Privacy Policy

Perkmon ("Perkmon," "we," "our," or "us") operates the Perkmon marketing site at perkmon.com and the Perkmon web application at perkmon.app. This Privacy Policy explains what personal information we collect, how we use and disclose it, and what rights you have, including California privacy rights.

We collect the following categories of personal information: • Identifiers (for example, email address, display name, device/app identifiers) • Profile and account settings (for example, currency, timezone, notification preferences) • Card and benefit tracking records you create in the Service • Usage, diagnostics, and security logs • Support and feedback communications

We collect personal information from: • You directly (when you register, configure settings, add cards/benefits, or contact us) • Your device/browser (usage, diagnostics, and security events) • Service providers acting on our behalf (for hosting, analytics, and communications)

We use personal information to: • Provide and maintain the Perkmon service • Track benefits, reminders, and account features • Secure accounts and detect abuse, fraud, and service issues • Respond to support requests and product feedback • Measure and improve product performance and reliability

We do not sell personal information. We disclose personal information only to service providers and contractors as needed to operate the Service (for example, cloud hosting, data storage, analytics, and communications), for security and legal compliance, and during a business transfer if ownership changes.

We retain personal information only as long as needed for the purposes described in this policy, including security, legal, and operational needs. Retention standards by data type are: • Account profile and card/benefit records: while your account is active, then deleted or de-identified after verified account deletion requests • Support and feedback records: retained for customer support, quality review, and legal recordkeeping needs • Security and diagnostic logs: retained for a limited period necessary for security monitoring and incident response • Backups: retained on a rolling basis and removed according to backup lifecycle controls

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest through our infrastructure providers. We do not store full payment card numbers, CVVs, or payment credentials.

We use the following third-party services: • Google Firebase — authentication and data storage • Google Analytics — anonymous usage analytics • Vercel — web hosting and edge delivery Each of these services has their own privacy policy governing their handling of data.

Subject to applicable law, you may request to: • Know/access categories and specific pieces of personal information • Correct inaccurate personal information • Delete personal information, subject to legal exceptions • Receive a portable copy of eligible data • Opt out of sale/share (Perkmon does not sell or share personal information) How to submit requests: email [email protected] with the subject "Privacy Request" or contact us through the in-app feedback feature. We verify requests by matching account details and may request additional information reasonably necessary to verify identity. Response timelines: we generally respond within 45 days of a verifiable request. If needed, we may extend once by up to an additional 45 days and notify you of the reason for extension. Denied request appeals: if we deny a request, you may appeal by replying to the denial notice or emailing [email protected] within 30 days. We will review and respond with a final decision.

For California residents, we provide the following disclosures for the last 12 months: • Categories collected: identifiers, profile/account settings, card/benefit records, usage/security logs, support communications • Business/commercial purposes: service delivery, security, troubleshooting, communications, and product improvement • Categories disclosed for business purposes: identifiers, account settings, card/benefit records, diagnostics, and communications to service providers • Sold or shared for cross-context behavioral advertising: none Do Not Track / GPC: because there is no uniform standard for browser "Do Not Track" signals, we do not currently change behavior in response to DNT. If we receive a valid Global Privacy Control (GPC) signal, we treat it as an opt-out signal where required by law. Perkmon does not sell or share personal information. Cross-site third-party tracking: we do not permit third parties to collect personal information through our Service for their own cross-site behavioral advertising purposes.

We use essential cookies and local storage to keep you signed in, secure sessions, and remember app preferences. We do not use third-party advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy and updating the "Last updated" date. We encourage you to review this policy periodically.

Operator: Perkmon (perkmon.com) Privacy contact: [email protected] Mailing contact: Perkmon Privacy Team, United States (request postal delivery details via email for legal notices).