Back to home Legal

Privacy Policy

How Dracit handles your information — written to be read, not just filed away.

Last updated: June 5, 2026

The short version

We never ask for your bank login, and we never collect your card numbers. Dracit works from a statement you upload and the card names you add. We don’t sell your data, and you can delete your audit at any time.

What we collect

To run an audit and keep your account working, we collect only what’s necessary:

  • Account identity. Your name and email address, provided through Google sign-in, so your audits are saved to you.
  • Cards you add. The names of the cards in your wallet (for example, “Amex Cobalt”). Not numbers.
  • Statement data you upload. Transaction descriptions, amounts, and dates used to categorize spending and calculate missed rewards.
  • Basic product analytics. Aggregated, privacy-respecting usage data to improve the product.

What we never collect

  • Online banking credentials. Dracit has no bank connection and no field that asks for them.
  • Full card numbers, CVV, or expiry dates. The math only needs a card’s name and your categorized amounts.
  • Account balances or the ability to move money. There is no account linking and no payment rail.

How we use your information

We use the information above to: run your rewards audit and produce your monthly fix; save and display your past audits; respond to support requests; keep the service secure; and improve Dracit in aggregate. We do not use your statement data for advertising, and we do not build a saleable profile of your finances.

Google sign-in

We use Google sign-in for identity only. It confirms you are you when you return. It does not grant Dracit access to your Gmail contents, your Google Drive, your contacts, or any financial account. We request the minimum scopes needed to authenticate you.

Data retention & deletion

Your audits and uploaded statement data are kept only as long as your account is active or as needed to provide the service. You can delete any individual audit, or your entire account, at any time from your settings — deletion removes the associated statement data from our active systems. You may also request deletion by emailing us (see below).

Sharing & third parties

We do not sell your personal information. We share data only with service providers who help us operate (for example, cloud hosting and authentication), under contracts that limit them to that purpose, or where required by law. We never share your statement data with advertisers, lenders, card issuers, or data brokers.

Your rights

If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access the personal information we hold about you, to request corrections, and to withdraw consent. Residents of other regions may have additional rights. To exercise any of these, contact us and we’ll respond within the timelines the law requires.

Cookies

We use essential cookies to keep you signed in and the app functioning, plus limited, privacy-respecting analytics. We do not use third-party advertising trackers.

Changes to this policy

If we make material changes, we’ll update the date at the top of this page and, where appropriate, notify you in the app. Continued use after an update means you accept the revised policy.

Contact

Questions about your privacy, or want your data deleted? Email privacy@dracit.ca or visit our contact page.

Note

This policy describes Dracit’s intended data practices in plain language. It is a starting point and should be reviewed by qualified legal counsel before launch to ensure full compliance with PIPEDA and any other applicable laws.