Privacy Policy

Last updated: May 8, 2026

Benefit Guardian ("we", "our", "the app") helps users discover potentially unclaimed benefits from credit cards, memberships, and government programs. This policy explains what we collect, what we don't, and how we protect your data.

What we collect

• Email address — for account creation and login
• Zip code, state — to match you with local government programs
• Household income bracket — to estimate eligibility for income-based programs (optional)
• Credit card names — which cards you have (NOT card numbers, NOT account details)
• Service/membership names — which subscriptions you pay for

What we do NOT collect

• Credit card numbers, CVVs, or expiration dates
• Bank account information
• Social Security numbers
• Passwords are handled by Supabase Auth and are never stored in plaintext

How we use your data

• To analyze which benefits you may be entitled to
• To detect overlaps where you may be paying for something already covered
• To recommend cards and programs that could save you money
• We do NOT sell your data to third parties
• We do NOT use your data for advertising

Third-party services

• Supabase — authentication and database (encrypted at rest and in transit)
• Google OAuth — optional sign-in method (we receive your email only)
• AI provider (Google Gemini or OpenAI) — analyzes your benefits (receives card/service names, not personal info)
• Sentry — error monitoring. When the app encounters an error, Sentry receives a stack trace, user agent, and URL. Per our configuration, Sentry does not receive personally identifiable information such as email, IP address, or cookies (sendDefaultPii: false). Sentry processes data on US servers.

Data storage & security

• All data is stored on Supabase (hosted on AWS) with encryption
• Communication is encrypted via HTTPS/TLS
• Your benefit data is isolated to your account

Your rights

You may request to access, correct, or delete your data at any time by emailing support@benefitguardian.org. We will respond within 30 days.

Data retention

We retain account data for as long as your account is active. If you delete your account or request deletion, we remove personal information within 30 days. Anonymized aggregate analytics may be retained longer to improve the service. Sentry error data is retained per Sentry's default retention (90 days for error events).

California resident rights (CCPA)

California residents have the right to: (1) know what personal information we collect, use, and share; (2) request deletion of personal information; (3) opt out of sale of personal information (we do not sell personal information, but you may exercise this right); (4) non-discrimination for exercising privacy rights. Submit requests to support@benefitguardian.org. We will respond within 45 days.

Children's data

Benefit Guardian is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it. Parents who believe their child has provided information may contact support@benefitguardian.org.

Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date.

Contact us

Questions about this policy or your data? Email us at support@benefitguardian.org.