Privacy Policy
BackPRIVACY POLICY
Last Updated: June 24, 2026
Thank you for using Cardonomics. Subscribe, Inc. ("Company," "Cardonomics," "us," "we," or "our") recognizes that your privacy is important. We have adopted this Privacy Policy to further the relationship between us and our users.
This Privacy Policy (the "Policy") discloses the privacy practices for the Cardonomics website, our mobile applications for iOS and Android (the "Apps"), and any social media pages operated by the Company (collectively with the website and Apps, the "Site"), as well as related products and services we may offer to you (collectively, the "Services"). This Policy also covers how personal and other information that we receive or collect about you is treated, whether you access the Services through our website or through the Apps. Please read the information below to learn the following regarding your use of the Services.
We reserve the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account and/or by placing a prominent notice on our website or within the Apps. Your continued use of the Services after such modifications will constitute your: (a) acknowledgment of the modified Policy and (b) your agreement to abide and be bound by that Policy.
If you have any questions about this Policy, please feel free to contact us at: hello@cardonomics.com.
IMPORTANT: BY USING THE SERVICES, INCLUDING OUR WEBSITE AND APPS, YOU GIVE YOUR CONSENT THAT ALL PERSONAL DATA THAT YOU SUBMIT MAY BE PROCESSED BY US IN THE MANNER AND FOR THE PURPOSES DESCRIBED BELOW. IF YOU DO NOT AGREE TO THE TERMS OF THIS POLICY, DO NOT USE THE SERVICES.
1. Types of Information We Collect
We collect two broad categories of information about our users: Personally Identifiable Information ("PII") and Aggregate Information.
Personally Identifiable Information (PII)
This refers to information that lets us know the specifics of who you are. When you engage in certain activities on the Services — such as registering for an account, using the Services, submitting or posting content, or sending us feedback — we may ask you to provide certain information about yourself.
The personal information that we may collect includes your full name, email address, a username, travel points and travel credit information, travel elite status information, travel award information, travel goals, past and future travel plans, social media links, and other information that we request during the account registration process.
In addition, if you communicate with us regarding the Services, we collect any information that you provide to us during the course of our communication.
Wallet, Travel, and Financial-Adjacent Information
When you use features such as "My Wallet," "Travel Goals," "Travel Plans," "Trip Reports," and "Write a Trip Report," you may enter information about the credit cards you hold (such as the card product, account open dates, and points or rewards balances), as well as your travel plans and related preferences. We treat this as sensitive, financial-adjacent information. We do not collect or store full credit card numbers, card verification codes, login credentials for your financial accounts, or other payment card details. The wallet information we collect describes which products you hold and your associated rewards activity — not the underlying account credentials.
User Content (Including Images You Upload)
When you add a profile photo, a cover image, or images to your travel goals or trip reports, you select those images using your device's operating system file picker. The Apps do not access your device's camera or photo library directly. The images you choose to upload, along with other content you create or post, are stored on our servers and on a third-party content delivery network, and are treated as content you have provided to us ("User Content").
Information from Third-Party Sign-In Providers
You may choose to create or access your account using a third-party sign-in provider offered by your mobile platform or account provider. When you do, we receive limited profile information from that provider, which may include your name, email address, and profile picture, in accordance with that provider's terms and the settings you have established with that provider.
Device and Mobile Information
When you use the Apps, we may collect device-related information, including your device model, operating system version, and the version of the App you are using. If you enable push notifications, we also collect and store a device push token so that we can deliver notifications to your device (see Section 4).
Aggregate Information (Non-Personal Information)
This refers to information that does not by itself identify a specific individual. We gather certain information based upon where you visit on our Services and what other sites may have directed you to us. This information is compiled and analyzed on both a personal and an aggregated basis. The non-personal information that we may collect includes your browser type, the URL of the previous website you visited, your internet service provider, operating system, your internet protocol (IP) address, click patterns, and the dates and times that the Services are accessed by you. This non-personal information is not used by us to personally identify you and is not readily usable for that purpose. We may engage third parties to help us manage, monitor, and optimize the Services and measure the effectiveness of our communications and your use of the Services, and we may use web beacons and cookies (described below) for this purpose.
