Privacy and Security Policy

Welcome to CardSpring. We are committed to the security of the information that you provide to us.

This Privacy and Security Policy explains our practices for the collection, use and protection of information you provide us through our website (“Website”) and when you use our test application program interface and all related content, documentation, code and materials (together, the “API”).

The terms “you,” “your,” and “yours” when used in this Policy refer to software application developers, financial institutions and other user of our API and Website. The terms “Company,” “we,” “us,” and “our” refer to CardSpring. By using our API or Website, you consent to the data practices described in this Policy. This Policy is governed by our Terms of Service. If there is a conflict between this Policy and our Terms of Service, this Policy will control. If there is a conflict between this Policy and a signed agreement between you and CardSpring, the signed agreement will control.

By using our API and Website, you are accepting the practices described in this Policy. If you do not agree with this Policy, please delete all cookies from your browser cache after visiting our Website and do not use our API. Your continued use of our API or Website will signify your acceptance of this Policy.

CardSpring collects a minimal amount of personal information

We want to encourage you to use our service without the need to provide us with extensive information. In most instances we only ask for a valid email address.

When you browse our Website, we may use cookies and other technologies to collect non-personal information (e.g., Website pages visited). Cookies permit CardSpring to recognize users and avoid duplicate requests for the same information. Most browsers will accept cookies until you change your browser settings to refuse them. Other technologies we may use include encoded crawlers, beacons and other analytic tools that only we or our authorized third party service providers can decode.

Cached content

CardSpring may keep a cached copy of any content you send us as part of your use of the API for an indeterminate amount of time. If you prefer that we not cache content you send us, make certain that your server does not allow us to do so.

We protect your information using the same data security standard used by banks and financial institutions

CardSpring is certified Level 1 PCI Data Security Standard compliant. This means CardSpring protects your information using the authentication and encryption processes used by banks and other financial institutions around the world. The PCI Data Security Standard provides an actionable framework for developing a robust data security process, including prevention, detection and appropriate reaction to security incidents. In instances where we use third party vendors to help us serve you, such as by hosting and operating a particular feature, we require that they comply with the PCI Data Security Standard and maintain the confidentiality of the information we provide to them. Learn more about the PCI Data Security Standard by visiting

Moreover, from the time you send us your email address, we encrypt all communications between your computer and CardSpring. We also encrypt all backup drives and tapes. We maintain secured servers and require the satisfaction of multiple authentication factors before permitting access.

We will never sell or rent your personal information to advertising companies

At CardSpring, we will never sell or rent your personal information to advertising companies.

We may need to share your personal information with trusted third parties that are integral to the operation of our Website and API, including but not limited to financial institutions, payment processors, and verification services, as well as any third parties that you have directly authorized to receive your personal information or API user data.

We ask that you respect others’ privacy

You are required to keep confidential any third-party information, including Payment Card information, you receive through your use of our API and only use that information in connection with your use of the API. Without such third-party’s consent, you may not disclose Payment Card information or use third-party information for marketing or promotional purposes.

CardSpring is not responsible for information you provide directly to third parties

It is important to note that CardSpring cannot be responsible for any information you provide directly to a third party. The information you provide directly to third parties, such as third party websites, or post on a blog or social networking site will not be covered by this Policy.

Additionally, if you elect to use a third party application that interoperates with our API, such application provider may upon your election be given access to data generated by your use of our API. CardSpring is not responsible for the policies and actions of third party application providers. Before you use a third party application, please consult that party’s privacy policy to learn how your information will be used and protected.

You are responsible for the security of data you control

You are responsible for the security of data in your possession and/or on your website. You agree to comply with all applicable state and federal laws and rules in your collection, maintenance and distribution of any personal, financial, and transactional information.

Collection and sharing of user data

When you register for a card-linked application (e.g., a discount) through a third party publisher that uses our API, you will provide us with your payment card number and, in some cases, your mobile phone number. We share your payment card number with trusted third parties that are integral to the operation of our service and the implementation of the card-linked application you registered for, including but not limited to financial institutions, payment processors, and verification services. In some cases, we use your mobile phone number to notify you on behalf of the third party publisher that your card-linked application is ready to be used.


CardSpring is not intended for or directed to persons under the age of 13. Any person who provides their information to CardSpring represents to us that they are 13 years of age or older.

We may be required by law to disclose your information

Notwithstanding other provisions in this Policy, by using our API or Website you understand and agree that CardSpring may be required by applicable law, regulation, subpoena or other legal process to disclose to law enforcement officials any information you provide to us.

We will ensure that any acquirer of CardSpring adopts this Policy

If we sell, merge or transfer all or part of the CardSpring business, the information you provide to us may be included in that transaction but will still remain protected by this Policy.

CardSpring operates “as-is” and “as-available” without liability of any kind. CardSpring is not responsible for events beyond our direct control.

We post updates to our Privacy and Security Policy on our Website

We update this Policy periodically. The date last revised appears at the bottom of this Policy. Changes take effect upon posting to our Website.

Date Last Revised: September 16, 2013