App: Cardly - Loyalty Card Wallet
Developer: KJ Labs (ABN: 56 351 284 462)
Last updated: 4 June 2026
Contact: support@appcardly.com
1. Overview
Cardly is a loyalty card and rewards wallet app developed by KJ Labs. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We are committed to protecting your privacy. Cardly does not sell your data, display advertising, or share your information with third parties for marketing purposes.
2. Information We Collect
Account Information: When you create a Cardly account, we collect your email address and password (stored as a secure hash).
Loyalty and Rewards Data: Loyalty program names, barcode values, card numbers, voucher codes, expiry dates, card nicknames, and photos of physical cards if you choose to upload them.
Household Data: If you share your account with family members, we store household membership associations and shared card data.
Usage Data: Basic technical data including device type, iOS version, app version, and API request logs (retained for 30 days).
Device Permissions: Camera (to scan barcodes), Photo Library (to import card images), and Notifications (for expiry alerts, optional).
3. How We Use Your Information
We use your information solely to provide the Cardly service — to store and display your loyalty cards, generate Apple Wallet passes, enable household sharing, send expiry notifications if enabled, and diagnose technical issues.
4. Data Storage and Security
- All data stored on AWS infrastructure in Sydney (ap-southeast-2)
- Data in transit encrypted using TLS 1.3
- Passwords hashed and never stored in plain text
- Authentication tokens stored in your device's secure Keychain
5. Household Sharing
If you share your Cardly account with family members, all members with your login credentials can view, add, and delete cards. You are responsible for who you share your credentials with. Removing access requires changing your account password.
6. Data Sharing
We do not sell, rent, or share your personal information with third parties except AWS (infrastructure provider), Apple PassKit (when generating Wallet passes), and as required by Australian law.
7. Data Retention
Your account data is retained while your account is active. If you delete your account, all personal data is deleted within 30 days. API logs are retained for 30 days then automatically deleted.
8. Your Rights
Under the Australian Privacy Act 1988, you have the right to access, correct, or delete your personal information. Contact us at support@appcardly.com to exercise these rights or lodge a complaint with the OAIC at oaic.gov.au.
9. Children's Privacy
Cardly is not directed at children under 13. We do not knowingly collect personal information from children under 13.
10. Changes to This Policy
We may update this policy from time to time. Continued use of Cardly after changes constitutes acceptance of the updated policy.
11. Contact
KJ Labs
Email: support@appcardly.com
Office of the Australian Information Commissioner: oaic.gov.au | 1300 363 992