2. How We Collect and Use Information
We do not collect any PII about you unless you voluntarily provide it to us. However, you may be required to provide certain PII when you elect to use certain features of the Services. These may include:
- registering for an account and/or creating or updating your profile;
- signing up for special offers from selected third parties;
- sending us an email or other electronic message;
- submitting a form or transmitting other information by telephone, letter, or email; or
- using the "My Wallet," "Travel Goals," "Travel Plans," "Trip Reports," and "Write a Trip Report" features or other similar features.
We will primarily use your PII to provide product or service offerings to you. We will also use certain forms of PII to enhance the operation of the Services, support our promotional efforts and internal marketing, statistically analyze use of the Services, improve our product and service offerings, and customize our content, layout, and services. We may use PII to deliver information to you and to contact you regarding administrative notices. Finally, we may use your PII to resolve disputes, troubleshoot problems, detect and prevent fraud and abuse, and enforce our agreements with you, including this Privacy Policy.
We, and our third-party partners, may also collect certain Aggregate Information. For example, we may use your IP address to diagnose problems with our servers and software, to administer the Services, and to gather demographic information.
You should be aware that when PII is voluntarily disclosed (i.e., your name, email address, etc.) in the public areas of the Services, that information, along with any information disclosed in your communication, can be collected and used by third parties and may result in unsolicited messages from third parties. Such activities are beyond our control and this Policy does not apply to such information.
3. Third-Party Services and Service Providers
To operate, secure, and improve the Services, we use a number of third-party service providers and software development kits (SDKs). These providers process certain information on our behalf as described below. We require these providers to protect your information in a manner consistent with this Policy and to use it only to provide services to us.
- Crash reporting and performance monitoring. We use a third-party crash reporting and performance monitoring provider to detect, diagnose, and fix errors and to improve the stability and performance of the Services. This provider may capture diagnostic information and recordings of user sessions, which can include your IP address and your interactions with the interface. Text you enter into form fields is masked and is not captured by these session recordings.
- Push notification delivery. If you enable push notifications, we use a third-party push notification provider to deliver notifications to your device, using the device information and push token described in Section 4.
- Search. We use a third-party search provider to power search functionality. The search queries you submit are processed by this provider to return results to you.
- Creator payouts. Creators who receive payouts are onboarded through a third-party payment processor. We share only the creator's email address with that processor, and we store only a payment-account reference identifier together with payout amounts and statuses. Your banking, tax, and identity information is entered directly on the payment processor's own hosted pages and is collected and stored by that processor under its own privacy policy; it does not pass through or reside on Cardonomics servers. Please review the payment processor's privacy policy for information about how it handles that data.
- Hosting and content delivery. We use third-party hosting and content delivery providers to host the Services and to store and deliver content, including images you upload.
The use of your information by our service providers is governed in part by the respective privacy policies of those providers. Except as otherwise discussed in this Policy, this document addresses only the use and disclosure of information we collect from you.
4. Mobile App Features and Device Permissions
The Apps include certain features that rely on your device. You control whether to enable these features.
Push Notifications
If you enable push notifications, we (through a third-party push notification provider) collect and store a device push token together with your device model, operating system version, and App version, so that we can deliver notifications to your device. You can disable push notifications at any time through your device settings.
Biometric Login (Face/Fingerprint)
If you enable biometric login (such as facial recognition or fingerprint unlock), authentication is handled by your device's operating system. The associated authentication token is stored only on your device. Your biometric data — such as your face or fingerprint — is never collected by, transmitted to, or stored on our servers.
Images and File Access
As described in Section 1, when you upload images, you select them using your device's operating system file picker. The Apps do not access your device's camera or photo library directly. The images you choose to upload are stored on our servers and content delivery network.
5. Cookies and Similar Technologies
Depending on how you use the Services, we will store cookies and use similar technologies on your device in order to collect certain aggregate data about our users and to customize certain aspects of your experience. A cookie is a small data text file stored on your device that uniquely identifies your browser. Cookies may also include more personalized information, such as your IP address, browser type, the server your device is logged onto, the area code and zip code associated with your server, and your first name to welcome you back. We may use cookies and similar technologies to perform tasks such as monitoring aggregate usage metrics, storing and remembering your passwords (if you allow us to do so), storing account and advertising preferences that you have set, and personalizing the services we make available to you. We do not use cookies to track your browsing behavior across unaffiliated third-party websites.
