Privacy Policy

CardWafir — mobile application

Effective date: 21 June 2026  ·  Last updated: 16 July 2026

This Privacy Policy explains how Bytxpedition (“we”, “us”, “our”) collects, uses, shares, and protects your information when you use the CardWafir mobile application (the “App”). By using the App, you agree to the practices described here.

If you do not agree with this policy, please discontinue use of the App.

Contents

1. Who we are

CardWafir is an informational app that aggregates and displays bank, credit-card, and merchant offers available in the United Arab Emirates. The App is operated by Bytxpedition. We act as the data controller for the personal information described in this policy.

2. Information we collect

We collect the following categories of information:

a) Account information

b) Profile & preferences

c) Saved card information

d) Device & technical information

e) Usage & activity data

f) Location data

g) Feedback & reviews

3. About your saved cards

Important: The App is an offers aggregator, not a payment app. When you “add a card,” you are only saving non-sensitive metadata (bank name, card product name, network, and optional due-date reminders) so we can match relevant offers to you. We never ask for or store your full card number, CVV, PIN, or expiry, and we cannot make payments or access your bank account.

Card metadata is stored locally on your device and, if you are signed in, synced to your account on our backend so it is available across your devices.

4. How we use information

We do not sell your personal information.

Where data-protection laws such as the EU/UK GDPR or the UAE Personal Data Protection Law apply, we process your information under one or more of the following bases: consent (e.g., location, notifications), performance of a contract (providing the App you requested), legitimate interests (improving and securing the App), and legal obligation.

6. How we share information

We share information only as follows:

7. Third-party service providers

We rely on the following providers, who process data on our behalf under their own privacy terms:

ProviderPurposeData involved
Google Firebase (Authentication & Cloud Messaging)Account sign-in and delivery of push notificationsName, email, profile photo, profile identifier, push notification token
SupabaseBackend database and server functions (offers, preferences, favorites, sync)Account identifier, preferences, saved-card metadata, favorites, reviews, activity
SentryCrash & error monitoringDevice/OS/app info, error details, IP at time of error
wsrv.nl (images.weserv.nl)Image resizing proxy for faster, lighter offer imagesRequested image URL and technical request data (e.g., IP); no account data
Map/tile providerDisplaying the Nearby mapApproximate location, technical request data

We encourage you to review these providers’ privacy policies for details on their processing.

8. Location data

Location access is optional. If you grant permission, your location is used for the Nearby feature to display offers around you, and an approximate location reading may also be attached to your app session to help us understand regional usage. You can grant or revoke location permission at any time in your device settings. If you deny permission, Nearby may be unavailable or limited, but the rest of the App continues to work.

9. Notifications

With your permission, the App sends notifications of two kinds: local reminders scheduled on your device (e.g., payment-due and offer-expiry reminders) and push notifications about offers, delivered via Google Firebase Cloud Messaging using a device push token. You can disable notifications at any time in the App settings or your device settings.

10. Data retention

We keep personal information for as long as your account is active or as needed to provide the App, and thereafter only as required for legitimate business or legal purposes. Diagnostic/crash data is retained for a limited period for stability analysis. You can request deletion at any time (section 14).

11. Security

We use reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS/TLS), authenticated access, and provider-side access controls. Card metadata stored on your device remains under your device’s own security. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. International transfers

Your information may be processed and stored on servers located outside your country of residence (for example, in the European Union or other regions used by our providers). Where required, we rely on appropriate safeguards for such transfers.

13. Your rights

Depending on your jurisdiction, you may have the right to:

To exercise any of these rights, contact us using the details in section 18.

14. Deleting your data

You can delete saved cards and preferences within the App. To request deletion of your account and associated personal data, email us at support@bytxpedition.com with the subject “Data Deletion Request.” We will verify your request and delete the data within a reasonable period, subject to any legal retention requirements.

15. Children

The App is not directed to children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

16. Third-party offers & links

Offers displayed in the App originate from banks, financial institutions, and merchants. Offer details are subject to change at their discretion, and the App does not independently verify or endorse them. Links to third-party websites are governed by those parties’ own privacy policies and terms; we are not responsible for their practices.

17. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, notify you in the App. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

18. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us at: