Privacy Policy
Card Wallet : NFC & Digital ("Card Wallet", "the app", "we", "us", or "our") is a digital card wallet for Android, published by Card Wallet Labs. This Privacy Policy explains what information the app handles, how it is handled, and the choices you have. We built Card Wallet to be private by design: your cards are stored encrypted on your device and are never transmitted to or stored on our servers.
The short version: Your card data stays on your phone. We can't see it, we don't upload it, and we never sell it. The only information we receive is anonymous, aggregated usage and crash data that helps us improve the app.
1. Information stored on your device
When you add a card, the following may be stored locally on your device only:
- Card details you enter or scan, such as the card number (PAN), cardholder name, expiry date, card type, and a label or color you choose.
- Your in-app preferences and settings, such as your default card and display options.
This information is encrypted on your device using a key held in the Android Keystore (AES-GCM) and is protected behind your device's biometric or screen-lock authentication. It is not sent to Card Wallet Labs, and we have no ability to access it. If you uninstall the app, this data is deleted with it.
What we never store
For your security, and in line with payment-industry practice, Card Wallet never stores sensitive authentication data — including your card's CVV/CVC security code, PIN, or full magnetic-stripe data. Full card numbers are shown only after you pass biometric authentication and are masked (for example, •••• 4242) everywhere else.
2. Information we receive
Card Wallet works without an account and without an internet connection for its core features. We receive only limited, non-card information to operate and improve the app:
- Usage and analytics data. We use Google Firebase Analytics to understand how the app is used in aggregate — for example, which screens are opened and whether onboarding or a purchase was completed. This data is anonymous and aggregated and never includes your card details.
- Crash and diagnostic data. If the app crashes, we may receive a diagnostic report (such as the error and device model) to help us fix problems.
- Purchase data. If you buy a subscription, the transaction is processed by Google Play. We receive a purchase token and subscription status from Google to unlock features. We never receive your payment-card number or billing details — Google handles payment.
3. How information is used
We use the limited information we receive to:
- Operate, maintain, and improve the app and its features.
- Understand aggregate usage trends and diagnose technical problems.
- Provide and validate subscriptions and purchases.
- Detect, prevent, and address fraud, abuse, or security issues.
- Comply with legal obligations.
We do not sell your personal information, and we do not use your card data for advertising.
4. Device permissions
Card Wallet requests permissions only to provide specific features. You can grant or deny them, and you can change them at any time in your device settings:
- Camera — to scan a physical card when you add it. Images are processed on your device and are not uploaded.
- NFC — to enable contactless tap-to-pay and to read supported cards.
- Biometric / device credentials — to lock the app and protect access to full card details.
5. Third-party services
We rely on a small number of trusted service providers to run the app. Each processes data under its own privacy policy:
- Google Firebase (analytics and crash reporting) — Firebase privacy.
- Google Play Billing (subscription payments) — Google privacy.
6. Data sharing and disclosure
We do not sell, rent, or trade your information. We may disclose limited information only where required to comply with applicable law, a valid legal process, or to protect the rights, safety, and security of our users and the app. Because your card data is stored only on your device and not on our servers, we are technically unable to disclose it.
7. Data retention and deletion
Card data and settings remain on your device until you delete a card or uninstall the app. Uninstalling Card Wallet removes all locally stored card data from your device.
Anonymous analytics and crash data are retained by our service providers for limited periods in line with their policies. To request deletion of any data associated with you, or to ask a question about your data, contact us at dev@cardwalletlabs.com and we will respond within a reasonable time.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict the processing of your personal information, and to object to certain processing. Because your cards live only on your device, you can exercise most of these rights directly within the app. For anything we hold, contact us at the address below.
9. Children's privacy
Card Wallet is not directed to children and is not intended for use by anyone under the age of 16 (or the minimum age required in your country). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps.
10. International users
Card Wallet is available in multiple countries. Where the limited analytics and purchase data described above is processed, it may be handled on servers operated by our service providers in other countries. We rely on those providers' safeguards for any such transfers.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide notice within the app. Continued use of the app after changes take effect means you accept the updated policy.
12. Contact us
If you have questions about this Privacy Policy or how your data is handled, contact:
Card Wallet Labs
Email: dev@cardwalletlabs.com
Website: cardwalletlabs.com