We may use a third-party advertising partner to display advertisements within the Services. As part of their service, they may place a separate cookie on your device. We will not provide third-party advertising partners with your PII. We and our third-party advertising partners may collect and use Aggregate Information about you, such as your IP address, browser type, the server your device is logged onto, the area code and zip code associated with your server, and whether you responded to a particular advertisement. When you click on any third-party advertisement, that third party may collect information about you, such as your online activities over time and across different websites or online services, under its own privacy policy.
Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. You can also manage certain tracking and notification permissions through your mobile device settings. However, some aspects of the Services may not function properly if you elect to disable cookies or certain permissions.
6. Affiliate and Card-Offer Programs
A core part of how we offer and monetize credit card and travel content is through affiliate and card-offer programs operated by third-party affiliate and advertising networks.
When you click certain outbound links to credit card offers or other offers, identifiers — such as a click identifier and a creator or influencer identifier — are passed to the relevant network so that it can attribute the click and report resulting conversions or sales back to us. The information shared in this process consists of click-level identifiers, not your account profile, name, or contact information. We use the conversion information these networks report back to us to measure performance, compensate creators, and improve our offerings.
These networks operate under their own privacy policies, which govern their collection and use of information once you click an outbound offer link. You can limit certain tracking through your device settings and browser cookie controls as described in Section 5.
7. Do Not Track
We do not monitor, recognize, or respond to general web browser "Do Not Track" settings or signals. We do, however, honor the choices you make through your device's operating system settings, including settings for push notifications and tracking permissions, where applicable. We do not authorize third parties to collect personally identifiable information about individuals who visit the Services without separate consent.
8. How We Share Information
We will not sell, trade, or rent your PII to others. We do provide some of our product and service offerings through contractual arrangements made with affiliates, service providers, partners, and other third parties ("Service Partners"). We and our Service Partners may need to use some PII in order to perform tasks between our respective services or to deliver products or services to you. For example, we must provide certain information to third parties that help us provide customer service, and we may share information with our Service Partners to facilitate the Services, including where relevant to help with transactions.
The categories of recipients with whom we may share information include:
- Service providers that operate the Services on our behalf, as described in Section 3, including providers of hosting and content delivery, crash reporting and performance monitoring, push notification delivery, search, and creator payouts.
- Affiliate and advertising networks, as described in Section 6, which receive click-level identifiers and report conversions back to us.
- Third-party sign-in providers and social media platforms, where you choose to connect your account or share content.
- Law enforcement, regulators, or judicial authorities, where required as described below.
- Successors in interest, in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case information may be transferred as a business asset (and remains subject to this Policy until it is updated).
The use of your PII by our Service Partners is governed by the respective privacy policies of those providers and is not subject to our control. If you elect to share your PII with third-party social media platforms, the PII you share will be governed by the privacy policies and settings of those platforms. Other websites and platforms accessible through the Services have their own privacy practices; please consult each one. We are not responsible for the policies or practices of third parties.
Occasionally, we may be required by law enforcement or judicial authorities to provide PII to the appropriate governmental authorities. In such cases, we will disclose PII upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
We may also provide Aggregate Information about our users' activity, traffic patterns, and related information to third parties, but this information does not include any Personally Identifiable Information.
9. Data Retention and Deletion
We retain your personal information for as long as your account remains active and for as long as needed to provide you the Services. When your information is no longer needed for these purposes, we retain it only as necessary to comply with our legal, tax, accounting, and regulatory obligations, to resolve disputes, to detect and prevent fraud and abuse, and to enforce our agreements.
Deleting your account in the App. You can delete your Cardonomics account directly within the Apps at any time:
Open your Profile → scroll to the bottom to the "Danger Zone" → tap "Delete My Account."
Requesting deletion online. You may also request deletion of your account and associated personal information by emailing us at hello@cardonomics.com (or by using the account-deletion page linked from our website). Please include the full name and email address associated with your account so we can verify your request.
What is deleted. When you delete your account, we delete or de-identify the personal information associated with it, including your profile, wallet entries, travel goals and plans, trip reports, and the images you uploaded.
