What personal data we collect and why we collect it
Our vision at AddUp Rewards is to provide you with free information on credit card reward programs. Our ability to offer you relevant reward program information is based on your agreement to share with us information such as the credit cards you own and the terms on those cards. Only with this information will we be able to match your specific reward programs with the retailers you visit, and thus provide you with retailer-specific reward information.
Our commitment to your privacy also means that we will use your data only to provide our services to you and to improve the services we provide. We will never sell your personal information to anyone. You will never see advertisements on our service that were tailored to you based on the information you provided us.
Credit Card Information
In order for AddUp Rewards to provide you with the services described, users must self-disclose basic information about their credit cards. The information we collect includes, but is not limited to:
- The name of the credit card
- The date that you first got the card
- The specific rewards programs you have selected
- Your membership tier in the issuing organization
Note that all of this information is self disclosed and in no way verified or validated by AddUp Rewards.
Importantly, AddUp Rewards never accesses, collects, or stores any user’s credit card account information such as
- Credit card numbers
- CCV or authorization codes
- Expiration dates
- Account numbers or information
When a user creates an account with AddUp Rewards, we collect and store their name and email address in order to create a unique account and personalize the user experience. This information is never sold or shared, and is stored and transmitted securely. For more information on our data security practices, please see the section How we protect your data.
There are currently two forms available on our website: a contact us form and a form to request that we add support for an additional credit card. Both contact form submissions are maintained for customer service purposes, and we do not use the information submitted gathered thereby for marketing.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Data and Analytics
Who we share your data with
- We will never sell your personal information to anyone.
- We will never share your personal information with advertisers. We only share usage information stripped of any identifying and/or personal information that helps us optimize our marketing campaigns.
AddUp Rewards will store your data entered through the extension using on a secure cloud storage platform. The adduprewards.com website does not store user login information.
When and with whom do we share your personal information?
We may share your personal information with third parties if we receive your explicit consent, or without your approval, only in the following manners and instances:
- Third party service providers – We may share personal information with certain service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, communications and content delivery networks (CDNs), data and cybersecurity services, performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors. Such service providers may have access to personal information according to their particular roles and purposes, and may only use the information for such purposes.
- Law Enforcement, Legal Requests and Duties – Where permitted by local data protection laws, we may disclose your personal information pursuant to a legal request, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
- Protecting Rights and Safety – Where permitted by law, we may share your personal information with others if we believe in good faith that it will help protect the rights, property or personal safety of AddUp Rewards, any of our users, or any member of the general public, with or without notice to you.
When do we share non-personal information?
Information that cannot be traced back to an individual is non-personal information, such as anonymized or aggregated information. We may transfer, share, disclose or otherwise use non-personal information at our sole discretion and without the need for any further approval from you. You accept that we own all the aggregated and anonymized data collected or created by us.
How long we retain your data
We will keep your personal information for as long as your user account is active, in order to allow you to have access to your information and to provide you with our services.
We may continue to retain your personal information even after you deactivate your user account or stop using AddUp Rewards, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests.
When your personal information is no longer required, we will ensure it is securely deleted.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our platform, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on our platform, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Data is not sent to any third party, it will remain stored securely in our database when it has been entered it through the extension.
How we protect your data
All of the data we collect is stored in our secure, password protected database. Any local copies of this data made by our database administration team are immediately sanitized, and sensitive information is securely deleted. Passwords are stored as hashes so that even our database administrators will not be directly exposed to your password. Login via Google and Facebook is performed using their respective login APIs, which in turn leverage the secure OAuth2 standard. Additionally, all of our systems use the SSL/HTTPS protocol to ensure that your data is communicated securely.
How to delete your data
If you wish for us to remove all data associated with your account, simply navigate to the ‘Account’ tab of the extension window, select ‘Delete Account’ from the bottom of the screen, and affirm the confirmation messages that appears.
What data breach procedures we have in place
We protect customer data with the following platform features:
In case of a data breach, system administrators will immediately attempt to identify affected users. We may take preventive action as necessary, including reseting of passwords and/or removal of all personal records (that is, delete your account). When appropriate and possible, we will notify affected users with relevant information and recommendations.
What automated decision making and/or profiling we do with user data
In order to provide you with relevant credit card reward information, AddUp Rewards uses the details you provide on your selected credit cards to display relevant information to you in the extension. This information is tailored to you solely based on the information you provide and is displayed in real time in the AddUp Rewards extension based on the websites you visit using your internet browser.
Your GDPR rights in relation to your personal information
Residents of the European Union have certain rights with respect to their personal information according to the General Data Protection Regulation (GDPR). Since our users’ privacy is very important to us, we grant such GDPR rights to all our users, alongside other rights they may have, regardless of their location.
Your GDPR rights include the following:
- The right to be notified of your personal information
- The right to receive a copy of your personal information
- The right to request the correcting of any inaccurate or incomplete personal information
- The right to request the deletion of all your personal information from our servers (unless there is a legitimate and legal reason for which we are unable to do so, in which case we will inform you of this in writing)
- The right to file a complaint with your local supervisory authority for data protection (but we still recommend that you contact us first)
In order to receive information about your personal information, or exercise any of your GDPR rights, please contact us at firstname.lastname@example.org
Before disclosing the requested personal information, we may ask you for additional information in order to confirm your identity and for security purposes. We will ordinarily not charge you any amount in relation to the exercise of your rights, nevertheless, we reserve the right to charge a fee that reflects that administrative cost where permitted by law (e.g. if your request is unfounded or excessive).
Please note that if you exercise your right to be forgotten, or ask us to stop processing your information, the deletion of your personal information will be irreversible and non-retrievable.
AddUp Rewards is intended for use by adults of at least 18 years of age; Please do not use AddUp Rewards products or provide us with any personal information if you are not an adult. If we discover that we have collected information from a minor, we will remove all such information as quickly as possible. For questions or to report use by a minor, please contact us at email@example.com
Changes to this Policy
This policy will be updated as needed. Any changes to this policy can be identified by a change to the ‘Last Updated’ date listed below.
Last Updated: September 25, 2021