift card synchronization for Shopify-integrated merchants
  • Merchants: Transaction information related to your purchases at their store (email, transaction amounts)
  • Identity verification providers: For KYC verification when you request enhanced account features
  • Law enforcement: When required by law, subpoena, or court order
  • Service providers: Email delivery (Resend), hosting (Vercel), database (Supabase) — all under data processing agreements

4. Data Retention

  • Account data: Retained for the life of your account plus 7 years after closure (for legal/tax compliance)
  • Transaction records: Retained for 7 years (financial regulation requirement)
  • Identity verification data: Retained for 5 years after verification
  • Session data: Expires after 7 days

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of non-essential communications

To exercise these rights, contact privacy@reloadcard.app.

6. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • Signed session cookies (iron-session) — no plain-text authentication
  • API key hashing (SHA-256) — raw keys never stored
  • Rate limiting on all endpoints
  • Row-level security on database tables
  • Regular security audits

7. Cookies

We use only essential cookies required for the Service to function:

  • consumer_session: Encrypted authentication session (7-day expiry)
  • merchant_session: Encrypted authentication session (7-day expiry)

We do not use advertising or tracking cookies.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

For privacy-related inquiries:

Privacy Policy | Terms of Service | Merchant Documentation