OnSimmer← Home

Privacy Policy

Last updated: June 28, 2026

OnSimmer ("OnSimmer," "we," "us") helps you track the benefits on your credit cards and, optionally, keep cards active with small scheduled charitable donations. This policy explains what we collect, how we use it, and the choices you have.

Information we collect

  • Account information. Your email address and basic profile (name) when you sign in with Google or an email magic link.
  • Card information. We never receive or store full card numbers, CVVs, or full expiration dates. When you add a card on file, the details go directly to our payment processor (Stripe), which returns a token. We store only that token, the card brand, the last 4 digits, the card's nickname, and any benefits, fees, and renewal dates you enter.
  • Usage data. The cards, benefits, and settings you create, and which credits you mark as claimed.
  • Transaction records. Records of any "Backburner" donations made on your behalf (amount, status, recipient charity, date).
  • Security data. If you enable two-factor authentication, an encrypted authenticator secret and hashed backup codes.

How we use your information

  • To provide the service: tracking your card benefits, reminding you about expiring credits, and computing annual-fee value.
  • To process optional Backburner donations through our payment processor.
  • To authenticate you and secure your account.
  • To operate, maintain, and improve OnSimmer.

How we share information

We do not sell your personal information. We share data only with service providers that help us run OnSimmer:

  • Stripe — payment tokenization and processing of donations.
  • Google — sign-in (authentication) when you choose "Continue with Google."
  • Hosting & database providers — to host the application and store your data securely.

We may also disclose information if required by law.

Google user data

When you sign in with Google, we request only your basic profile and email address, solely to create and authenticate your account. We do not access any other Google data. OnSimmer's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data security

Card details are tokenized by Stripe and never stored on our servers. Authenticator secrets are encrypted at rest, backup codes are hashed, and access to your data requires authentication (with optional two-factor).

Data retention & deletion

We retain your information for as long as your account is active. You can delete individual cards in the app, or request deletion of your entire account and associated data by contacting us at michaelgwieder@gmail.com.

Your choices

  • Access or update your information from within the app.
  • Disconnect a payment method or delete a card at any time.
  • Request account deletion by email.

Children

OnSimmer is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their information.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.

Contact

Questions about this policy or your data? Email michaelgwieder@gmail.com.