CardIQ Privacy Policy

Welcome to CardIQ, a credit card education and guide application developed by Lexos ("we," "us," or "our"). CardIQ is designed to help users understand credit cards, maximize rewards, and build healthy financial habits through curated, expert-written guides.

This Privacy Policy explains how we handle information in connection with your use of the CardIQ Android application (Package ID: in.lexos.cardiq). By using CardIQ, you agree to the practices described in this Policy.

We believe in radical transparency. Here is the complete list of every data type and whether CardIQ touches it:

CardIQ stores a minimal amount of preference data locally on your device using Android's SharedPreferences system. This data includes:

• Your list of bookmarked/saved articles (stored as article IDs)
• Your selected country filter preference (e.g., India, USA, UK)
• Whether you have seen the onboarding screen

This data never leaves your device. It is not transmitted to any server, cloud service, or third party under any circumstances. Uninstalling the app permanently deletes all locally stored data.

CardIQ's article content is bundled within the app itself — it does not fetch guides or content from any remote server. The app may use the internet only for the following limited and transparent purposes:

• Google Fonts: Loading typography for a better reading experience. No personal data is sent — this is a standard font delivery request identical to loading a webpage.
• Cached Network Images: If any article contains a remote image, it may be fetched over the internet. No user identification is associated with these requests.
• In-App Update Check: Checking for app updates via Google Play's update API. No personal data is transmitted.
• In-App Review Prompt: Google Play's review system may be invoked. Any review you submit is handled entirely by Google under their own privacy policy.

CardIQ does not use any analytics SDK (e.g. Firebase Analytics, Mixpanel, Amplitude), crash reporting service (e.g. Crashlytics), or advertising network.

CardIQ integrates only the following third-party services, each with a strictly limited and transparent purpose:

We do not share, sell, rent, or trade your information with any third party for commercial or marketing purposes.

CardIQ requests only the permissions it genuinely needs. Here's every permission the app uses and why:

• INTERNET — Required to load Google Fonts and check for app updates via Google Play.
• POST_NOTIFICATIONS — Required on Android 13+ to send optional credit card tip notifications. You can deny or revoke this at any time in Settings without affecting core app functionality.
• RECEIVE_BOOT_COMPLETED — Allows scheduled tip notifications to be restored after a device restart. No data is read or transmitted during this process.
• VIBRATE — Used to provide haptic feedback for notifications only.

CardIQ is rated Everyone on Google Play and is designed for a general audience. However, the educational content focuses on personal finance topics (credit cards, credit scores, APR) that are primarily relevant to adults aged 18 and over.

CardIQ does not knowingly collect any personal information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the email address below so we can take appropriate action.

Because CardIQ does not collect or transmit personal data to any server, there is no remote data store that could be compromised. The only data associated with your use of CardIQ is stored locally on your device and is protected by your device's built-in security (screen lock, encryption).

The app itself is protected by the following measures:

• Released as a signed AAB with a private RSA 2048-bit key — cannot be tampered without detection
• Code obfuscation and R8 minification applied to the release build
• No hardcoded API keys, tokens, or secrets in the app binary
• ProGuard rules applied to prevent class-level reverse engineering

Depending on your location, you may have the following rights regarding your data. Because CardIQ does not collect personal data, most of these rights are automatically satisfied — but we honour them fully:

• Right to Access: You can view all locally stored data by going to Android Settings → Apps → CardIQ → Storage.
• Right to Deletion: Clear all local data instantly via Android Settings → Apps → CardIQ → Clear Data, or by uninstalling the app.
• Right to Portability: No personal data is held by us — there is nothing to export or transfer.
• Right to Object: You can disable notifications at any time via Android Settings → Apps → CardIQ → Notifications.
• GDPR (EU/UK): We act as a data processor with zero personal data processing — GDPR obligations are fully satisfied.
• CCPA (California): We do not sell personal information. California residents have nothing to opt out of.
• PDPB (India): No personal data is collected or processed in accordance with India's Personal Data Protection Bill.

We may update this Privacy Policy from time to time to reflect changes in the app or applicable laws. When we do, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via an app update or in-app notice.

We encourage you to review this page periodically. Continued use of CardIQ after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to us: