Security & privacy

Track your cards without storing the numbers

CardIndexer is built so there's nothing sensitive to leak. We keep just enough to recognise a card — and nothing more.

What we store

  • • A label you choose (e.g. “Ops Visa”)
  • • Card brand (Visa, Mastercard…)
  • • Last 4 digits
  • • Expiry month/year
  • • Where and when a card was used

What we never store

  • • Full card numbers (PAN)
  • • CVV / security codes
  • • PINs or passwords
  • • Your card credentials on merchant sites
How we protect your data

Security fundamentals

Encrypted in transit

All traffic between the extension, your dashboard, and our servers is protected with TLS.

Minimal data by design

We can't lose what we don't hold. No full numbers means a breach exposes nothing usable to charge your card.

Isolated per account

Your data is scoped to your account or organisation. Team members only see what their role allows.

Payments via Stripe

Billing is handled by Stripe. We never see or store your payment method for your subscription.

Your data, exportable

Export everything you've stored to CSV or JSON at any time.

Deletion on request

Close your account and your data is removed. Contact us anytime for a data request.

Transparency

Read the details

Our legal pages spell out exactly how we handle your data.

Security you can explain to your boss

Add the extension, make a purchase, and watch it organise itself. Free to start — no credit card.