A plain-English summary first, then the full legal version. We try not to hide things in fine print.
We collect your phone number, the cards you've added (the model — never the number), your favorited brands, and which lounges you've visited. We never read your bank statements, never collect transaction data, never sell anything to anyone. The app works offline once your cards are added. Delete your account anytime — we erase everything within 24 hours.
Card Perks is operated by Appslio Labs LLP, registered in Jaipur, Rajasthan, India. References to “we,” “us,” and “our” mean Appslio Labs LLP. References to “the app” or “the service” mean Card Perks for iOS, Android, and the website at cardperks.co.in.
Our registered address is K812, Siddha Aangan, Ajmer Road, Bagru Khurd, Jaipur-302026, Rajasthan, India. Our Data Protection Officer can be reached at privacy@appslio.com.
We try to collect the absolute minimum needed to make Card Perks useful. The full list of categories:
| Category | What & why |
|---|---|
| Phone number | Used as your account identifier. Verified by OTP. We do not link it to identity databases. |
| Cards you've added | Card model only (e.g. "HDFC Diners Club Black"). We never collect, request, or store actual card numbers, CVVs, expiry, or PINs. |
| Favorites & visits | Brands and lounges you've favorited, plus a manual visit-counter you tap when you use a lounge. |
| Device data | Model, OS version, app version, language, time zone — for crash debugging and feature compatibility. |
| Notifications token | Apple/Google push token if you opt into alerts. Stored separately from your other data. |
| Diagnostics | Anonymous crash reports via Firebase Crashlytics. No personal data attached. Can be turned off in Settings. |
What we do NOT collect:
We process your personal data for the following purposes, each with a corresponding legal basis under the DPDP Act 2023 and (where applicable) the GDPR:
We do not sell, rent, or trade your personal data to anyone. Ever. We do not run targeted advertising and do not share your data with advertisers, brokers, or aggregators.
The only third parties that touch your data are infrastructure vendors strictly necessary to operate the app:
Each is bound by a Data Processing Agreement that prohibits use of your data for any purpose beyond serving Card Perks. None of them have access to identify you across services.
We keep your data only as long as your account is active. If you delete your account, all personal data is erased from production systems within 24 hours and from backups within 30 days. Anonymous, aggregated metrics (e.g. "1.2M users opened the lounge tab last quarter") may be retained indefinitely as they cannot be traced to you.
Where Indian law (DPDP, RBI, IT Act) requires retention for fraud prevention or tax records, we keep the minimum necessary fields for the legally required period — typically 7 years for financial transaction records related to our payment processing, none of which relate to your card spending.
Under the DPDP Act 2023 and applicable global laws, you have the following rights, exercisable from Settings → Privacy in the app or by emailing privacy@appslio.com:
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Production database access is limited to two engineers and audited monthly. We undergo independent third-party penetration testing twice a year.
If we ever suffer a personal-data breach, we will notify affected users within 72 hours and the Data Protection Board of India per DPDP Act Section 8(6).
The Card Perks website (cardperks.co.in) does not use any analytics, tracking cookies, or third-party scripts. The mobile app does not use cookies.
Card Perks is not directed at people under 18 years of age. We do not knowingly collect data from minors. If you believe a child has provided us data, contact privacy@appslio.com and we will erase it within 24 hours.
We may update this policy when we add features or to reflect legal changes. The “Last updated” date at the top will change, and any material change is announced in the app at least 14 days before it takes effect.
For any privacy question, complaint, or rights request:
We acknowledge every grievance within 72 hours and resolve it within 30 days as required by law. If unresolved, you may approach the Data Protection Board of India at dpb.gov.in.
This policy is published in English. Where any translated version conflicts with the English version, the English version controls.