What we may retain. We may retain limited information after deletion where we are required or permitted to do so — for example, records needed to comply with legal, tax, or accounting obligations, to resolve disputes, to detect or prevent fraud, or as retained in routine system backups. Residual copies may persist in backups for a limited period before being overwritten. We retain such information only as long as reasonably necessary for these purposes.
Revoking consent. You may revoke your consent to our processing of your personal information at any time by deleting your account as described above. You may also adjust specific permissions — such as push notifications, tracking, and cookies — through your device and browser settings.
10. Updating and Correcting Information
We believe you should have the ability to access and edit the PII that you have provided to us. You may change your PII in your account at any time by accessing your account in the App or on our website. You may also access and correct your personal information and privacy preferences by emailing us at hello@cardonomics.com.
We encourage you to promptly update your PII if it changes. You may also ask to have the information on your account deleted or removed as described in Section 9; however, some information, such as records we are required to retain or residual copies in backups, may not be immediately or completely deleted. Please include your full name and email address when you contact us.
11. Your Choices on Collection and Use of Information
We may, from time to time, send you emails regarding new products and services that we feel may interest you. In addition, if you indicated upon registration that you are interested in receiving offers or information from us and our partners, we may occasionally send you direct mail or emails about products and services that may be of interest to you. Only the Company (or agents working on behalf of the Company and under confidentiality agreements) will send you these solicitations, and only if you have previously indicated that you wish to receive them. If you do not want to receive solicitations from us, you can "opt out" by editing your account information to no longer receive such offers.
You also have choices with respect to cookies, push notifications, and tracking, as described above. By modifying your browser and device settings, you can choose to accept all cookies, be notified when a cookie is set, reject cookies, or disable notifications and tracking permissions. If you reject all cookies or disable certain permissions, some parts of the Services may not work properly.
12. Security of Your Information
We have implemented reasonable measures designed to secure your personal information from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. For example:
- The transmission of personal information submitted through the Services is encrypted in order to prevent unauthorized parties from viewing such information when it is transmitted to us. We retain and use collected information only as described in Section 9 ("Data Retention and Deletion") and to comply with applicable legal or regulatory requirements.
- We limit access to PII to specific employees, contractors, and agents who have a reasonable need to come into contact with your information — for example, members of our technical support team who require limited access to your account to troubleshoot problems. The secure servers that host the PII are protected by industry-standard encryption and reside behind firewalls.
- Access to certain parts of the Services is available through a password and unique customer ID selected by you. Your password is stored in hashed form. We recommend that you do not divulge your password to anyone, and we urge you to be careful about giving out information in any public forum.
Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your PII, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through the Services cannot be guaranteed. Consequently, the Company shall not be liable for unauthorized disclosures of personal information due to no fault of the Company, including, but not limited to, errors in transmission and unauthorized acts of third parties.
In the event of a data security breach in which unauthorized parties acquire data that compromises the security, confidentiality, or integrity of the PII we maintain, we will notify you in accordance with applicable law, including by sending a notice to the email address you provided to us.
13. Age Requirement to Use the Services
You must be at least 18 years old to have our permission to use the Services. Our policy is that we do not knowingly collect, use, or disclose PII about minors. If we learn that we have collected personal information from a person under the applicable age of majority, we will take steps to delete that information.
14. Links to Other Websites and Social Media
The Services may provide links to other websites that may be operated by us or by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. This Policy only addresses the use and disclosure of information we collect from you and does not apply to information collected by a third party. Other websites accessible through the Services have their own privacy policies and data practices.
When visiting our social media pages, this Policy will apply only to the use and disclosure of information we collect from you through our operation of those pages. Any information collected by the social media platform itself is governed by that platform's own privacy policy. Please review each website's and social media platform's privacy policy and make your own conclusions regarding the adequacy of its practices. We are not responsible for the policies or practices of third parties.
15. Changes to This Policy
We reserve the right to change this Privacy Policy from time to time. When we make material changes, we will notify you by email to the address on your account and/or by posting a prominent notice on our website or within the Apps, and we will update the "Last Updated" date above. Your continued use of the Services after the effective date of any change constitutes your acceptance of the revised Policy.
16. Contact Us
If you have any questions, concerns, or inquiries about this Privacy Policy, our use of your PII, or our privacy practices, please email us at hello@cardonomics.com.

