Privacy Policy

Last Updated: March 3, 2026

Your privacy is important to us. Fenrir Ledger is a credit card rewards tracker that is designed to keep your data under your control. This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Who We Are

Fenrir Ledger is a source-available web application for tracking credit card signup bonuses, annual fees, and reward milestones. The service is operated by Declan Shanaghy (“we”, “us”, “our”). You can reach us at privacy@fenrirledger.com.

2. Information We Collect

Information You Provide

• Account information: When you sign in with Google, we receive your name, email address, and profile picture from Google’s OAuth service. We use this solely to authenticate you.
• Card and financial tracking data: Credit card names, issuers, annual fees, bonus targets, and related data you enter into the application. This data is stored locally in your browser (localStorage) and is not transmitted to our servers.

Information Collected Automatically

• Analytics data: We use analytics services to understand how the application is used. This may include pages visited, features used, browser type, device type, approximate location (country/region derived from IP address), and referral source. We do not use analytics to identify you personally.
• Server logs: Our hosting provider (Vercel) may collect standard server logs including IP addresses, request timestamps, and HTTP headers. These are retained per Vercel’s data retention policies.

Information from Third Parties

• Google OAuth: Name, email address, and profile picture when you sign in.
• Google Sheets / Drive: If you use the import feature, we access spreadsheet data you explicitly select via Google Picker. We read the data to extract card information and do not store your Google Drive files.

3. How We Use Your Information

• Authenticate you and maintain your session
• Import card data from spreadsheets you select
• Improve the application based on aggregate usage patterns
• Diagnose technical issues via server logs

4. Analytics and Opting Out

We use analytics to understand aggregate usage patterns — for example, which features are used most and where users encounter issues. Analytics data is collected in a way that does not personally identify you.

You may opt out of analytics tracking at any time via the Settings page in the application. When you opt out, no analytics data will be collected from your browser. You can also use browser extensions such as ad blockers or privacy tools to block analytics scripts.

5. Data Storage and Security

• Card data is stored in your browser’s localStorage. It never leaves your device unless you explicitly use the import/export features.
• Authentication tokens are stored as secure, HTTP-only cookies or in-memory and are not accessible to JavaScript.
• We use HTTPS for all data transmission.
• We do not maintain a database of your card or financial data on our servers.

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

• Service providers: Vercel (hosting), Google (authentication, Sheets API), and Anthropic (LLM-based data extraction during import). These providers receive only the minimum data necessary to perform their function.
• Legal requirements: If required by law, subpoena, or court order.
• Safety: To protect the rights, safety, or property of our users or the public.

7. Data Retention

• localStorage data: Persists until you clear it or uninstall the application. We have no access to it.
• Authentication sessions: Expire based on token lifetime (typically hours to days).
• Server logs: Retained per our hosting provider’s policies (typically 30 days).
• Analytics data: Retained in aggregate form. No personally identifiable information is stored.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction or deletion of your personal information
• Opt out of analytics tracking (see Section 4)
• Withdraw consent for data processing
• Lodge a complaint with a data protection authority

Since your card data is stored locally in your browser, you have full control over it at all times. You can delete it by clearing your browser’s localStorage for this site.

To exercise any other rights, contact us at privacy@fenrirledger.com.

9. Children’s Privacy

Fenrir Ledger is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date above. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@fenrirledger.com.