Privacy Policy

1. Introduction

Arclist ("Service") is operated by an individual developer ("Operator", "we", "us"). This Privacy Policy explains how we collect, use, and protect your personal information.

2. Information We Collect

We collect the following information when you use our Service:

• Name — to personalize your account
• Email address — for account authentication and communication
• Card identifier (optional) — we do not require or store actual card numbers. To help you distinguish multiple cards of the same type, you may enter a nickname or any arbitrary characters (e.g., "1", "2", or "My Card"). This field is entirely optional and has no connection to your real card number
• Spending data — categories and amounts you voluntarily enter
• Feedback messages — submitted through the Contact page, stored with your name and email for follow-up

We do not collect or store full credit card numbers, CVVs, or other sensitive financial credentials.

3. How We Use Your Information

Your information is used to:

• Provide and maintain the Service
• Authenticate your account
• Send transactional emails (e.g., password reset)
• Analyze spending patterns and provide card recommendations
• Respond to your feedback and support inquiries
• Improve the Service

4. Third-Party Services

We use the following third-party services to operate Arclist:

• Google Cloud Platform — hosting and database infrastructure
• OpenAI — used solely for merchant category classification (e.g., mapping "Starbucks" to "dining"). Only the merchant name you search is sent to OpenAI; no personal information, card details, or account data is shared
• Anthropic (Claude) — used for parsing uploaded card statements (PDF/CSV) to extract and categorize transactions. Only the statement file content you upload is sent; no account credentials or other personal data is shared
• Resend — transactional email delivery (e.g., password reset and feedback notification emails)

These services may process your data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function. Card recommendations, scoring, and all personal data processing are performed entirely on our own servers.

5. Data Storage and Security

Your data is stored on Google Cloud Platform servers. We use industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and secure secret management to protect your information.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us.

7. Cookies

We use essential cookies and local storage for authentication purposes (JWT tokens). We do not use tracking cookies or third-party advertising cookies.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data

9. Children's Privacy

The Service is not intended for users under the age of 18. By using the Service, you represent that you are at least 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the Service or via email.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, please contact us at hello@arclistcard.com.