Privacy Policy
Last updated: May 27, 2026
Secret Meridian ("we," "us," or "our") operates the Cardly mobile application. This Privacy Policy explains what information may be processed when you use Cardly and how that information supports the product.
1. Information Collection and Use
We collect only the information needed to operate and improve Cardly. Depending on the features you choose, this can include account details, usage data, and device-level permissions.
Personal Data
- Email address and profile details made available through Google Sign-In
- Identifiers needed to support synchronization and recovery
- Card information you create, such as card names, card numbers, notes, barcode formats, categories, display settings, and related dates
- Limited usage and diagnostic data tied to app health and engagement
2. Authentication and Data Synchronization
If you enable Cardly's cloud-sync features through Google Sign-In, account data and loyalty-card information are stored on our service provider infrastructure so your data can sync across devices. Synced card data can include card name, card number, notes, barcode format, category, display settings, creation and modification dates, and store source information when available. If you do not sign in, your cards remain stored locally on your device.
On Android, local app data may also be included in operating-system backup or device transfer features.
3. Usage and Analytics
We may collect technical data such as device type, app version, diagnostic events, and interaction patterns to monitor performance and improve the product experience.
4. Camera, Gallery, and Device Permissions
Cardly requests camera access only to scan barcode information from physical cards. This is part of the core product workflow.
If you choose to import cards from your photo gallery, Cardly reads the images you select to detect barcodes and, when helpful, recognize store text using on-device OCR. These images and OCR results never leave your device, and we do not see or receive them. Temporary image copies may be stored in the app cache during the import workflow.
5. Service Providers
We rely on third-party providers, including Google services, for authentication, infrastructure, and analytics. These providers process information only as required to operate those services on our behalf.
6. Data Retention and Deletion
We retain personal data only for as long as needed to provide the product. If you want your account and associated cloud data deleted, contact help@secretmeridian.com or follow the steps on our account deletion page.
Cloud deletion does not remove local-only data from your device. You can remove local data by uninstalling Cardly or clearing the app storage in your device settings.
7. Security of Data
We use the security controls provided by our infrastructure partners, but no online system can offer an absolute guarantee. We still design with reasonable protection in mind.
8. European Privacy Rights
For users in the European Economic Area, the United Kingdom, or Switzerland, Secret Meridian is the controller for personal data processed through Cardly. Our legal bases include providing requested app features and optional sync, our legitimate interests in security, reliability, support, and product improvement, consent where required, and compliance with legal obligations.
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You can exercise these rights by emailing help@secretmeridian.com. You may also have the right to contact your local data protection authority.
9. Trademarks and Brand Logos
Cardly may display third-party logos or marks so users can identify their loyalty cards. Those marks remain the property of their respective owners and are shown for identification only.
10. Contact Us
If you have questions about this policy, email help@secretmeridian.com.